Skip to content

Federal privacy legislation: It'll be an interesting summer! (UPDATED)

ADPPA, COPRA, HLDPA and more!

US Congress with a grey sky in the background

Last updated: June 18.  Originally published: June 14.  

As Congress heads into the summer, there's a sudden surge of activity on federal privacy legislation. The recently-released American Data Privacy and Protection Act (ADPPA) has a hearing in the House on Tuesday, June 14. Meanwhile, Sen. Maria Cantwell (D-WA) is circulating a draft of her own bill, a revision to 2019's Consumer Online Privacy Rights Act (COPRA).  As if that's not enough, there are also several different children's privacy bills being considered. Exciting!

Update, June 15: and now there's another bill, the Health and Location Data Protection Act  (HLDPA).

In late May, over 50 civil rights, civil liberties, and consumer protection organizations urged Congress to "pass comprehensive consumer privacy legislation during this session that prohibits data-driven discrimination and ensures that everyone has the right to equal opportunity on the internet." Signers including Lawyers Committee on Civil Rights, EPIC Privacy, CDT, Access Now, and Free Press have all described the draft ADPPA as encouraging – both because of its explicit civil rights protections, and its bipartisan support (it's sponsored by House Energy and Commerce Chair Frank Pallone (D-NJ), ranking member Cathy McMorris Rodgers (R-WA.) and Sen. Roger Wicker (R-MI), ranking member of the Senate Commerce Committee).

Issues like whether individuals can sue companies who violate their privacy (a "private right of action") and whether the federal bill will prohibit states from passing stronger legislation ("pre-emption") have previously been sticking points to getting bipartisan support. ADPPA's compromises in both of these areas are seen as breaking a stalemate.  Since bipartisan support is crucial to get anything through Congress, this is indeed a big deal.

On the other hand, there are also lots of concerns about ADPPA.  

Some of the links below go into more details about other issues, including law enforcement access, a "duty of loyalty" that appears to set a very low bar, the complex pre-emption clause, and the exclusion of de-identified data and employment data.

So while I too am encouraged by the bipartisan interest in passing privacy legislation, I'm tempering my enthusiasm for now. Based on what we've seen over the years in the Washington state legislative battles, I'm nervous that language in the bill that looks strong will turn out to be weaker than it appears, or will be undercut by other sections of the bill. And of course, big tech and data brokers will no doubt claim that even the current text will cause the sky to fall, and will devote huge lobbying efforts to weaken it – as they routinely have with state privacy bills.

One approach that proved very useful here in Washington state is to look at real-world privacy abuses that are occurring today and we expect to see in the near future. In 2021, for example, we looked at whether the state-level bill would prevent ICE access to data from Muslim prayer apps; and earlier this year, we focused on the Markup's reporting on ed tech abuses (here and here).  As we get more information about the legislation, this will help understand how effectively ADPPA and COPRA will actually be in protecting us.  

So, we shall see. But to end on a positive note: There's general agreement that 2022 is the best chance yet to get a strong privacy bill through Congress. With luck – and enough pressure from privay groups and grassroots activists to counter big tech's lobbying – the bills will improve as they move through the process and converge on something that really does protect our privacy. Which would be pretty darned cool ...

So stay tuned for an interesting summer!

Update, June 18: here's my live-tweeting of the hearing (unrolled into a single web page for your convenience).  And, here's EPIC's live-tweeting, which also has links to witnesses' written testimony.   Some new links since then:

Keep in mind that authors of various articles are not necessarily neutral here!  For example, ITIF represents the tech industry, and in their testimony pressed for ADPPA to be weakened.  Still, these are all good analyses ... and who am I kidding, I'm not particularly neutral either 😎.  

________________________________________

Image credit: JessicaRodriguezRivas, via Wikipedia Commons.  licensed under the Creative CommonsAttribution-Share Alike 4.0 International license.