Americans shouldn’t compromise on privacy.

The American Data Privacy and Protection Act, HR 8152 (ADPPA), will soon go to a vote in the U.S. House of Representatives.[1] It has passed out of the Energy and Commerce Committee, but not without controversy. The bill would override state privacy law, but is not strong enough to provide basic protections we need. The bill must be amended to remove federal preemption, or it must be opposed.

Data privacy is so important for health freedom — it touches the health apps we use, the online doctor’s appointments, the wearable devices that monitor our vitals, who can see our medical records, and more. We saw during the declared pandemic how tenuous our grasp on our privacy truly is – and how our health choices profoundly impact our lives and the lives of our children.

The bill is a “landmark compromise” that will hurt citizens and state rights

It’s no exaggeration to say this bill has been at least a decade in the making. Attempts at federal privacy legislation have been made over the years, but all have failed because there are so many stakeholders at the federal and global level that it’s impossible to avoid deal breakers.[2]

In her opening statement to introduce the bill to the committee, Representative Jan Schakowski from Illinois cited the years of work “with all stakeholders” including Big Tech, states, federal agencies, and more, proudly announcing, “We have finally come up with a landmark compromise — the word being compromise.”

Compromise is a necessary part of life, but it is absolutely wrong to compromise on fundamental rights.

Key provisions of the bill

The ADPPA would apply to commercial entities governed by the Federal Trade Commission (FTC). The bill restricts data collection to only what is reasonably necessary. It increases required disclosures and the need to get consent for data collection and transfer. Disclosure requirements detail which third parties get personal data, and whether that data is available to China, Russia, Iran, or North Korea. The bill claims to give individuals ownership of their data, and the right to object to its transfer or to opt out of collection. Many provisions aim to protect children from targeted ads, sexual predators, algorithms that create addictions and other mental health harms, or dangerous TikTok challenges. The bill would require third-party collectors to register with the FTC. Provisions prohibit racial bias and discrimination in artificial intelligence and algorithm-based decision making by companies.

What’s good about this bill?

One congressperson claimed Americans are “begging” for a federal privacy law. And indeed, there are many provisions of this bill that address concerns of Americans. We all want our children to be safe online and to protect their digital legacy in the world of data. We’d all like more control over what happens to data about us, especially if it affects our legal rights or our ability to do things like get loans and insurance. Many states do not have data privacy standards yet so this bill would give basic protections to those who need them.

But for many reasons, this bill could be a poison pill. Sweeping federal compromises can never protect Americans as strongly as more specific laws closer to home in their states or localities. The biggest problem with the bill as it will go to the floor of the House is the provision to override the ability of states to pass stronger laws than this federal bill.

Key concerns with the ADPPA

Preemption

• There is concern with the effect the bill have on states’ ability to enforce the federal Driver’s Privacy Protection Act.[3]
• California has some of the strongest data protections in the nation and does not want federal law to weaken that by overriding it.
• Illinois passed biometric and genetic privacy acts that would be overridden if the state didn’t fight to be specifically exempted from this federal law.
• The bill would compromise state ability to enforce or enact privacy laws. No state could pass laws like CA and IL have.
• The ADPPA preemption “would place major enforcement responsibilities on the historically under-resourced FTC.”[4]
• The bill would limit private rights at the federal level, for something that would traditionally be state law. Privacy right violations are torts for which a person should be able to sue in state court, but this federal law would move it to a federal court and allow forced arbitration instead. This is important because trial-by-jury is a transparent constitutional right, but arbitration is usually behind closed doors.[5]

Businesses

• Small businesses will be hurt by consolidation of advertisement power.
• Federal law that stops state law from enacting stronger legislation only benefits big businesses that have the resources to influence the federal government and to out-litigate citizens who can’t compete with their deep pockets. Local legislation can take into account unique regional business and community needs and concerns so that both individuals and businesses can thrive and be protected, with the ability to solve problems more quickly than this federal law would provide.

Surveillance

• One exception is data in the possession of private companies can be shared freely with law enforcement.[6]
• The bill wouldn’t stop the CDC from buying cell phone data to track Americans. Representative Lesko summarized an article from May 4, 2022, describing the agency’s purchase of location data to track lockdown compliance and for other “numerous CDC priorities.”[7] She cites this as a reason to pass the federal legislation, but with HIPAA as an exception carved out in this bill, the CDC would not be affected because HIPAA doesn’t apply to public health.[8]

The federal government wants to override state privacy law.

The most controversial part of the ADPPA is a section written to make sure the federal law overrides state law. This is known as preemption. It’s not necessary and can be dangerous or just downright unconstitutional.

Privacy expert and attorney Daniel Solove pointed out, “the ability to grow and evolve is a key feature of privacy law. Preemption snuffs out the flame and stops a key engine for developing law in the United States.”[9]

Federal preemption is a deal breaker for many on this law. Representative Peters from California acknowledged that without preemption, there would not be bipartisan support for this bill.[10] Financial groups want stronger preemption as well as weakening the law because they feel they are already regulated by federal law and do not want to encourage states to pass stronger privacy legislation.[11]

It can’t get more clear that this federal bill will not work for states, when we look to California and Illinois, two states that already have their own data privacy laws in place, and insisted on being exempted in this federal legislation because the federal government would provide less protection. California and Illinois laws are expressly listed in the lengthy list of exemptions to this federal data plan. The ADPPA is too weak to protect Americans and it will only get weaker as it is amended through further compromises in the House and Senate.

