ADPPA: Data Privacy Act Has Bipartisan Support. But ...

Опубликовано: 03 Март 2025
на канале: National Press Foundation

194

American Data Privacy and Protection Act (ADPPA) didn't pass but got further than ever. Why is the U.S. one of the only developed countries without a comprehensive data privacy law?
by Anne Godlasky, National Press Foundation

The American Data Privacy Protection Act (ADPPA) has bipartisan support and is the closest the U.S. has come to passing a comprehensive consumer data privacy law. But it hasn’t passed. Four experts explain why the U.S. lacks a federal omnibus, leaving five states to pass data privacy laws (California, Colorado, Connecticut, Nevada, and Virginia) and the European Union to largely set the global standard.

ADPPA in 2023?
“This year has been a watershed moment for privacy,” Ebbie Yazdani, federal policy director at TechNet told NPF data privacy fellows. “In this year alone, 31 states have considered privacy legislation, and I think many of them have effective dates in 2023, and so the timing is ideal to try to do something at the federal level.”

The ADPPA moved out of House committee with “a very impressively large bipartisan vote,” said Politico tech policy reporter Rebecca Kern. However, Senate Commerce Committee chair Sen. Maria Cantwell does not support the legislation. In next year’s Republican-controlled House, Rep. Kathy McMorris Rogers is expected to reintroduce the bill.

Polling has shown that 84% of Americans are concerned about their data privacy and roughly the same percentage – both Democrats and Republicans – want Congress to act.
A sticking point for Republicans has been preempting state laws – they want one federal standard, Kern said.

“If we allow a patchwork of state laws to continue building, and/or if Congress is unable to fully preempt state laws, there’s going to be a tremendous cost to America’s economy and technology leadership,” Yazdani said, citing a study that said if 50 states enacted their own privacy laws, it would cost $1 trillion for the economy over 10 years.

The ‘private right of action’ and FTC debate
For Democrats, a major push has been for private right of action (PRA).

PRA is a legal term that means allowing individuals to sue if their privacy is violated. “That is something Democrats have wanted for a long time … [and] not something they’ve been willing to give up on,” Kern said.

Republicans have agreed to private right of action with a two-year delay.
ADPPA states that the FTC and state attorneys general are empowered to enforce it. However, “the FTC has been continually underfunded,” Kern said. And both the FTC and attorneys general have competing priorities and functions, which one fellow posited may lead tech companies to make “risk-based judgments about what laws they’re going to comply with” and deal with enforcement or fines if they come.

“What has evolved from the FTC is a type of enforcement that’s based a lot on the promises the companies make,” said Cobun Zweifel-Keegan, managing director of International Association of Privacy Professionals. The FTC has “limited” rule-making authority, “but in general, what you see from the FTC are these one-off enforcement actions against specific companies telling them what they did wrong and putting them under a consent decree and a negotiated settlement that makes sure that they’re going to follow best practices moving forward,” he said.

“Without a private right of action, individuals are disempowered to bring your own cases when there’s egregious things that are done to their privacy,” Zweifel-Keegan said. Europe also allows individual recourse, but “it’s just a very different culture when it comes to suing in Europe … we are a very litigious society,” he said.

Speakers: Rebecca Kern, Tech Policy Reporter, Politico
Gavin Logan, Privacy & Public Policy Manager, Meta
Ebbie Yazdani, Federal Policy Director, TechNet
Cobun Zweifel-Keegan, Managing Director, International Association of Privacy Professionals

Highlights, transcript and resources: https://nationalpress.org/topic/data-...

This program was sponsored by Arnold Ventures and Medtronic. NPF is solely responsible for the content.