“Historic” federal data privacy bill lands in US Congress

Is the APRA really capable of resolving old problems?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

People in the US seem closer than ever to having their online privacy finally protected by federal law.

A “historic” bipartisan proposal landed in Congress on Sunday and promises to fix issues with previous bills, most notably the latestADPPAintroduced last year.

TheAmerican Privacy Rights Act (APRA)seeks to give Americans more ways to take agency back over their privacy online. It plans to minimize the data companies can collect and use, limiting these only to the necessary information to operate their services. It will also introduce the right for people to opt out of targeted ads and sue bad actors for violating their privacy.

American Privacy Rights Act (APRA): what’s different this time?

“A federal data privacy law must do two things: it must make privacy a consumer right, and it must give consumers the ability to enforce that right. Working in partnership with Representative McMorris Rodgers, our bill does just that,” said Democratic Senator Maria Cantwell, who chairs the Commerce Committee, in anofficial announcement.

While recognizing the importance of comprehensive data protection legislation, Cantwell has been critical of previous attempts,most notably of the ADPPAproposal introduced in Congress in 2022.

Past tensions sparked over whether or not to allow federal legislation to override current privacy-related laws enforced on a state level. Differences also spread around the possibility of authorizing consumers to drag companies violating their privacy into court.

Now, Chair Rodgers and Cantwell believe to have finally agreed to a landmark legislation that they describe as “the best opportunity we’ve had in decades to establish a national data privacy and security standard.” So, how does the ARPA propose to resolve past problems?

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

What will ARPA do?

The bill seeks to introduce a private right of action. This will allow people to file lawsuits and seek compensation against companies that don’t fulfil data deletion requests or use their data without obtaining consent.

While the ARPA will ultimately equalize privacy-related rules enforced nationally, individual state laws will still be relevant on specifically targeted issues like civil rights, consumer protection, health, and financial data. The bill also incorporates certain aspects of strong state laws, including California’s and Illinois' genetic and biometric data rules.

“I think we have threaded a very important needle here,” Cantwell said in an interviewwith the Spokesman-Review, adding that the plan is to set a national standard that builds on the progress made by those states.

🚨 NEWS: @HouseCommerce Chair @CathyMcMorris and @CommerceDems Chair @SenatorCantwell are leading on bipartisan legislation to create a national data privacy and security standard. #APRARead how the bill gives YOU the right to control your personal data ⬇️ pic.twitter.com/0O5Mz7qJ46April 7, 2024

EchoingGDPRin Europe, the new law wants to give people more control over their data while minimizing the information online services can collect and use. Most notably, individuals will be able to prevent the transfer and selling of their data. They could also require their data to be deleted, what’s in the EU is known as the right to be forgotten. People will also have the right to opt out of targeted advertising.

From their side, companies will be required to carry on annual reviews of data algorithms to mitigate the risk of harm, like discrimination. These will also need to enforce stronger data security standards, with executives becoming legally responsible for ensuring people’s data are fully protected as the law mandates.

It’s still too early to say if the ARPA will become the comprehensive privacy bill that experts and digital rights advocates have long called for. What’s certain, though, is that the “discussion draft” has opened the debate on better terms—and people are now hopeful that this couldfinallybe it.

“Unlike past privacy bills proposed by federal legislators, this billmightget more traction because it appears they agreed on a couple of things they couldn’t agree on in the past,” Daniel Barber, CEO atDataGrailDaniel Barber told TechRadar. “Another reason why itmightgo a bit farther: it has bipartisan AND bicameral support.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Undermining your privacy? Session says no and leaves Australia

Are online dating and data privacy an incompatible match?

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday