The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New Federal Data Privacy and Protection Legislation Introduced

Posted By on Apr 8, 2024

A federal data privacy law is inching closer to reality, with House and Senate Committee leaders reportedly having reached an agreement on data privacy measures, and have proposed the American Privacy Rights Act of 2024.

In July 2022, the American Data Privacy and Protection Act (ADPPA) was proposed. ADPPA was a bipartisan effort to introduce much-needed protections for consumer data and, if enacted, would regulate how organizations could collect and use consumer data. The landmark federal data privacy bill was the first federal data privacy legislation to pass committee markup, succeeding where many attempts over the past two decades have failed.

In the absence of a federal data privacy law, many states have introduced their own laws, with California being the first state to introduce a comprehensive consumer data privacy law, followed by 14 others: Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire. Seven other states have introduced narrow privacy laws: Maine, Michigan, Minnesota, Nevada, New York, Vermont, and Washington, and legislation is pending in several other states. The problem with this patchwork of data privacy laws is it makes compliance complex for companies that operate in more than one state, and individuals living just a few miles apart over a state line could have vastly different rights and protections.

ADPPA underwent some revisions and advanced to the House floor, but Republicans and Democrats were unwilling to compromise on key parts of the bill. One of the key sticking points was the preemption of state laws, with ADPPA setting a ceiling rather than a floor for data privacy and protection, with individual states unable to improve the protections from the basic protections set by ADPPA. That would mean that states such as California would have to water down the protections that have been in place for state residents for several years.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Another sticking point was the private cause of action, with Democrats backing a private cause of action that allowed individuals to bring lawsuits for privacy violations, whereas Republicans largely opposed a private cause of action. Last Congress, leaders of the House Committee on Energy and Commerce and Senate Commerce Committee agreed to amendments to ADPPA that would see the federal privacy law pre-empt some state laws and include limited privacy cause of action; however, even with this proposal, there was insufficient support. Californian Democrats opposed the preemption of state laws and refused to give their support, and former House Speaker Nancy Pelosi and Sen. Maria Cantwell (D-WA), Chair of the Senate Committee on Commerce, Science, and Transportation, also refused to support ADPPA. As such, the proposal was rejected and ADPPA was not reintroduced to Congress.

According to a press release issued by Rep. Cathy McMorris Rodgers (R-WA), Chair of the House Energy and Commerce Committee, a deal has been agreed on new federal data privacy legislation – The American Privacy Rights Act of 2024, the successor of ADPPA. “This bipartisan, bicameral draft legislation is the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information,” said Chairs Rodgers and Cantwell. “This landmark legislation represents the sum of years of good faith efforts in both the House and Senate. It strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress. Americans deserve the right to control their data and we’re hopeful that our colleagues in the House and Senate will join us in getting this legislation signed into law.”

“This landmark legislation gives Americans the right to control where their information goes and who can sell it. It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act,” said Chair Rodgers. “I’m grateful to my colleague, Senator Cantwell, for working with me in a bipartisan manner on this important legislation and look forward to moving the bill through regular order on Energy and Commerce this month.”

A discussion draft of the American Privacy Rights Act of 2024 is available here,  and a section-by-section discussion draft can be downloaded here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist