The American Data Privacy and Protection Act (ADPPA) passed out of the House Energy and Commerce Committee, marking the first time a consumer privacy bill has made it out of a committee in Congress.
The bill—which seeks to give privacy protections to consumers and regulates enforcement—has been amended several times, with compromises made on both sides of the aisle.
Republicans conceded to Democrats on allowing civil rights prosecutions on discriminatory data usage, while Democrats pared back their language on it to make it more palatable to the GOP. The bill strikes a bipartisan proposal that overrides individual state privacy laws, which Republicans advocated for. In exchange, consumers would be granted the right to sue violators of the law.
In a joint statement, Energy and Commerce Committee Republican Leader Rep. Cathy McMorris Rodgers (R-Wash.), Committee Chairman Rep. Frank Pallone, Jr. (D-N.J.), Consumer Protection and Commerce Subcommittee Ranking Member Rep. Gus Bilirakis (R-Fla.), and Subcommittee Chair Jan Schakowsky (D-Ill.) said the bill was a “major step forward in our bipartisan effort to establish national data privacy protections for all Americans.”
“The American Data Privacy and Protection Act puts people back in control of their online data,” they said. “It creates a strong national standard that will finally minimize the amount of Americans’ information companies are allowed to collect, process, and transfer. This will rein in Big Tech’s power and establish clear, robust protections for people, especially children. Under our solution, companies will face real consequences if they track our kids’ data or use that information to exploit them for profit.”
Some conservatives have argued that the costs for companies to comply with the new legislation would be passed to consumers, resulting in higher prices and reduced choices for services. They point to the European Union’s Global Data Protection Regulation (GDPR), a similar regulatory measure to the ADPPA. After the rule was enacted, many small tech startups either stopped selling in Europe or folded entirely due to the cost of compliance, while tech giants like Facebook and Google were able to continue to operate in the continent.
But digital advocacy groups have largely been in favor of the bill. The Electronic Frontier Foundation sent a letter to the House Energy and Commerce Committee in June saying it “appreciates” the committee addressing “how the government should protect us from businesses that harvest and monetize our personal information,” but said the draft should be amended “to ensure strong private enforcement in court, and to not undo other privacy laws at the federal and state levels.”
However, in the compromise, the bill would supersede state laws. That means that states like California, which might want to set a higher data protection bar, would be hindered by the bill.
The bill passed out of committee on a 53-2 vote, meaning it will likely be approved by the full House. The two votes against it were representatives from California.
However, it faces a steep uphill battle in the Senate. Democrats there have called the bill “riddled with loopholes” and Sen. Richard Blumenthal (D-Conn.) said he “[can’t] support it right now.”
With the August congressional recess looming and the 2022 midterms just around the corner, it remains to be seen whether Congress can actually pass the most sweeping data privacy reform bill in recent memory.