Federal Data Privacy Bill Introduced with Bipartisan Support

Online marketers may be on the verge of finally obtaining a single, unified federal framework for consumer data privacy regulation. In April, a bipartisan coalition, with sponsors in both houses of Congress, introduced a draft of the American Privacy Rights Act (“APRA”), a proposed federal data privacy law. If passed, this bill would provide marketers with long sought after federal legal standards, pre-empting the patchwork regime created by the almost 20 state privacy laws currently in effect today.

While the APRA would represent a potential simplification of data privacy law compliance, marketers must still be prepared to comply with the APRA’s provisions.

How Would the APRA Create A Unified Standard?

Many of the key consumer data privacy provisions contained in the APRA mirror those established by the various state laws now in effect. However, the APRA would specifically preempt all existing state data privacy laws. This would alleviate the need for marketers to continue to employ different data collection and usage practices for residents of different states in order to accommodate the divergent state law provisions.

Note, however, that some states, including California, have voiced objection to the bill as drafted. These states argue that any federal law should establish a “floor,” not the “ceiling” with respect to consumer rights. This position maintains that states should have the right to exceed federal law with respect to protecting consumer data privacy rights.

The APRA would create one regulatory standard, including the following (which is not intended as an exhaustive list):

· Definitions of personal information and sensitive information;

· The length of time within which consumer requests must be responded to/honored;

· Restrictions regarding the processing of sensitive information, and any consent required to do so;

· The requirement to conduct regular or semi-regular data impact assessments;

· The requirement to recognize and honor opt-out preference signals;

· The requirement to provide consumers with the right to opt-out of profiling; and

· The requirement to provide consumers with the right to opt-out of targeted advertising.

By creating a standardized approach, the APRA would enable marketers and other businesses to streamline their consumer data collection and usage practices across the country, regardless of jurisdiction.

Why Do Federal Privacy Law Requirements Matter to Your Business?

Congress’ goal in introducing the APRA is to create a single set of uniform rules for businesses to follow. If the APRA passes, this would circumvent the patchwork of state requirements in place today. This would create clarity for online marketers now struggling to comply with the various state requirements. However, the APRA would still require those businesses to modify their existing practices in order to meet all APRA

requirements. As we await a federal model, business entities should obtain guidance from attorneys experienced with consumer data privacy laws across every jurisdiction.

[View source.]