0
American Data Privacy and Protection Act
4/17/2024, 11:45 PM
Summary of Bill HR 8152
The bill includes several key provisions aimed at achieving this goal. One of the main provisions is the establishment of a national data privacy standard that would apply to all companies that collect and store personal data. This standard would require companies to obtain explicit consent from individuals before collecting their data and to take steps to ensure the security of that data.
Additionally, the bill includes provisions that would give individuals greater control over their personal data. For example, individuals would have the right to access and correct their data, as well as the right to request that their data be deleted. Companies would also be required to notify individuals in the event of a data breach. The bill also includes provisions aimed at increasing transparency around data collection and use. Companies would be required to provide clear and easily understandable explanations of how they collect and use data, as well as to disclose any third parties with whom they share data. Overall, the American Data Privacy and Protection Act seeks to strengthen data privacy and protection for American citizens by establishing a national standard, giving individuals greater control over their data, and increasing transparency around data collection and use.
Congressional Summary of HR 8152
American Data Privacy and Protection Act
This bill establishes requirements for how companies, including nonprofits and common carriers, handle personal data, which includes information that identifies or is reasonably linkable to an individual.
Specifically, the bill requires most companies to limit the collection, processing, and transfer of personal data to that which is reasonably necessary to provide a requested product or service and to other specified circumstances. It also generally prohibits companies from transferring individuals' personal data without their affirmative express consent.
The bill establishes consumer data protections, including the right to access, correct, and delete personal data. Prior to engaging in targeted advertising, the bill requires companies to provide individuals with a means to opt out of such advertising. The bill also provides additional protections with respect to personal data of individuals under the age of 17. It further prohibits companies from using personal data to discriminate based on specified protected characteristics.
Additionally, companies must implement security practices to protect and secure personal data against unauthorized access, and the Federal Trade Commission (FTC) may issue regulations for complying with this requirement.
The bill provides for enforcement of these requirements by the FTC and state attorneys general. Beginning two years after the bill takes effect, individuals may, subject to certain notification requirements, bring civil actions for violations of the bill.
Finally, the bill preempts state laws that are covered by the provisions of the bill except for certain categories of state laws and specified laws in Illinois and California.