Representative Anna Eschoo from California stated her unhappiness with the compromise of preemption by declaring in committee, “Federal law should build upon, rather than diminish, state-level enforcement activities.” She proposed an amendment to the bill to allow for more state freedom to create stronger laws than a federal floor on privacy rights, but her amendment was voted down.[12] She, along with fellow Californian Representative Barragan, were the only two votes against moving this bill out of the committee for a vote on the U.S. House floor.[13] The record shows that many of the 37 representatives on the committee had reservations or submitted amendments that they withdrew at the hearing in order to move this bill along. This bill has some steam in its engine right now, which is critical as we are approaching midterm elections where the balance of power between our ruling parties may change.

The ADPPA is pro-big-business

Representative Raul Ruiz from California pointed out he’s concerned that this bill would hurt small businesses with the unintended, but real, effect of consolidating advertising power.[14] He called for an economic impact analysis of the bill.

This kind of concern gains a lot of weight when you learn that Tim Cook, head of Apple, visited Washington and then sent a letter to Congress in support of passing federal privacy legislation “as soon as possible.”[15] When do we have major corporations asking the federal government to pass laws supposedly governing their industry? In fact, Tim Cook has also argued against antitrust legislation with the stated reason that Apple wants to control privacy on its iPhone, and instead called for federal privacy legislation.[16]

At the International Conference of Data Protection and Privacy Commissioners, held in Belgium in 2018, representatives of Apple, Google, Facebook, and Microsoft announced their support for federal privacy legislation like that of the European Union, which some reasonably believe would be with the end goal of standardizing those laws across the globe, favoring the companies themselves. [17]

Big Data has been exploiting the fact that there aren’t many data privacy laws… yet. It makes sense that they would prefer a federal action over individual states challenging them one at a time, in a death-by-1000-cuts fashion.

It was noted in discussion of this bill that many states had not enacted data privacy protections for their states, but citizens want it so the federal government is stepping in to fill that role.

This a wake-up call and an opportunity

This bill is a wake-up call for us to do the work in our states and get privacy protections in place.

Now is a great time to contact your lawmakers and elected officials. Get to know them before you vote in November. Let them know what issues are important to you. Be the voice for people who cannot make time or do not yet feel confident enough to have face-to-face interactions with their representatives. Your meetings matter. When representatives see that people are passionate enough about health freedom to jump the hurdles that stop so many from participating, they realize that thousands more hold your views but aren’t able to stand there with you.

It’s so important to write, phone, and visit your elected representatives. Take action today by using this forum to send a pre-drafted or customized email to your representatives, but don’t stop there! Pick up the phone and call their office, set up an appointment to meet in person, or go to one of the many events leading up to the elections. Many representatives host town hall phone or video calls; make sure you are on their call list.

U.S. House Representatives are scheduled to be at home for district work for the month of August, so you have a great chance of being able to connect in person before they travel back to Washington to vote on bills like the ADPPA.

 

References

1. https://www.congress.gov/bill/117th-congress/house-bill/8152/text?q=%7B%22search%22%3A%5B%22hr+8152%22%2C%22hr%22%2C%228152%22%5D%7D&r=3&s=1

2. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 1792)

3. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 1839)

4.https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 2057)

5. https://www.bytebacklaw.com/2022/08/analyzing-the-american-data-privacy-and-protection-acts-private-right-of-action/

6. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 1989).

7. https://nypost.com/2022/05/04/cdc-bought-cell-phone-data-to-track-lockdowns-vaccination-docs/

8. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-public-health-activities/index.html

9. https://teachprivacy.com/further-thoughts-on-adppa-the-federal-comprehensive-privacy-bill/?utm_source=Opt-in+Newsletter&utm_campaign=e2a5b93db8-08.25.20_COPY_01&utm_medium=email&utm_term=0_b681bb8bd9-e2a5b93db8-231443903

10. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 2405)

11. https://bankingjournal.aba.com/2022/06/aba-trade-groups-cite-serious-concerns-with-adppa/

12. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 4573)

13. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 4873, 4932)

14. https://docs.house.gov/meetings/IF/IF00/20220720/115041/HMKP-117-IF00-Transcript-20220720.pdf (Line 2604)

15. https://www.thedrum.com/news/2022/06/13/experts-skeptical-tim-cook-s-push-new-privacy-legislation-monopoly-101, https://www.cnbc.com/2022/06/10/apple-ceo-cook-pushes-for-privacy-legislation-after-visit-to-congress.html

16. https://thehill.com/policy/technology/3265186-tim-cook-cautions-against-antitrust-legislation/

17. https://iapp.org/news/a/us-federal-privacy-law-apple-google-facebook-microsoft-all-hope-so/