Republicans Form Working Group to Develop Federal Data Privacy Law
House Republicans have formed a working group to draft privacy legislation that will set federal privacy standards to replace the current patchwork of state laws. All previous efforts to introduce comprehensive federal privacy legislation have failed, and the absence of a federal privacy law has led to around 20 states introducing their own comprehensive data privacy laws.
In 2022, the American Data Privacy and Protection Act (ADPPA) was billed as the best opportunity so far to set federal data privacy standards. While the ADPPA had strong bipartisan support, several elements of the bill proved problematic, including the preemption of state laws. The failure of ADPPA to get sufficient support led to the introduction of the American Privacy Rights Act of 2024, which eliminated some of the more problematic requirements of its predecessor. While both of these bills would have seen privacy protections greatly improved in many states, states such as California would have seen their privacy protections watered down. Neither bill made it to a House vote.
Last month, more than three dozen industry groups wrote to Congressional leaders urging them to introduce a federal data privacy law to replace the current patchwork of state laws, compliance with which is proving difficult for businesses. The letter was sent to Sen. Ted Cruz, Chairman of the Senate Committee on Commerce, Science, and Transportation; Rep. Brett Guthrie, Chairman of the House Committee on Energy and Commerce; and Ranking Members Maria Cantwell and Frank Pallone.
In the letter, the industry groups explained that a uniform privacy standard would provide certainty and consistency regarding laws and the enforcement of privacy protections, which would benefit businesses and consumers. The letter included an outline for a national privacy framework with similar privacy protections to the Texas Data Privacy and Security Act, but less stringent measures as the current laws in states such as California, Connecticut, Colorado, and Virginia. Crucially, the national privacy framework would need to fully preempt state laws related to data privacy and security.
Action is now being taken to implement such a privacy framework. The working group was established by Rep. Guthrie (R-KY), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (R-PA), Vice Chairman of the House Committee on Energy and Commerce. The group will be led by Rep. Joyce and currently consists of nine Republican lawmakers. In addition to Rep. Joyce, the working group includes Representatives Morgan Griffiths (R-VA), Troy Balderson (R-OH), Jay Obernolte (R-CA), Russell Fry (R-SC), Nick Langworthy (R-NY), Tom Kean (R-NJ), Craig Goldman (R-TX), and Julie Fedorchak (R-ND). The working group has been tasked with the development of new federal data privacy standards and input is sought from a broad range of stakeholders. If legislation is developed that has full Republican support, their majority in the House and Senate will ensure the legislation gets over the line.
“We strongly believe that a national data privacy standard is necessary to protect Americans’ rights online and maintain our country’s global leadership in digital technologies, including artificial intelligence. That’s why we are creating this working group, to bring members and stakeholders together to explore a framework for legislation that can get across the finish line,” said Chairman Guthrie and Vice Chairman Joyce. “The need for comprehensive data privacy is greater than ever, and we are hopeful that we can start building a strong coalition to address this important issue.”
“Proposed federal bills have died for several reasons, including around matters related to preemption and enforcement. For example, the Governor of Vermont vetoed its state omnibus privacy bill in part due to the general private right of action, noting that the state would have had one of the most stringent privacy laws. Given the legislative history, a federal law with a private right of action that is relatively prescriptive is likely to encounter more challenges and is less likely to pass, even with a majority-run Congress,” Idara Udofia, Partner at Reed Smith told The HIPAA Journal. “As such, we are likely to see a less prescriptive bill with enforcement mechanisms limited to the federal government. It is quite possible that this Congress may galvanize around such a law where it has preemption over the arguably stringent state omnibus privacy laws.”
