Bipartisanship and pressure points were visible as the U.S. House Committee on Energy and Commerce Innovation, Data and Commerce Subcommittee began Congress' latest foray into crafting a comprehensive federal privacy law.

The subcommittee's 17 April hearing was scheduled to cover a range of targeted privacy and online safety bills on the the Energy and Commerce Committee's docket, but lawmaker dialogue and witness questioning continually circled back to the American Privacy Rights Act discussion draft.

While the bipartisan, bicameral draft has yet to be formally introduced in the House or Senate, a majority of lawmakers are more inspired than ever by the APRA and its prospects as the proper vehicle to address consumer rights with business accountability. It's proposed provisions on data minimization, targeted advertising limitations and enforcement mechanisms were heralded by lawmakers and witnesses.

"We're putting people back in control of who they are, what they think, and how they live their lives," Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., said in her opening remarks. Rodgers is the lead sponsor to the proposed APRA with Senate Commerce, Science and Transportation Chair Maria Cantwell, D-Wash. "Congress has been trying to develop and pass comprehensive data privacy and security legislation for decades. With the American Privacy Rights Act, we are at a unique moment in history where we finally have the opportunity to imagine the internet as a force for prosperity and good."

'Four corners' dilemma

The subcommittee hearing marked one of the first chances for Energy and Commerce Ranking Member Frank Pallone, D-N.J., to fully deliver his position on the APRA proposal.

Pallone was an integral part of initiatives around the American Data Privacy and Protection Act, the House's preceding comprehensive privacy bill that was approved by Energy and Commerce but never received a floor vote. All indications regarding the APRA drafting suggest Rodgers and Cantwell were the lone architects, potentially sidelining Pallone and Senate Commerce Ranking Member Ted Cruz, R-Texas.

A 7 April statement marking the release of the APRA hinted Pallone was not fully on board with the new proposal. Those sentiments were only confirmed in the subcommittee hearing with Pallone airing out perceived red flags in the discussion draft.

Pallone said during the hearing that he was happy to see the APRA "adopts many key pillars" from the proposed ADPPA, including foundational data minimization standards. However, he explicitly noted there are "several"  improvements he is seeking, including many around children's privacy.

"I've long said that any comprehensive privacy law must provide heightened privacy protections for children," Pallone said. "This new draft recognizes information about children is sensitive, but it does not provide many of the specific protections for children that can be found in the ADPPA."

Among the children's protections Pallone wants to see added to the APRA are banning targeted ads to children that cannot discern between ads and non-ads, privacy-by-design requirements specific to children, and the establishment of a youth privacy division at the U.S. Federal Trade Commission.

More attention to data brokers, specifically around transparency, was another area Pallone raised concern around. He pointed to "additional tools for consumers" and improvements regarding an APRA-proposed mechanism allowing universal opt-outs for all data broker data sharing.

"ADPPA went one step further and directed the creation of a universal deletion mechanism directing all data brokers to delete their information," Pallone said. "Without such a provision, consumers who don't want brokers retaining and selling their data would have to visit hundreds of data broker websites and opt out of each one."

Additionally, Pallone indicated the need to assess the APRA for whether it "adequately reflects what we've learned about artificial intelligence." The APRA proposal currently includes specific provisions on algorithmic accountability and discrimination.

The lack of full buy-in from Pallone and Cruz, who is firmly against many key APRA provisions, leaves questions regarding the proposal's long-term viability.

Children in focus

Pallone wasn't the only one harping on children's privacy as a priority. Many subcommittee members have children at the heart of their APRA support and emphasized it in their witness questioning.

IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, opined that while the APRA proposal treats children's data belonging to minors under age 17 as sensitive, additional protections and requirements are likely to be added to the bill when the proposed Children and Teen Online Privacy Protection Act is likely incorporated. That separate children's bill was a subcommittee agenda item with the APRA.

Lawmakers were particularly gripped by Young People’s Alliance Director of Advocacy Ava Smithing. Data, Innovation and Commerce Subcommittee Chair Gus Bilirakis, R-Fla., and Ranking Member Jan Schakowsky, D-Ill., joined Rodgers and Pallone and were visibly following Smithing word for word as she described what companies and advertisers are doing to kids with the "arsenal of information" they are collecting and using for targeted ads and content.

"Data as a word does not articulate its own importance, failing to capture the value that lies in what is now known about us by unregulated actors. Actors whose only goal is to sell our attention for profit," Smithing said. "It did not matter that the posts and ads I was paying the most attention to were incredibly harmful to me, only that my attention was paid."

With regard to existing state-level children's privacy, Rep. Kathy Castor, D-Fla., is hoping the APRA proposal can "rebalance the scales" that have been "overweighted" toward industry.

"Kids are lucrative ripe targets for a wide range of online actors. ... The platforms know they are causing harm, but the kids are just too lucrative to change the way they're doing business." Castor said, pointing out negative impacts from screen time and the mental health issues stemming from that time and subsequent interaction with targeted content.

Next steps?

The legislative path for the APRA in the House begins in earnest with an introduction and subsequent markup. There's been no indication from the Energy and Commerce Committee as to when either of those will happen.

The Senate's APRA consideration will begin sooner than later with a preliminary hearing similar to the House subcommittee's, according to Senate Commerce Senior Counsel Shannon Smith on an IAPP LinkedIn Live 15 April.

Despite the moving target around timing, the House appetite to finish the job on a comprehensive privacy bill is clear. The shortcomings on the legislative process around the ADPPA has only emboldened lawmakers on data privacy.

"There may be a lot of differences we have across the aisle all too frequently. This is not one of those days," Schakowsky said. "There's really been a unanimity among all the players that we do this. ... I know that we're going to run into things that have yet to be fully negotiated, but I am absolutely confident with our chairman, ranking member and others that we'll be able to move forward."