People in the US seem closer than ever to having their online privacy finally protected by federal law.
A "historic" bipartisan proposal landed in Congress on Sunday and promises to fix issues with previous bills, most notably the latest ADPPA introduced last year.
The American Privacy Rights Act (APRA) seeks to give Americans more ways to take agency back over their privacy online. It plans to minimize the data companies can collect and use, limiting these only to the necessary information to operate their services. It will also introduce the right for people to opt out of targeted ads and sue bad actors for violating their privacy.
American Privacy Rights Act (APRA): what's different this time?
"A federal data privacy law must do two things: it must make privacy a consumer right, and it must give consumers the ability to enforce that right. Working in partnership with Representative McMorris Rodgers, our bill does just that," said Democratic Senator Maria Cantwell, who chairs the Commerce Committee, in an official announcement.
While recognizing the importance of comprehensive data protection legislation, Cantwell has been critical of previous attempts, most notably of the ADPPA proposal introduced in Congress in 2022.
Past tensions sparked over whether or not to allow federal legislation to override current privacy-related laws enforced on a state level. Differences also spread around the possibility of authorizing consumers to drag companies violating their privacy into court.
Now, Chair Rodgers and Cantwell believe to have finally agreed to a landmark legislation that they describe as "the best opportunity we’ve had in decades to establish a national data privacy and security standard." So, how does the ARPA propose to resolve past problems?
What will ARPA do?
The bill seeks to introduce a private right of action. This will allow people to file lawsuits and seek compensation against companies that don't fulfil data deletion requests or use their data without obtaining consent.
While the ARPA will ultimately equalize privacy-related rules enforced nationally, individual state laws will still be relevant on specifically targeted issues like civil rights, consumer protection, health, and financial data. The bill also incorporates certain aspects of strong state laws, including California’s and Illinois' genetic and biometric data rules.
"I think we have threaded a very important needle here," Cantwell said in an interview with the Spokesman-Review, adding that the plan is to set a national standard that builds on the progress made by those states.
🚨 NEWS: @HouseCommerce Chair @CathyMcMorris and @CommerceDems Chair @SenatorCantwell are leading on bipartisan legislation to create a national data privacy and security standard. #APRARead how the bill gives YOU the right to control your personal data ⬇️ pic.twitter.com/0O5Mz7qJ46April 7, 2024
Echoing GDPR in Europe, the new law wants to give people more control over their data while minimizing the information online services can collect and use. Most notably, individuals will be able to prevent the transfer and selling of their data. They could also require their data to be deleted, what's in the EU is known as the right to be forgotten. People will also have the right to opt out of targeted advertising.
From their side, companies will be required to carry on annual reviews of data algorithms to mitigate the risk of harm, like discrimination. These will also need to enforce stronger data security standards, with executives becoming legally responsible for ensuring people's data are fully protected as the law mandates.
It's still too early to say if the ARPA will become the comprehensive privacy bill that experts and digital rights advocates have long called for. What's certain, though, is that the "discussion draft" has opened the debate on better terms—and people are now hopeful that this could finally be it.
"Unlike past privacy bills proposed by federal legislators, this bill might get more traction because it appears they agreed on a couple of things they couldn’t agree on in the past," Daniel Barber, CEO at DataGrail Daniel Barber told TechRadar. "Another reason why it might go a bit farther: it has bipartisan AND bicameral support."