Vice President, C_TEC, U.S. Chamber of Commerce
September 13, 2022
Right now, there is strong political demand on both sides of the aisle to better protect Americans’ privacy, and the U.S. Chamber could not agree more. The Chamber was the first trade association to propose model legislation following passage of California’s privacy law and has continued to support bills that protect consumers and innovation.
What Should Be Included in a National Privacy Bill
For years, the Chamber has advocated for a clear, national framework that protects all Americans' data equally and provides well-defined rules of the road to all companies and organizations. We strongly support a federal privacy law that includes the following rights, among many other issues:
- Right to delete data
- Right to opt-out of targeted ads
- Right to correct inaccurate information
- Right to access one’s own records
- Right to opt-in to sensitive data collection and sharing to assist with issues such as COVID tracking and other public health purposes
We supported Representative Delbene’s Information Privacy and Data Control Act and the Virginia Consumer Data Protection Act. Although imperfect, both bills work to significantly balance business certainty and clarity with consumer protections.
What Should Not Be Included in a National Privacy Bill
The American Data Privacy and Protection Act won’t just impact ‘big tech.’ It will ensnare every organization—large or small, for-profit or not-for-profit—that collects data. These include retailers, restaurants, manufacturers, and yes—even charities. And ironically, only the biggest companies would be able to afford to navigate this complex and novel proposed law.
Smaller businesses, as well as nonprofits including hospitals and charity organizations, will disproportionately bear the cost of compliance. In fact, according to a recent U.S. Chamber report, 80 percent of small businesses say technology helps them compete with larger firms, and that same number of small businesses believe limiting access to data will harm their business operations. Without changes, the bill could significantly impact the ability of small businesses to reap the benefits of digital advertising.
Additionally, ADPPA is drafted in a way that doesn’t enshrine core protections—the definitions are vague and the legislation leaves far too much to the discretion of unelected bureaucrats.
For example, this bill would enable the Federal Trade Commission to define broad categories of data to be barred from collection or use, including public health data or data that could be used to expand financial inclusion. Europe and California’s privacy laws both allow for the collection and use of sensitive data with consent. This could significantly place data analysis around public health, economic development, public safety, and charity fundraising in jeopardy.
When the U.S. is in a global race with China to lead the world in artificial intelligence (AI), this bill could greatly hinder American companies’ ability to deploy AI technologies. The bill, which fails to define artificial intelligence, could subject innovators to run unnecessary impact assessments before deploying the technology. Digital red tape like this could place us at a disadvantage over our strategic competitors.
Why True Preemption is Necessary
A recent study revealed that a 50-state privacy patchwork could cost the U.S. economy $1 trillion, $200 billion of which would hit small businesses.
As currently drafted, the ADPPA would merely create a new national privacy patchwork. The bill’s preemption would only supersede state laws for activity covered under the Act. As noted in a recent Congressional Research Service report, this type of preemption is not considered the strongest and allows states to creatively continue to regulate data. Chipping away even further at a national standard, the ADPPA would allow California to have special status to enforce the law and keep parts of its privacy law. Enterprising plaintiffs' attorneys could even continue to use state consumer protection laws so long as they don’t claim that a federal violation is a de facto violation of the state law.
How Private Right of Action Harms Businesses
A national data protection law including a private right of action, like that in ADPPA, would encourage an influx of abusive class action lawsuits, create further confusion regarding enforcement of blanket privacy rights, harm small businesses, and hinder data-driven innovation.
The Chamber sent a letter to the members of the Senate Committee on Commerce, Science and Transportation and the House Committee on Energy and Commerce outlining concerns with attempts to rush through legislation that would encourage an unmanageable patchwork of laws and abusive class action lawsuits through private rights of action.
Where Do We Go From Here
The Chamber will continue to work with our members and both parties in Congress to craft a truly preemptive national privacy bill that protects all Americans data equally. Any calls to further carve out state laws from the legislation’s attempt at preemption should be rejected.
This legislation is too important to rush through. When it comes to passing permanent law, Congress should measure twice and cut once.