Keypoint: As currently drafted, the ADPPA’s private right of action provides U.S. citizens with the opportunity to enforce their privacy rights but limits lawsuits to federal court and provides covered entities and service providers with mechanisms to mitigate the risk of such claims, including through the use of arbitration provisions and class action waivers.

As we previously reported, the American Data Privacy and Protection Act (ADPPA) (H.R. 8152) is eligible for a full House vote after the House Committee on Commerce & Energy (House Committee) reported out an amended version on July 20, 2022. Prior to reporting out the ADPPA, the House Committee adopted an Amendment in the Nature of a Substitute (AINS) that made numerous changes to the bill, including modifications to the bill’s private right of action (PRA).

The contours of the ADPPA’s PRA are crucial.

Privacy advocates point to the inclusion of the PRA as one way in which the ADPPA is stronger than the California Consumer Privacy Act. However, Senator Maria Cantwell (D-Wash.) – whose support is necessary to pass the bill because she chairs the relevant Senate committee – stated that the ADPPA contains “major enforcement holes” and does not have her support. Recently, Senator Cantwell stated that “she couldn’t support the bipartisan framework unless House lawmakers add tougher enforcement measures, including limits on forced arbitration and a broad right for individuals to sue companies that violate the law.” According to Cantwell, “The problem is it’s taking the House a long time to come to reality about what strong enforcement looks like.” “If you’re charitable, you call it ignorance. If you think that it’s purposeful, it literally won’t pass the House because they just won’t meet the test of what a strong federal bill looks like.” Meanwhile, business advocates such as the U.S. Chamber of Commerce are adamantly opposed to any bill “that creates a blanket private right of action.”

Given how important this issue is to passing a federal privacy bill, the below article contains a detailed analysis of the ADPPA’s current PRA as the House Committee passed it on July 20. The article then outlines the PRA contained in Senator Cantwell’s 2019 bill, the Consumer Online Privacy Right Act for comparison purposes.

If you are interested in learning more about the ADPPA, we are hosting a webinar on it on August 18, 2022. Click here for more information and to register. We also would like to thank the Future of Privacy Forum and the IAPP’s Cobun Zweifel-Keegan whose redline of the latest version of the ADPPA was instrumental in the drafting of this article.

Continue Reading Analyzing the American Data Privacy and Protection Act’s Private Right of Action

On July 20, 2022, the House Committee on Energy & Commerce reported out the American Data Privacy and Protection Act (ADPPA), and it is now eligible for a full House vote. If passed by Congress and signed by the President, the ADPPA will fundamentally change privacy law in the United States and around the world.

On August 18, 2022, Husch Blackwell will host a webinar to analyze the ADPPA. During the webinar we will cover the following topics:

  • What entities the ADPPA covers
  • What types of data are subject to the ADPPA
  • The requirements for covered entities under the ADPPA
  • How would the ADPPA be enforced, including an analysis of the bill’s private right of action
  • Where the ADPPA stands in the legislative process and what its path forward is

Click here for more information and to register.

Keypoint: The House Committee on Energy & Commerce reported out the American Data Privacy and Protection Act by a vote of 53-2, referring the bill to the full House.

On July 20, 2022, the House Committee on Energy & Commerce reported out an amended version of the American Data Privacy and Protection Act (ADPPA) (H.R. 8152) after holding a markup. The bill passed by a vote of 53-2 and is now eligible for a  full House floor vote. Lawmakers previously voted the bill out of a House subcommittee on June 23, 2022.

In the below article, we provide a brief overview of the amendments to the ADPPA as well as a discussion of recent objections raised by various entities and individuals.

Continue Reading Federal Privacy Bill Advances to House Floor

Keypoint: While the Agency previously published draft regulations in early June, its filing of a Notice of Proposed Rulemaking officially initiates the rulemaking process and triggers a 45-day comment period.

On July 8, 2022, the California Privacy Protection Agency (Agency) announced that it has initiated the formal rulemaking process to adopt proposed regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA). The announcement comes exactly six weeks after the Agency published draft regulations in connection with an Agency Board meeting held on June 8, 2022.

In the below post we identify the rulemaking documents filed by the Agency, discuss the rulemaking timeframe and scope, highlight comments the Agency made regarding other privacy laws, and identify the non-substantive changes made between this version and the prior draft version published in June.

