American Data Privacy and Protection Act

Image

American Data Privacy and Protection Act Topic Page

This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources regarding the American Data Privacy and Protection Act.

The proposed ADPPA and its legislative path are the closest U.S. Congress has ever been to passing comprehensive federal privacy legislation. As summarized on the U.S. Library of Congress, “This bill establishes requirements for how companies, including nonprofits and common carriers, handle personal data, which includes information that identifies or is reasonably linkable to an individual.” The full text of the bill can be found here.

The bill has the support of some factions of the U.S. Federal Trade Commission, the agency that will be tasked with enforcing the bill if it passes.

The IAPP Resource Center includes a separate topic page for U.S. Federal Privacy, and a “U.S. Federal Privacy Legislation Tracker.”

Featured Resources

CHART

Scope of the draft ADPPA

This IAPP table aims to present a high-level breakdown of the American Data Privacy and Protection Act, a federal comprehensive data privacy bill.
Read More

ARTICLE

State views on proposed ADPPA preemption come into focus

The ADPPA is at a full stop in the U.S. House due to California’s concerns over current provisions for preemption of state comprehensive privacy laws.This article features reaction from state lawmakers and provides a a wider view on how the ADPPA and preemption are being received.
Read More

ARTICLE

Reviewing the House Committee changes to the proposed ADPPA

The proposed American Data Privacy and Protection Act has reached a standstill in the U.S. House. The bill is expected to undergo further changes before being brought to the floor. This article takes stock of the current version of the proposal and how it has transformed compared to prior drafts.
Read More

ARTICLE

What’s needed to improve the ADPPA

The proposed American Data Privacy and Protection Act is the closest U.S. Congress has been to passing comprehensive privacy legislation. This op-ed outlines what is believed to be left for lawmakers to consider and work on to reach final passage.
Read More

ARTICLE

The path to success for approved compliance programs under the ADPPA

This article breaks down the benefits FTC-approved ADPPA compliance programs while suggesting they could be an “effective, workable solution” SMEs can tailor “to their circumstances, business model and data holdings.”
Read More

ARTICLE

Defining health data: A major challenge for any privacy law

This article provides key takeaways on the ADPPA’s health data coverage and where potential pitfalls may lie.
Read More


Additional News and Resources

Analysis: ADPPA could offer better protection of health data held by non-HIPAA entities

The proposed American Data Privacy and Protection Act could have a far-reaching impact on health data that is not protected by the Health Insurance Portability and Accountability Act, Health IT Security reports. Invitae's Deven McGraw said, "HIPAA was never intended to be a privacy rule that covered all health data. ... The fact that we have this quite comprehensive piece of federal legislation that would cover personal data and extend additional protection to sensitive data is quite exciting. .... Read More

US House caucus endorses proposed American Data Privacy and Protection Act

The U.S. House New Democrat Coalition announced its support for the proposed American Data Privacy and Protection Act. The NDC, with 99 members, is the largest caucus in the House. NDC Chair Suzan DelBene, D-Wash., said the coalition's support comes as it has "prioritized advancing policies that make privacy the default and put people in control of their own information." She added the NDC calls on "Republicans and Democrats in the House and the Senate to seize this moment to come to an agreemen... Read More

Pelosi opposes proposed American Data Privacy and Protection Act, seeks new preemption compromise

Prospects for a landmark vote in the U.S. House on the proposed American Data Privacy and Protection Act boil down to House Speaker Nancy Pelosi, D-Calif., who decides when or if the comprehensive privacy bill's number will be considered on the House floor. Pelosi did not take a side upon the ADPPA becoming available for a floor vote just ahead of U.S. Congress' summer recess, leaving many wondering where the chips would fall when federal lawmakers returned to work Sept. 6. Following weeks of u... Read More

Stakeholders indicate stances on proposed American Data Privacy and Protection Act

Forty-eight advocacy groups joined on a letter asking U.S. House Speaker Nancy Pelosi, D-Calif., to consider and pass the proposed American Data Privacy and Protection Act. The letter touts the many civil rights protections the bill adds for consumers nationwide and expresses satisfaction preemption provisions are stronger than existing state laws, including the California Privacy Rights Act. Politico reports data brokers increased their lobbyist spending 11% in 2022's second quarter compared... Read More

