Connect with us

Hi, what are you looking for?


Privacy & Compliance

Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right

The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.

Two influential lawmakers from opposing parties have crafted a deal on legislation designed to strengthen privacy protections for Americans’ personal data.

The sweeping proposal announced Sunday evening would define privacy as a consumer right and create new rules for companies that collect and use personal information. It comes from the offices of Democratic Sen. Maria Cantwell and Republican Rep. Cathy McMorris Rodgers, both of Washington state.

Cantwell chairs the Senate Commerce Committee while McMorris Rodgers leads the House Energy and Commerce Committee. While the proposal has not been formally introduced and remains in draft form, the bipartisan support suggests the bill could get serious consideration.

Congress has long discussed ways to protect the personal data regularly submitted by Americans to a wide range of businesses and services. But partisan disputes over the details have doomed previous proposals.

According to a one-page outline released Sunday, the bill worked out by McMorris Rodgers and Cantwell would strengthen rules requiring consumer consent before a company can collect or transfer certain kinds of information. Companies would have to notify consumers about the details of data collection and retention policies and seek consumer permission for significant changes.

In addition, companies would have to ensure that any algorithms used to analyze personal data aren’t biased, and companies that buy and sell personal data would have to register with the Federal Trade Commission.

Consumers would also have greater control over how their data is used under the measure. One provision of the proposal would allow consumers to opt out of targeted ads — i.e., advertisements sent to them based on their personal data.

A new bureau focused on data privacy would be created within the FTC, which would have the authority to enact new rules as technology changes. Enforcement of the law would fall to the FTC as well as state attorneys general.

Advertisement. Scroll to continue reading.

If passed, the new standard would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights