U.S. Federal Privacy Law on the Horizon: What’s in the Proposed American Data Privacy and Protection Act (ADPPA)?
In May 2022, the U.S. Congress introduced the American Data Privacy and Protection Act (ADPPA), which was amended and passed on for a House floor vote shortly thereafter.
While the bill is still a work in progress, companies managing data should take notice of the scope and requirements that could become federal law in the near future. Not unlike the existing and upcoming state laws, the federal bill has several requirements that will impact how companies can collect, process and share data, as well as what mechanisms they need to put in place to accommodate these requirements.
Below is a summary of the proposed bill’s impact:
Whom does it apply to?
- Companies (including nonprofits and common carriers) that handle personal data, including information that identifies or can be reasonably linked to an individual.
What is covered?
- The collection, processing and transfer of personal data reasonably necessary to provide a requested product or service or other specified circumstances.
What are the key provisions?
- Established consumer data protections, including the right to access, correct and delete personal data.
- Prohibits companies from transferring individuals’ personal data without their affirmative express consent.
- Companies are required to provide individuals with a means to opt out of targeted advertising.
- The bill additionally protects personal data of individuals under the age of 17 and is prohibiting companies from discrimination based on specified protected characteristics when using personal data.
- Companies are required to implement security practices to protect and secure personal data against unauthorized access.
How would it be enforced?
- Initially: The FTC and state attorneys general would enforce the above requirements.
- Four years following the bill’s enactment: Individuals may bring civil actions for violations of the bill, following certain notification requirements.
How will it impact the existing state laws?
- The bill preempts state laws that are covered by the provisions of the bill with certain exceptions, e.g. certain categories of state laws and specified laws in Illinois and California.
The proposed U.S. Federal Law sets a much lower data protection standard for U.S. data subjects than the EU’s General Data Protection Regulation (GDPR) by lacking:
- Supervision by an impartial entity
- Judicial compensation for data subjects
- Necessity-based data processing restrictions
- Protections from U.S. government surveillance
Below is a high-level outline of the areas covered in the proposed bill:
Consumer Data Rights
- Unified Opt-Out Mechanism
- Data Subject Rights & Awareness
- Individual data ownership and control
- Private Right of Action
- Civil rights protections and algorithms
- Data security and protection of covered data
- Small business protections
Duty of Loyalty
- Data Minimization/Prohibited Data Usage
- Privacy by Design
- New Bureau of Privacy
- Privacy Officer requirements
- Technical compliance programs
- Executive responsibility
- Service providers and third parties
For a full version of the proposed ADPPA bill, please visit:
More Activate Blog Posts
Customer data is the key to unlocking your audience’s needs – and how your company can best meet them with your product. To achieve this, companies need their customer profiles to be as complete as possible. But forcing customers to fill out overly long and invasive forms can turn them away, rather than engaging them…Read More
At Omeda, we believe data is the lifeblood of business – and keeping it safe is essential for success. We recognize that our clients trust us to protect and govern their data and we take that responsibility seriously. With several state, national and international privacy laws set to take effect in 2023, we’re continuing to…Read More
Data cleaning is essential for ensuring that your customer data is actionable and easy to use. Unfortunately, many marketers fall short on that front: 45% of marketers don’t validate their data for quality and accuracy, and 62% use incomplete or invalid prospect data, according to research from Mercury, a creative digital marketing agency. That’s bad…Read More