This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

Congress Stalls on a National Privacy Law

Many watchers of Congress and privacy have given a lot of time and attention to the American Privacy Rights Act this session, hoping that the bipartisan bill would finally mean that the country would have national privacy rules.  In early July, House leadership torpedoed a markup of the bill, pushing back against the chair of the Energy and Commerce Committee's efforts to submit the bill for further consideration.  Various officials described their reservations over the lack of a pre-emption clause (meaning the national law would not take precedence over conflicting state privacy laws) and the fact that the bill currently allows for a private right of action (consumers can sue companies directly for violations).  


The greatest potential benefit of having a national privacy law is creating a single prevailing standard, one that is clear to companies and consumers alike.  Because Congress has been so slow to act, however, there are now state privacy laws across much of the US.  Those states are not going to take kindly to stepping back and letting Congress supersede their work.  The result has been splintering of legal requirements, making compliance increasingly difficult for small and medium companies.  Different states simply have different priorities and different enforcement mechanisms.  This makes it increasingly challenging to comply with all laws, or even to keep up with which laws might apply to a small business.  That creates risk and uncertainty for consumers and business owners alike.  

Another reason many people favor having a national privacy law is to bring the US in line with other Western economies.  At this point, however, Congress is so far behind on this issue that it might never catch up.  Many other western countries are on their second or third generation of national privacy laws.  Most US companies are forced to comply with the privacy laws abroad – large companies are directly subject to them, and small companies often have to agree to compliance via contract.  This creates complexity and uncertainty in negotiations and compliance, especially for smaller providers.  


Scalise pointed to the private right of action the bill would establish, a major priority for Democrats that would allow consumers to seek financial damages through court. Republicans had pushed for the bill to include preemption of state laws, which was included in the legislation pulled from Thursday’s markup.


data security and privacy, hill_mitzi, data privacy, privacy, privacy and security law, insights