Congress revealed a bipartisan federal privacy bill, called the American Data Privacy and Protection Act. However, the U.S. Chamber of Commerce has major issues with the draft of the bill. Although the Chamber has objections to the draft, the feedback from the organization shows a willingness to negotiate the terms of a federal privacy law.
The Chamber declared in a letter that the draft of the federal privacy bill “is unworkable at this time.” The Chamber wants a “true national standard” and is concerned with the bill’s preemption of state laws. Also, the Chamber does not want the bill to include a private right of action, which would allow consumers the ability to sue over violations.
The federal privacy bill would offer consumers:
- Individual data ownership and control
- Data protections for children and minors
- The right to consent and object to processing sensitive covered data
The term “sensitive covered data” in the bill includes a list of data types, which includes:
| Government-issued | Health | Financial | Biometric |
| Genetic | Geolocation | Private messages | Log-in credentials |
| Race/Ethnicity/Union | Sexual orientation | Online activities | Calendar/Address |
| Private photos | Content access | Under 17 info | Identifying data |
Privacy by Design
The privacy bill would require a covered entity to “establish and implement reasonable policies, practices, and procedures regarding the collection, processing, and transfer of covered data.” The bill highlights the need to use a “privacy by design” approach by integrating technology and privacy practices into the business operations.
The privacy bill requires a covered entity to post a privacy policy. In the policy, the covered entity must provide a “detailed and accurate representation” of its “data collection, processing, and transfer activities.” The policy must identify the following:
- Contact information
- Categories of covered data collected
- Processing purposes
- Transferring of covered data
- Data retention period
- Rights of consumers
- Data security practices
- Effective date of the privacy policy
- Data transferred to certain countries
Consumer Awareness
If enacted, the Federal Trade Commission (FTC) will enforce the privacy law and make consumers aware of the law. Shortly after passage, the FTC plans to publish a webpage that describes the provisions, rights, obligations, and requirements of the law. The webpage will contain “plain and concise language” that will be “easy-to-understand” for both individuals and covered entities.
Alice M. Porch, Esq., CIPP/US, C|EH, Security+
Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.