Mediaboss Marketing

On June 14th, the U.S. House Energy and Commerce Committee held a hearing on the newly proposed federal privacy law, called the American Data Privacy and Protection Act (ADPPA). ADDPA is presently not an official bill, just a discussion draft. Still, the Committee Members (on both sides of the aisle) all voiced support for ADDPA and for national standards for data privacy. ADDPA also has bipartisan support in the Senate, making it perhaps the federal privacy bill with the strongest chance of becoming law.

What is Congress focus in the federal privacy law?

Committee Members at the ADDPA hearing agreed on the desperate need for a national set of rules of the road for data privacy. They also agreed that those rules should be consumer-focused, without overburdening small and medium-sized businesses. Three points of emphasis stood out at the hearing:

Plain English privacy. Members on both sides of the aisle lamented how complicated and incomprehensible many company privacy policies can be. Their chief concern centers around the average consumers inability to understand exactly what s/he is agreeing to in sharing her/his personal data. Some privacy policies are long documents, written in legalese and often difficult for everyday people (and even lawyers) to fully understand. In the Committees opinion, a consumer cannot give informed consent for data sharing without simple, straightforward privacy policies and notices that detail sharing parameters.

How much preemption. If and when Congress passes a nationwide law, it may include a provision that preempts, or overrides, any state law on the same subject. Many states have passed their own privacy laws in the absence of federal regulation, including California, Colorado, Connecticut, Virginia, and Utah. The ADDPA discussion draft includes a compromise on preemption: the ADDPA would preempt many state laws, but a long list of exceptions is included. Some interested parties want full preemption to make compliance much simpler; others want to maintain some state privacy laws that offer consumers stronger protections than the ADDPA might.

When can consumers sue. Another sticking point that the hearing addressed is the scope of the ADDPAs private right of action. In the draft, the ADDPA allows for a limited private right of action through the following process:

Please note that this process is a departure from similar private rights of action included in other consumer protection statutes, such as the Telephone Consumer Protection Act (TCPA). With respect to the TCPA, a plaintiff can sue directly and can recover statutory damages of $500-1,500 per violation. Limiting the private right of action the way ADDPA does is a compromise between no private right and the sometimes abused private rights of action contemplated by other consumer-protection statutes, such as the TCPA. Overall, Members appear to be struggling to balance consumer rights with the burdens (on mostly small and medium-sized businesses) that these types of lawsuits can impose.

Why does the ADDPA matter to your business?

The ADDPA represents a strong first step toward adopting a federal privacy law. The benefits of such a measure are clear: a single set of rules that all businesses can follow, offering a level of predictability and compliance efficiency sorely lacking with the present statutory regime. Some businesses could spend tens of thousands of dollars per year to comply with the five state privacy laws that will be in effect next year. While these five laws have overlap, the burdens each place on businesses (especially businesses relying on personal data collection) can be enormous.

While the ADDPA is not a cure-all (it is not a bill yet, much less a law), this federal-level effort does show significant progress. No law is perfect, but this bipartisan and bicameral proposal would positively impact the U.S. privacy landscape.

Hire experienced privacy attorneys.

Even if Congress passes the ADDPA, it will be some time before a federal privacy law would go into effect. Regardless of the proposals fate, businesses still need to navigate the present state privacy law waters. Checking all the privacy compliance boxes across five states will take significant time and require real expertise. Hiring experienced data privacy attorneys can take that burden off your to-do list.

KleinMoynihan Turcomaintains an extensive practice in the fields of Internet and mobile marketing law, consumer data privacy law, sweepstakes and promotions law,fantasy sports and gaming law,intellectual property and general corporate law. If we can be of assistance, please visithttps://kleinmoynihan.comor call us at(212) 246-0900.

Original post:
Proposed Federal Privacy Law Hearing Reveals Progress and Sticking Points - Lexology