Federal privacy law: Analysis of comments to the US House privacy working group

Due to the absence of a comprehensive federal framework, privacy law in the U.S. is described as a patchwork where states, state-level enforcement and the California Privacy Protection Agency have taken leading roles. Despite several attempts in recent years, Congress has been unable to reach a consensus to enact a comprehensive federal privacy law, with all bills introduced, regardless of their chamber of origin or partisan or bipartisan nature, failing to obtain a full chamber vote.

Against this backdrop, the U.S. House of Representatives Committee on Energy and Commerce made moves earlier in the year that signaled its intent to introduce an updated federal privacy framework. First, on 12 Feb. 2025, Rep. Brett Guthrie, R-Ky., announced the creation of a privacy working group, led by Rep. John Joyce, R-Pa., with the objective of "bring[ing] members and stakeholders together to explore a framework for legislation that can get across the finish line." On 21 Feb., the group sent out a request for information, inviting stakeholders to provide written responses to essential questions regarding upcoming federal framework.

Multiple stakeholders — from trade associations to consumer and business advocacy groups, think tanks, state legislators and state enforcement agencies — heeded this call and presented public and private responses. These responses addressed issues such as preemption of state laws, data minimization standards, enforcement methods and regulation of AI, among others. This exercise brought many perspectives before the working group, helping those members of Congress that are part of the group consider the needs of states, industries and consumers as they work to craft legislation that satisfies stakeholders.