Loading...
TerraTrueTerraTrue's privacy by design platform helps teams comply with global privacy regulations, identify risks, and trigger privacy and security reviews.

July 22, 2022

Issue 2: House Energy & Commerce Committee ADPPA

Oh hey! Welcome to The Privacy Beat Newsletter!

Here's the gist: Come here every week for insights on the hottest topics in privacy according to our peers' tweets so you can walk into any happy hour or team meeting and sound like the absolute baller you are. No current topic gets by you. See a hot take you want included? Did you post a hot take you want included? Tag it #PrivacyBeatNews and see if it makes it into the next edition!

This week, Privacy Twitter had plenty of hot takes on this July 20 hearing on the American Data Protection & Privacy Act. Read on for deets!

It's not even hyperbolic to say that this week felt like the most progress we’ve made on granting Americans some sense of privacy as a right since I got into this field 12 years ago or so. It brings a little salt to the eye to see the House and Senate get smart on the substantive issues and find opportunities for compromise instead of retreating to old catch-phrases and unsophisticated arguments about why we can’t legislate this for the betterment of our citizens.

To be clear, I was about 35,000 feet in the air when this all went down, and United made it pretty difficult for me to livestream the hearing. So I interpreted what happened exactly as you’ll see below, by watching Privacy Twitter react to the #ADPPA negotiations. Then, because I am a nervous person, I called my besties Cobun Zweifel-Keegan at the IAPP and Stacey Gray at FPF to beg for a more comprehensive play-by-play to ensure I wouldn’t mislead you. Because, you know, I love y’all so very much, and I want you to sound smart when you go talking about this to your world.

So here’s what happened: In the end, the House Energy & Commerce Committee voted the American Data Protection & Privacy Act out of committee and on to a full House vote! That's a really big deal.

Recently, and you'll read more about this below, California lawmakers indicated they're unhappy with the ADPPA because, in their view, it's weaker than California's privacy law. In the end, six of the eight California delegates in the E&C Committee voted for the bill despite their complaints. It's worth noting, however, they said their in comments that they’ll do it this time, but they might not vote for it this bill once it hits the full House floor unless things change. So we’ll see. But even if all of California’s House delegates oppose the bill in the future, it looks like there’s enough Republican support in general that this thing could still pass.

For now, here’s what you need to know about what happened yesterday, as tweeted by your peeps. And how cute is the Future of Privacy Forum (and Cobun) enjoying the hearing on the big screen?

The Eshoo issue could be a thing

You may have seen recently that California lawmakers came out against ADPPA’s pre-emption provisions. Led by Rep. Anna Eshoo, members of the California Privacy Protection Agency and even California’s attorney general argued that California’s law – the former CCPA and now CPRA – does more to protect Californians’ privacy than a federal bill would. As such, Eshoo introduced an amendment that would mean a federal privacy law establishes a “floor” for privacy standards, which states could build upon to their own likings and desires.

This is where the hearing got a bit contentious, and for a moment, it looked like things might go off the rails.

The problem with allowing states to build provisions on top of any federal law would mean there’s no uniformity, as this bill is meant to establish. Companies would still need to comply with a patchwork of obligations. Plus, throwing that amendment into the mix would certainly destroy the bipartisan votes ADPPA currently enjoys, and we’d be back to the beginning. One lawmaker called Eshoo’s amendment a “poison pill.”

The time to do this is now

I highly recommend reading Gray’s analysis of why the time is right for the ADPPA. She notes that, yes, “Congress can continue to strengthen and clarify the law to ensure it exceeds CPRA’s substantive provisions; preserves the CPPA’s existing enforcement powers; and establishes a single, strong comprehensive national privacy standard.” But also, “Politically, the window for legislative action is closely rapidly as midterms approach in the fall, and the Democrats face the possibility of listing their majority in either or both chambers. Congress can use this opportunity to learn from California’s previous successes in establishing privacy protections for citizens by explicitly incorporating targeted rulemaking that would provide clarity for businesses and ensure that the law can keep pace with evolving technologies, business practices, and societal norms.”

Well said, Stacey!

Don’t let perfect become the enemy of the good

Of course there are issues with the bill. We're still sorting through them. But the fact that so many members of Congress are able to support what the bill says about pre-emption is wild progress from years prior, and to blow it up, as Caitriona mentions below, would be devastating to this process moving forward.

Ciatriona goes on to say that” EPIC would obviously prefer floor preemption. But with the options being a *strong* national privacy standard w/ preemption or no federal privacy bill at all (leaving only residents of a few states with protections), we can't let the perfect be the enemy of the good.”

REMINDER: what we’re doing isn’t working

As Stephanie says, the reason we’re here is because we need a uniform strategy. These federal hearings are a response to the domino-effect of state privacy legislation. Companies are grappling with Colorado, California, Virginia, Connecticut, Utah, and more on the way. Let's not forget the heart of the issue!

Every party has a pooper that’s why we invited you, Ezra : )

I kid, I kid! But do you remember when Franz sang that during Father of the Bride? Don't even ask me which Father of the Bride, I'm talking about the first one -- the best one. But I digress. We can certainly talk about whether any U.S. law is going to make a difference and whether the GDPR changed lives. But we're all exhausted from a lengthy and successful privacy hearing in the U.S., which underscored that sometimes, just sometimes, Congress can move past gridlock. Now if we could do the same with gun reform. But that's for another day.

If you want to dive deeper than I’m diving here, that is, if you’re a privacy nerd lawyer like everyone I know and want to read the bill’s markup itself, check out Cobun’s post on the redlines.