Tech sector sounds alarm bells over comprehensive data privacy bill

The nationwide digital privacy bill making its way through Congress might be a landmark effort, but it isn’t ready for prime time, according to groups including the Consumer Technology Association and the US Chamber of Commerce.

In a June 10 letter to House Energy and Commerce Committee leaders, 22 technology and business trade organizations—under the banner United for Privacy—expressed concerns that the American Privacy Rights Act (APRA) doesn’t go far enough to override overlapping state privacy laws.

“We agree with the legislation’s goal of providing a uniform national privacy standard. However, as drafted, APRA falls short of creating a uniform national standard due to its inadequate federal preemption of the ever-growing patchwork of state privacy laws,” the groups wrote.

In late April, Senate Commerce Committee Chair Maria Cantwell and House Energy and Commerce Committee Chair Cathy McMorris Rodgers together unveiled APRA, a sweeping bill that attempts to tackle myriad online privacy issues. It notably calls for transparency in how entities collect and store consumer data, and it would “give consumers the right to access, correct, delete, and export their data, as well as opt out of targeted advertising and data transfers,” according to a Senate Commerce fact sheet.

Its supporters say it’s aimed at rolling the patchwork of state-level digital privacy regulations into one comprehensive standard. APRA critics contend that its private right-of-action provision could lead to excessive lawsuits, and that preempting state laws might not be a good thing. On the other hand, some cybersecurity organizations have criticized the bill for not being tough enough on data brokers.

Since its introduction, the legislation has evolved a bit, with changes made during a House Energy and Commerce subcommittee session last month that include more responsibilities for data brokers and a new section on children’s privacy.

Now that the bill is up for consideration by the full House Energy and Commerce Committee, United for Privacy argues that the legislation should be rewritten to further clarify that the federal law would take precedence over all state regulations. A failure to do so would be costly, they argue.

States have increasingly considered and passed their own privacy legislation, and APRA could potentially allow states to implement—or keep—their own rules that are stricter than the federal standard.

Perpetuating a state patchwork is not an ideal outcome, TechNet President Linda Moore said in a press release.

“Since 2018, 46 states have considered 210 comprehensive data privacy bills. Twenty state legislatures have passed different, often conflicting data privacy laws, including seven states just this year. This growing patchwork is confusing consumers and having a chilling effect on our economy,” she said. “The need for one national privacy standard has never been greater. Unfortunately, as drafted, the American Privacy Rights Act falls short of this goal.”