Continue Reading CPPA Commences Formal CPRA Rulemaking

In the fifteenth episode of our Legislating Data Privacy podcast series, we are joined – for the second time – by Connecticut Senator James Maroney.

Senator Maroney is the author of the Connecticut Data Privacy Act – the nation’s fifth broad consumer privacy law. In this episode, Senator Maroney discusses how he navigated passing the law in 2022 after coming up just short in 2021. Among other topics, Senator Maroney discusses establishing a privacy work group to bring various stakeholders together in-between sessions. He also discusses working through various last minute issues to ensure passage.

 

Keypoint: A revised version of the American Data Privacy and Protection Act was formally introduced in the House and voted out of a subcommittee.

As we previously reported, on June 3, 2022, a bipartisan and bicameral group of lawmakers released a discussion draft of a comprehensive data privacy bill called the American Data Privacy and Protection Act (ADPPA). Representatives Frank Pallone Jr. (D-N.J.), Cathy McMorris Rodgers (R-Wash.), and Senator Roger Wicker (R-Miss.) all supported the discussion draft although it lacked the key support of Senator Maria Cantwell (D-Wash.).

On June 21, 2022, lawmakers formally introduced the ADPPA as H.R. 8152. On June 23, 2022, the Subcommittee on Consumer Protection and Commerce of the House Committee on Energy and Commerce held an open mark up session on the ADPPA and seven other bills. During the mark up session, the subcommittee ordered and favorably reported the bill, as amended by a substitute, to the full committee.

In the below post, we analyze some of the key changes between the discussion draft and current version of the ADPPA, briefly recap the mark up session, and discuss the bill’s path forward.

Continue Reading Federal Privacy Bill Voted Out of House Subcommittee

Keypoint: The comments focus on identifying areas in which the Attorney General’s Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the Colorado Privacy Act with state and international privacy laws.

The Colorado Attorney General’s Office is currently accepting pre-rulemaking input on the Colorado Privacy Act (CPA). It also will host public listening sessions on June 22  and June 28 for those interested in providing oral comments.

Given the importance of these forthcoming regulations to the development of U.S. privacy law, members of Husch Blackwell’s data privacy practice submitted extensive comments to the Office. The purpose of the comments is to identify areas in which the Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the CPA with other state privacy laws enacted in California, Connecticut, Utah, and Virginia and international privacy laws such as GDPR.

Continue Reading Husch Blackwell Submits Comments on Colorado Privacy Act Pre-Rulemaking

Keypoint: The chances for the United States to finally enact a federal privacy bill appear to have increased with the circulation of a bipartisan discussion draft although its chances for passage are far from clear.

On Friday, June 3, House and Senate leaders released a bipartisan discussion draft of a comprehensive data privacy bill called the American Data Privacy and Protection Act (ADPPA). Although there have been many federal privacy bills introduced in the past, this discussion draft is gaining widespread attention because of its timing, bipartisan support, and the fact that it reaches compromise positions on state law preemption and enforcement (the two primary obstacles for passing a federal privacy law).

In the below article, we first discuss the background of the discussion draft, including its chances for passage. We then provide a list of high-level takeaways.

Continue Reading Bipartisan U.S. Federal Privacy Bill Circulated

On May 27, 2022, the California Privacy Protection Agency issued draft regulations in connection with a Board meeting scheduled for June 8, 2022.

On June 9, 2022, members of Husch Blackwell’s data privacy team will host a webinar to analyze the draft regulations and how they will impact your CPRA compliance efforts. During the webinar, we will:

  • Review the draft regulations
  • Compare the draft regulations to the existing CCPA regulations
  • Analyze how the draft regulations interact with other state privacy laws in Colorado, Connecticut, Virginia and Utah

Click here for more information and to register.

Keypoint: The California Privacy Protection Agency issued a first set of draft regulations that contain a number of notable provisions but do not address all of the CPRA’s rulemaking topics.

On Friday, May 27, 2022, the California Privacy Protection Agency (CPPA or Agency) issued draft regulations in connection with a Board meeting scheduled for June 8, 2022.

In the below post, we provide high-level takeaways from the draft regulations, discuss the rulemaking timeframe, and provide a summary of some of the more notable provisions.

Continue Reading CPRA Draft Regulations Issued