ACA submitted a letter to House Energy and Commerce Committee leaders about bipartisan data privacy legislation that could result in a complicated patchwork of requirements.
07/11/2022 1:30 P.M.
2 minute read
ACA International is advocating for federal data privacy legislation that avoids creating a patchwork of requirements for regulated entities that may also conflict with existing regulations.
Lawmakers on both sides of the aisle released a draft bill focused on comprehensive data privacy and held a legislative hearing for discussion on the proposal on June 14, ACA previously reported.
U.S. Reps. Frank Pallone Jr., D-N.J. and Cathy McMorris Rodgers, R-Wash., chairman and ranking member of the House Committee on Energy and Commerce, and U.S. Sen. Roger Wicker, R-Miss., ranking member of the Senate Committee on Commerce, Science, and Transportation, released the discussion draft of a comprehensive national data privacy and data security framework.
The draft legislation is the first comprehensive privacy proposal to gain bipartisan, bicameral support, according to a news release, and has been years in the making.
The American Data Privacy and Protection Act, H.R. 8152, would, among other changes:
- Establish a strong national framework to protect consumer data privacy and security.
- Grant broad protections for Americans against the discriminatory use of their data.
- Require covered entities to minimize, on the front end, individuals’ data they need to collect, process, and transfer so that the use of consumer data is limited to what is reasonably necessary, proportionate, and limited for specific products and services.
“ACA appreciates that the legislation is designed to preempt many state privacy laws because all Americans deserve to receive a uniform level of privacy protections,” said ACA CEO Scott Purcell in a letter to McMorris Rodgers and Pallone. “Nonetheless, there are specific exceptions contemplated in this legislation that will result in an unnecessary and complicated patchwork of privacy protections.”
Those exceptions include:
- State data breach laws, including California’s private right of action for data breaches.
- Employee and student privacy laws.
- Facial recognition laws.
- The Illinois Biometric Information Privacy Act and Genetic Information Privacy Act.
- Fraud, identity theft, cyberstalking and cyberbullying.
- Public records laws.
- Laws regarding credit reports, financial information and financial regulations.
“The sheer breadth of these exceptions will, unfortunately, limit and undermine the effectiveness of the preemption provision under consideration,” Purcell said. “Without question, the legislation and preemption as they currently stand will confuse and complicate compliance in a number of states. Given these realities, ACA respectfully urges the sponsors to eliminate or, at a minimum, narrow these exceptions to the preemption provision (except in instances of criminal behavior).”
Read ACA’s complete letter to the committee here.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.