US Federal Government Privacy Obligations Bill Tracker

To keep our members informed about developments in the federal privacy landscape, this tracker organizes privacy-related bills proposed in the 119th U.S. Congress that apply to the public sector. The IAPP additionally hosts a separate federal privacy legislation tracker that focuses on regulating the private sector.

Much focus has been trained on Congressional efforts to pass a comprehensive privacy law that regulates the private sector. Nevertheless, efforts to regulate privacy in relation to the public sector are also afoot, highlighted by a host of new bills proposed in the 119th Congress and organized in this tracker. These bills, arising from both sides of the aisle and often bipartisan, demonstrate Congress' inclination to impose privacy-preserving limits on various executive agencies, law enforcement and the intelligence community while also underscoring policy trends like regulating facial recognition, cybersecurity and privacy related to border enforcement and reproductive health.  

Many of these bills impact certain federal departments more than others. In particular, Homeland Security, Treasury, Commerce, Health and Human Services, Education and Veterans Affairs are repeatedly singled out. As such, the tracker organizes the bills by the executive agencies or departments which they most directly impact.  

Several bills focus on placing privacy restrictions on the Department of Homeland Security. H.R.2261, for example, requires that certain DHS intelligence information be processed in a manner consistent with civil liberties and privacy rights. Likewise, S.1691 limits the use of facial recognition technology by the Transportation Security Administration, a branch of DHS.  

Lawmakers have also shown interest in regulating the Department of Government Efficiency. One proposed bill limits the ability of DOGE to access certain information systems, and another clarifies that "temporary organizations" created under 5 U.S.C. 3161 — DOGE being one such organization — are subject to the Freedom of Information Act.  

There is also significant activity around limiting law enforcement's surveillance capacity and ability to access personal data. For instance, H.R.96 would prohibit federal agencies from using drones to conduct surveillance of U.S. citizens; H.R.3218 would bar warrant applicants under 18 U.S.C. 2518 from using intercepted data to investigate anyone seeking or facilitating reproductive or sexual health care.  

Additionally, the privacy of members of Congress themselves is under consideration. S.2144 aims to protect the personal information of members of Congress, as well as that of their family and their staff, by restricting government agencies from publicly posting content that includes covered information.

Based on the contents of this tracker, governing the public sector from a privacy perspective is strong policy impulse, especially as emerging technology makes it easier for governments to surveil populations and analyze their data at scale. The Westin Research Center will periodically update this tracker. If you are aware of a proposed federal bill that is absent from our list, please share it with us at research@iapp.org.