This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Federal Privacy Bill Stalls Again

Congress started the summer with an apparently strong desire to pass national consumer privacy legislation, and came out of the gate with a bipartisan, bicameral bill (the ADPPA) that received quick action and strong support. As the summer went by, however, two major obstacles appeared; and now that Congress is back in session after August recess, the prospects for passage appear increasingly dim.

The ADPPA would pre-empt existing state privacy laws to establish a national minimum privacy standard, which is one central sticking point. The other obstacle is that, although the bill would allow consumers to sue companies directly for violations, there are some procedural limits on exercising those rights.  

Upon return from August recess, House Speaker Nancy Pelosi stated that she would not bring the bill to a vote because of its preemption provisions. She represents California, which has the most robust privacy laws in the country. California regulators have objected to the preemption language in the ADPPA, which they say would undercut their state law privacy protections.

Why It Matters

The US is virtually alone in the western, developed world in lacking a national privacy law. Congress has tried to pass one for years. Historically, it has been unable to reconcile consumer and business interests to achieve a consensus. Now that the states are addressing the lack of national privacy legislation by passing their own laws, there is a third set of concerns that must be addressed by Congress (pre-emption of state law), which makes the task that much more complicated.  

Large companies in the US generally already follow the (stringent) privacy laws of other countries. Increasingly, their small and medium-sized suppliers face privacy compliance issues, because it is not clear which laws apply and how strictly to follow them. EU law is extremely unwieldy, and California has revised and changed its law almost constantly since its passage in mid-2018. In theory, having a federal law could help smaller companies understand their compliance obligations and institute a consistent approach; but the reality of state laws is fast overtaking any potential likelihood of a single national law.  

Following weeks of urgings both for and against a vote, Pelosi released a statement prior to Congress' restart stating she would not hold a vote on the ADPPA in its current form. Pelosi said while the House Committee on Energy and Commerce should be "commended for its work," the impacts of the bill's current preemption provisions need to be addressed further, particularly as it relates to the California Consumer Privacy Act and the California Privacy Rights Act.

Tags

data security and privacy, hill_mitzi, insights