Global: Controversial US Privacy Bill Rewritten Again, Path Forward Unclear

The American Privacy Rights Act of 2024 (APRA), originally introduced in April by Senate Commerce Committee Chair Sen. Maria Cantwell and House Energy and Commerce Committee Chair Rep. Cathy Rodgers, has been reintroduced in the House on June 25 as H.R. 8818 by Rep. Rodgers. This revised version both expands and compromises on the comprehensive federal consumer privacy framework outlined in the initial draft.

Significant changes include refined requirements for biometric and genetic data, now mandating express consent for collection without exception. Noticeably, the new draft omits the “civil rights and algorithms” section, which would have prohibited personal data use that discriminates based on protected characteristics, and the “opt-out rights for consequential decisions.”

A subsequent draft circulated on June 20, ahead of a scheduled June 27 markup by the House Committee on Energy and Commerce, faced last-minute cancellation due to stakeholder pushback and Republican disagreements. Rep. Rodgers emphasized the need to “regroup” and provide clarity, stating, “There’s been a lot of confusion and misrepresentation of what the bill does.”

Rodgers highlighted the urgency of addressing the current state of data privacy, citing widespread commercial surveillance and the misuse of personal data. “Nearly every data point imaginable is being collected on us with no accountability,” she said.

The bill’s path forward remains uncertain, especially with the upcoming Congressional August recess and the consequential elections in November, which could shift legislative priorities. Despite bipartisan and bicameral support, the looming recess and election year add difficulty to passing groundbreaking legislation.

The current version of the bill, endorsed by key committee members including Rep. Frank Pallone (D-NJ), Rep. Gus Bilirakis (R-FL), and Rep. Janice Schakowsky (D-IL), aims to establish clear national data privacy rights and protections, eliminating the existing patchwork of state laws and introducing robust enforcement mechanisms.

However, the Congressional Research Service (CRS) has noted potential litigation over the bill’s constitutionality and scope, particularly concerning the First Amendment and preemption provisions.

Opposition to various provisions has come from groups including the U.S. Chamber of Commerce, Small Business and Entrepreneurial Council’s Main Street Privacy Coalition, and several banking associations. Conversely, support has come from entities like the Center for Democracy and Technology, the Washington Post’s editorial board, and Microsoft.

The bill would require covered entities to be transparent about data usage, give consumers rights to access, correct, delete, and export their data, and allow them to opt-out of targeted advertising and data transfers. It also sets standards for data minimization and prohibits transferring sensitive data without affirmative express consent.

The definition of “covered entities” includes high-impact social media companies, large data holders, and small businesses, each with specific criteria based on revenue, user base, and data handling practices.

Despite the contentious nature of the bill, its proponents believe it is foundational for the future and necessary to address the challenges posed by the current online ecosystem.