ArticlesC2 Fall 2022 Are we on the path to a National Data Privacy Law? by Stan Wisseman October 16, 2022 written by Stan Wisseman October 16, 2022 469 For years, US lawmakers have avoided making tough calls about what data privacy protections we should give consumers and how they should be enforced. That finally may be changing. Last week, the US House Energy and Commerce Committee greenlit a watershed privacy bill that strikes compromises on a series of major issues that have long vexed congressional negotiators. It marks the first time a federal consumer privacy bill has made it out of a US congressional committee, a historic feat. The move represents significant progress toward codifying consumer data protections federally in the US — something lawmakers have attempted for years to no avail. The American Data Privacy and Protection Act (ADPPA), H.R. 8152, seeks to establish national standards for how tech companies and other businesses use consumers’ personal identifiable information (PII). The ADPPA would override many state privacy laws, which would reduce complexities for businesses. This is called “preemption”. Perhaps the most distinctive feature of the committee-approved version of the ADPPA is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of consumer data if it’s necessary for one of 17 permitted purposes spelled out in the bill—things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that we almost always click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the EU’s privacy law, the GDPR, has played out. I like the data minimization approach proposed in the ADPPA. Research conducted by Acxiom last year shows 83% of consumers want a clear link between the data they share with organizations and the value they will receive from this exchange. Data trust cannot simply be claimed or assumed – it must be earned, and it requires brands to involve customers in a dialogue about what they are doing with their data and why. Collecting too much data can also be a liability for companies. Even with bipartisan support and the potential to provide vast new protections for Americans, it’s not all clear skies ahead. Even if the bill passes in the House, there are hurdles to the bill’s success in the Senate. Also, some representing business and industry interests, like the trade group Association of National Advertisers, have already issued statements. Some are also unhappy with ADPPA’s preemption of state data privacy statutes, such as California’s Consumer Privacy Rights Act. The ADPPA also apparently rolls back other protections, including rights to privacy that states have seen fit to enshrine in their state constitutions. Based on the text of the current bill, endangered state privacy rules include those for biometric information (apart from face recognition), genetic data, broadband privacy, and data brokers—or “third-party collecting entities” as the ADPPA refers to them. I recommend tracking the progress of ADPPA’s journey through Congress. Before a House floor vote, there will be interest groups positioning their amendments/changes to the bill. I just hope that it’s not diminished further since, if passed, the ADPPA will impact the country’s privacy landscape for years to come. But regardless of whether ADPPA passes during this legislative session, the bipartisan support behind it — combined with a wave of new state data privacy laws set to go into effect next year — indicates that the tides are shifting at a more fundamental, cultural level with respect to privacy in the US. The CyberRes Voltage Data Privacy and Protection portfolio is well-positioned to support the technology needs of privacy programs that may need to comply with the ADDPA. You can also check out this new Privacy Hub from CyberRes to learn how data and identity can power privacy. ADPPAAmerican Data Privacy and Protection Act (ADPPA)Association of National AdvertisersCalifornia's Consumer Privacy Rights ActConnect ConvergeConnect HPE User CommunityConnect WorldwideConnectConvergeconsumer data protectionsCyberRes VoltageCyberRes Voltage Data Privacy and Protection portfolioCybersecurityDataData Managementdata minimizationData Privacydata privacy protectionsData ProtectionData trustDigital transformationfederal consumer privacy billGDPRH.R. 8152Hewlett Packard EnterpriseHPEHPE user communityHPE User GroupNational Data Privacy Lawonline privacy regimepersonal identifiable informationPIIpreemptionprivacy billPrivacy Hubprivacy lawsstate data privacy laws 0 comment 0 FacebookTwitterPinterestEmail Stan Wisseman Stan Wisseman is a Chief Security Strategist and Business Solutions Director for Micro Focus’ security products. In these roles, Mr. Wisseman is responsible for providing driving business, but also providing thought leadership and insight regarding the ever-changing global threat landscape. Mr. Wisseman has over 30 years of information security experience and has built security into products, systems, software, and enterprises. He has worked for the NSA, Oracle, Cable & Wireless, Cigital, and Booz Allen Hamilton in roles that have ranged from Security Engineer, Product Manager, and Director of Information Security consulting practices. Prior to joining HPE in 2014, Mr. Wisseman served as the Chief Information Security Officer for Fannie Mae with responsibilities for information security and business resiliency across the organization. previous post The Struggle with Threat Intelligence next post Modernize the hospital data center with personalized healthcare IT You may also like Modern file storage accelerates the AI-driven search for... August 31, 2023 Historic collaboration: Next-gen virtual infrastructure accelerates apps, boosts... October 16, 2022 Modernize the hospital data center with personalized healthcare... October 16, 2022 The Struggle with Threat Intelligence October 16, 2022 Modernize your data management with HPE GreenLake and... October 16, 2022 Introducing Qualcomm Cloud AI 100 Accelerators for HPE... October 16, 2022 Recap HPE Discover 2022 October 16, 2022 Making App Modernization Easier with HPE and vFunction October 16, 2022 The Insider Threat Problem: Your biggest threat may... October 16, 2022 Accelerate and Automate SAP HANA Security Compliance with... October 16, 2022 Leave a Comment Cancel ReplyYou must be logged in to post a comment.