Our Privacy Rights Road Trip Heads to Capitol Hill
Update to "A Privacy Rights Road Trip: How Do State Privacy Laws Impact Vehicle Performance Data (VPD)?"
On June 3, 2022, just days after we blogged about data privacy law developments at the state level, a bipartisan group in Congress released a discussion draft of a comprehensive federal data privacy law. The proposed law, known as the American Data Privacy Protection Act (“ADPPA”), is intended to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.”
In the press release accompanying the draft, bill sponsors Senator Roger Wicker (R-Miss) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-Wash) stated: “This bill strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress, including the development of a uniform, national data privacy framework, the creation of a robust set of consumers’ data privacy rights, and appropriate enforcement mechanisms.”
While lawmakers have tried for years to enact data privacy legislation at the federal level, as we previously noted, measures have been successful in only a handful of states.
The likelihood of success for this latest federal bill remains unclear (see, e.g., here and here), and reception has been mixed.
Supporters like Dena Kozanas, director of MITRE’s Center for Data Privacy and Protection, have commended the draft release as “a positive step towards continued momentum in the debate on a national standard for data collection and protection.” Alexandra Reeve Givens, president and chief executive of the nonprofit research group Center for Democracy and Technology, likewise observed that the “draft shows that there is a bipartisan path forward on long-overdue legislation to protect consumer privacy, Americans want and desperately need legislation to protect their personal data and promote trust in the online world. While it’s not perfect, the draft is a hopeful first step.”
Others have urged further work, like Senators Brian Schatz (D-Hawaii) and Maria Cantwell (D-Wash), who sponsored prior bills and reportedly have expressed concern that the proposed bill is not adequately protective of personal data.
Still others have rejected the bill altogether, including the U.S. Chamber of Commerce, which has gone on record as saying the bill is “unworkable.”
And what does the new bill say about Vehicle Performance Data? Nothing specifically. But, like several of the state laws—some of which the bill expressly preempts—the draft federal bill would provide heightened protection to “precise geolocation information that reveals the past or present actual physical location of an individual or device that identifies or is linked or reasonably linkable to 1 or more individuals.” Sec. 2(22)(A)(vi) (Sensitive Covered Data). The bill further would expressly restrict and prohibit all “covered entities”—i.e., any entity or person that collects, processes, or transfers covered data and is subject to certain federal trade and communications acts—from transferring precise geolocation information to a third party “unless transferred to another device or service of such individual with the affirmative express consent of the individual through a standalone conspicuous notice explaining the manner in which the precise geolocation information will be transferred with such a notice provided for each instance in which such transfer is to occur absent a search warrant or exigent circumstances.” Sec. 102(a)(2).
Copyright Nelson Niehaus LLC
The opinions expressed in this blog are those of the author(s) and do not necessarily reflect the views of the Firm, its clients, or any of its or their respective affiliates. This blog post is for general information purposes and is not intended to be and should not be taken as legal advice.