Potential bipartisan refit for proposed American Data Privacy and Protection Act

Information Accountability Foundation Chief Policy Innovation Officer Martin Abrams wrote an op-ed discussing how to potentially tweak the proposed American Data Privacy and Protection Act "without changing its design in a fashion that might make passage more difficult." Abrams explained IAF devised a 10-factor criteria for evaluating the ADPPA based on considerations for consumer protections, data transfers to the U.S. and future-proofing provisions. Abrams also pointed to lessons learned from ... Read More

CPPA restates American Data Privacy and Protection Act opposition to US House leaders

California Privacy Protection Agency Executive Director Ashkan Soltani wrote a letter to U.S. House Speaker Nancy Pelosi, D-Calif., and House Minority Leader Kevin McCarthy, R-Calif., doubling down on its opposition to the proposed American Data Privacy and Protection Act. Soltani told House leadership the ADPPA's "sweeping preemption" works to "remove important protections and significantly weaken the privacy Californians currently enjoy." Soltani called preemption "an anomaly for federal priva... Read More

Advocates concerned with telecom data oversight in proposed ADPPA

Cyberscoop reports privacy advocates are concerned with provisions for telecommunications data oversight in the proposed American Data Privacy and Protection Act. The current proposal strips the U.S. Federal Communications Commission of its ability to enforce privacy rules, leaving telecom companies to potentially benefit from a new enforcement regime under the Federal Trade Commission. "The problem with the Federal Trade Commission is it has fewer tools that it can use to enforce the rule and i... Read More

Calif. privacy agency takes aim at dismantling federal privacy preemption

The proposed American Data Privacy and Protection Act feels so close and yet so far away. The comprehensive privacy bill is on the cusp of a U.S. House floor vote, a first for any federal privacy proposal. But the bill's fragile nature is being tested at a crucial point in the legislative process as California lawmakers and stakeholders prefer the bill fail or be refit in order to preserve the California Consumer Privacy Act and its successor, the California Privacy Rights Act. Opposition to th... Read More

State attorneys general oppose preemption in proposed American Data Privacy and Protection Act

California Attorney General Rob Bonta and 10 state attorneys general sent the U.S. House Committee on Energy and Commerce a letter urging reconsideration of preemption provisions in the proposed American Data Privacy and Protection Act. Bonta said U.S. Congress should draft a federal privacy law that "creates a floor, not a ceiling" and allows states "to continue building on state privacy laws that currently exist." The attorneys general explained states have played "a critical role" in "setting... Read More

What does the newest U.S. privacy bill mean for cybersecurity?

On Tuesday, June 14, the U.S. House Committee on Energy and Commerce held a hearing on the American Data Privacy and Protection Act discussion draft — a leading contender for a comprehensive federal privacy framework. The famed sticking points of individual redress mechanisms, preemption of state laws and the role of the U.S. Federal Trade Commission — the law’s likely federal enforcer — were among the slew of debated aspects. However, the cybersecurity provisions and data security requirements ... Read More

Understanding the scope of the draft American Data Privacy and Protection Act

As the policy community takes time to absorb and reflect on the substantive provisions of the draft American Data Privacy and Protection Act, it is worth exploring the basic scope of application of the bill. What organizations would be expected to comply? How do obligations differ based on size or function in the data economy? The ADPPA presents a somewhat complex array of organizational roles, with different names than privacy professionals may be used to. For example, what’s the difference bet... Read More

US lawmakers unveil bipartisan American Data Privacy and Protection Act

Members of U.S. Congress appear to be full-steam ahead in their pursuit of finalizing comprehensive federal privacy legislation by year's end. A day after revelations of a draft bill circulating, a bipartisan group of lawmakers published a discussion draft for the proposed American Data Privacy and Protection Act for full public consumption. U.S. Senate Committee on Commerce, Science, and Transportation Ranking Member Roger Wicker, R-Miss., and House Committee on Energy and Commerce's Frank Pal... Read More

Distilling the essence of the American Data Privacy and Protection Act discussion draft

Publicly released last Friday, the discussion draft of the American Data Privacy and Protection Act gave the privacy community plenty of food for thought for the weekend. Initial impressions and analyses of the text ranged from “very promising,” “a valuable first step,” and “hugely impactful” to “not bad.” Omer Tene perhaps described it most poetically as: “a tsunami that may yet make GDPR seem like a storm in a teacup.” Jim Steyer, founder and CEO of Common Sense Media, said that while the dra... Read More