Last updated: June 27, 2022
Quite a few activists, legislators, lawyers, and other professionals do not agree with the current state of privacy laws in the U.S., namely the fact that states are trying to pass their own laws. Many are arguing that a federal privacy law that encompasses all states is the better way to go as it would reduce the confusion and expense of complying. Currently, there is no overarching privacy law in the U.S. and these representatives hope to change that.
Please note that this chart does not include bills that are dead nor does it include bills that do not deal with the subject matter that pertains to our customers. For example, a bill has been proposed that deals with facial recognition. We have not included this bill in our tracker since it’s not relevant to our customers.
We will update this Federal Privacy Bill Tracker when bills are proposed, die or become law.
|US H 1816||Information Transparency and Personal Data Control Act||x||x||x||x||x||x||x||x||x|
|US S 1494||Consumer Data Privacy and Security Act of 2021||x||x||x||x||x||x||x||x||x|
|US S 2499||The Setting an American Framework to Ensure Data Access, Transparency and Accountability Act (SAFE DATA Act)||x||x||x||x||x||x||x||x||x||x||x|
|US S 919||Data Care Act of 2021||x|
|US S 3195||Consumer Online Privacy Rights Act||x||x||x||x||x||x||x||x||x||x||x|
|US H 6027||Online Privacy Act of 2021||x||x||x||x||x||x||x||x||x||x|
|2021 US S 3065||Digital Accountability and Transparency to Advance Privacy Act (DATA Privacy Act)||x||x||x||x||x||x||x||x||x||x||x||x|
|American Data Privacy and Protection Act||x||x||x||x||x||x||x||x||x||x||x||x||x|
We classified the bills into a chart to make it all easier to understand. Here is an explanation of the factors against which each bill is weighed:
- Enforced by the FTC: if this bill becomes law, it will be enforced primarily by the Federal Trade Commission;
- Overrides state laws: this bill would supersede any state laws that govern privacy. For example, in California, businesses would have to comply with the federal law and not the CCPA;
- Business size limit: this bill applies to businesses of a certain size. For example, some of the bills apply to businesses that make millions of dollars in revenue or collect the personal information of a certain number of residents of the United States;
- Right to access data: consumers have the right to see the specific pieces of data that the company has collected about them;
- Audit requirement: the bill would require the business to have a third party audit of its privacy practices and compliance;
- Right to delete data: consumers have the right to request that the business delete their personal data;
- Right to correct data: consumers have the right to request that the business correct their incorrect data or complete their incomplete data;
- Right to restrict processing: consumers have the right to limit how businesses use their data.
- Right to opt out: consumers have the right to say no to the sharing or selling of their data.
- Opt-in consent required: consumers have to affirmatively allow the business to collect, use, sell or share their data.
- Right to portability: consumers have the right to receive their personal data that the business has collected on them in an electronic, commonly-used, machine structured format.
- Against automated decision making: the bill restricts a businesses’ ability to make certain decisions by solely automated means, without any human involvement.
- Imposes fiduciary duty: the bill obligates a business to act solely in the best interest of the consumer and not the business when it comes to that consumer’s data.
- Prohibits discrimination: the bill prohibits businesses from discriminating against consumers that exercise their rights by charging higher prices or by providing inferior quality service or products.
As the proposed bills are always changing, make sure to check this post often to keep up to date! Or don’t, we’ll update your policies automatically for you when the bills become law.
Here are links to each privacy bill:
- US H 1816: https://www.govinfo.gov/content/pkg/BILLS-116hr2013ih/pdf/BILLS-116hr2013ih.pdf.
- US S 1494: https://www.congress.gov/bill/117th-congress/senate-bill/1494/text?q=%7B%22search%22%3A%5B%22consumer+data+privacy+and+security+act+of+2021%22%5D%7D&r=1&s=1
- US S 2499: https://www.congress.gov/bill/117th-congress/senate-bill/2499/text?q=%7B%22search%22%3A%5B%22Setting+an+American+Framework+to+Ensure+Data+Access%2C+Transparency%2C+and+Accountability+Act%22%5D%7D&r=1&s=1
- US S 919: https://www.congress.gov/bill/117th-congress/senate-bill/919/text
- 2021 US S 3065: https://legiscan.com/US/text/SB3065/2021
- US S 3195: https://www.congress.gov/bill/117th-congress/senate-bill/3195/text
- US H 6027: https://www.congress.gov/bill/117th-congress/house-bill/6027/text?r=66&s=1
- American Data Privacy and Protection Act: https://www.commerce.senate.gov/services/files/9BA7EF5C-7554-4DF2-AD05-AD940E2B3E50
Protect yo’ self,
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.