Federal Data Privacy Bill Introduced with Bipartisan Support
Online marketers may be on the verge of finally obtaining a single, unified federal framework for consumer data privacy regulation. In April, a bipartisan coalition, with sponsors in both houses of Congress, introduced a draft of the American Privacy Rights Act (“APRA”), a proposed federal data privacy law. If passed, this bill would provide marketers with long sought after federal legal standards, pre-empting the patchwork regime created by the almost 20 state privacy laws currently in effect today.
While the APRA would represent a potential simplification of data privacy law compliance, marketers must still be prepared to comply with the APRA’s provisions.
How Would the APRA Create A Unified Standard?
Many of the key consumer data privacy provisions contained in the APRA mirror those established by the various state laws now in effect. However, the APRA would specifically preempt all existing state data privacy laws. This would alleviate the need for marketers to continue to employ different data collection and usage practices for residents of different states in order to accommodate the divergent state law provisions.
Note, however, that some states, including California, have voiced objection to the bill as drafted. These states argue that any federal law should establish a “floor,” not the “ceiling” with respect to consumer rights. This position maintains that states should have the right to exceed federal law with respect to protecting consumer data privacy rights.
The APRA would create one regulatory standard, including the following (which is not intended as an exhaustive list):
· Definitions of personal information and sensitive information;
· The length of time within which consumer requests must be responded to/honored;
· Restrictions regarding the processing of sensitive information, and any consent required to do so;
· The requirement to conduct regular or semi-regular data impact assessments;
· The requirement to recognize and honor opt-out preference signals;
· The requirement to provide consumers with the right to opt-out of profiling; and
· The requirement to provide consumers with the right to opt-out of targeted advertising.
By creating a standardized approach, the APRA would enable marketers and other businesses to streamline their consumer data collection and usage practices across the country, regardless of jurisdiction.
Why Do Federal Privacy Law Requirements Matter to Your Business?
Congress’ goal in introducing the APRA is to create a single set of uniform rules for businesses to follow. If the APRA passes, this would circumvent the patchwork of state requirements in place today. This would create clarity for online marketers now struggling to comply with the various state requirements. However, the APRA would still require those businesses to modify their existing practices in order to meet all APRA
requirements. As we await a federal model, business entities should obtain guidance from attorneys experienced with consumer data privacy laws across every jurisdiction.
Please note, the above offers only a brief overview of some of the legal issues involved in connection with APRA compliance. In addition, the APRA is likely to undergo further amendment in the coming months. As such, this blog is written based on the requirements set forth in the most current version of the APRA available at the time of posting.
If you need assistance with consumer data privacy law compliance matters, please email us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Photo by Shahadat Rahman on Unsplash
Similar blog posts:
The CPPA And Federal Preemption Of State Data Privacy Laws?
Proposed Amendments to FTC Regulations Governing Privacy and Consumer Data