It is often a surprise to clients, especially non-U.S.-based clients, to learn that there is no true federal consumer data privacy law in the United States.[1] Rather, this vacuum has been filled by state laws, resulting in a patchwork of compliance for companies that do business nationwide. Typically, for companies, this has meant adhering to the most restrictive laws, which, historically, have been California state data privacy laws (the California Online Privacy Protection Act, California Consumer Privacy Act, and forthcoming California Privacy Rights Act). As of today, another 10 states, including New Jersey, New York, and Massachusetts, continue to actively pursue their own consumer privacy laws that would add to this increasingly intricate patchwork of regulations. It seems inevitable that this path will lead to divergent—or worse yet, conflicting—rules, definitions, and policies.
Enter Representative Suzan DelBene (D-Washington) and the Information Transparency and Personal Data Control Act (ITPDCA).
Introduced in March, the ITPDCA is the latest effort from Congress to set uniform federal standards for consumer data privacy. While federal data privacy bills have been introduced by both the House and the Senate in previous sessions, this latest bill by Rep. DelBene may gain traction and bipartisan support, as it includes some "business friendly" components, such as federal preemption of state privacy regimes and the lack of an individual private right of action.
Among the ITPDCA's primary provisions are notice of and consent for data collection and sharing, the ability for a consumer to opt out of the sale of their personal information, standardized requirements for privacy policies, and authorization of the Federal Trade Commission to promulgate rules to enforce the act.
The bill will almost certainly undergo substantial evolution before potentially being signed into law, but if nothing else, it marks a reengagement by Congress on the issue of consumer data privacy and will likely spur other bills to be introduced or reintroduced. As this issue develops, we will continue to track the ITPDCA and other notable bills and provide key updates in the Day Pitney Cybersecurity, Health and Technology (C.H.A.T.) Newsletter.
[1] While previous federal acts targeting specific industries, such as the Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and Health Insurance Portability and Accountability Act, have included some provisions relating to data privacy, they are not general consumer data privacy bills akin to the European Union’s General Data Protection Regulation.
Would you like to receive our Day Pitney C.H.A.T. Newsletter? Sign up here.
Day Pitney Healthcare, Life Sciences, and Technology Counsel Damian Privitera's arrival was featured in the Law360 article "Moses & Singer Healthcare Atty Joins Day Pitney in Hartford."
Day Pitney Healthcare Partner Magda Rodriguez authored the article "When Physician Retirement Arrangements May Be Legal" for Law360.
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – February 2024
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – February 2024
Day Pitney Artificial Intelligence Committee Chair Kritika Bharadwaj and Healthcare and Technology Associate Colton Kopcik authored the article "Generative AI in Health Care: Diagnosing the Legal Landscape for Dr. GenAI" for the New York Law Journal's Legal Technology Special Section.
Day Pitney Alert
Day Pitney Miami Healthcare Partner Magda Rodriguez was recently featured in a Q&A with her alma mater, Gulliver Prep's, alum newsletter.
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – December 2023
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – December 2023
Copyright © 2024 Day Pitney LLP, all rights reserved.