2 min read

American Privacy Rights Act

On April 7th, 2024 a House Committee on Energy and Commerce released draft legislation for a sweeping reform to United States privacy law. This legislation, titled the American Privacy Rights Act, is intended to overhaul the United States privacy laws put together by states and provide and overall protection scheme to standardize requirements across the country. This privacy legislation is heavily targeted at social media and advertising companies in an attempt to better secure privacy protections for individuals (Committee Chairs Rodgers, Cantwell Unveil Historic Draft Comprehensive Data Privacy Legislation, n.d.).

Of particular note is legislation specific to large social media companies making at least 3 billion dollars per year in revenue and providing services to at least three hundred million individuals. This is specifically linked back to legal requirements by adding in any traceability concerns associated with user online activities. For these high-impact social media platforms, the user activity itself is considered privacy data.

This regulation also takes special note of existing laws. The California Civil Code is referenced as having special provisions associated with the award of damages as a result of improper data security. Otherwise, most state regulations are collapsed into this governing regulation to help improve standardization across the United States.

With new regulatory requirements come new ways of addressing harms. Specific to privacy are privacy harms. These will be addressed with a new Privacy and Security Victims Relief Fund which shall be funded by fines levied against organizations causing privacy data release. These fines will ultimately fund compensation for individuals or entities having valid claims as determined in court. Any additional funding resulting from this common pool of money will be spent towards privacy and data security education as well as research and development in vthe same. There are provisions to prevent double dipping in cases where a business entity has already paid a fine or settlement to an individual (American Privacy Rights Act of 2024, n.d.).

Oversight is a critical feature of this new legislation. The reporting requirement given to the originating commission stipulates that the commission must provide auditable reports every four years. These reports should include any required policy changes and newly discovered priorities associated with this legislation.

Overall, this legislation makes positive strides towards adopting a similar framework as European nations have with GDPR. By bringing common legislation to the United States, companies are no longer bound by individual state laws when making data protection decisions. By incorporating the most restrictive privacy law, CCPA, into their data protection strategy the House Committee on Energy and Commerce has ensured that American citizens are well protected from data privacy harms. Through the use of a self-replenishing fund, Americans are further insulated from damages associated with privacy harms. 

American Privacy Rights Act of 2024. Retrieved April 27, 2024, from https://d1dth6e84htgma.cloudfront.net/American_Privacy_Rights_Act_of_2024_Discussion_Draft_0ec8168a66.pdf

Committee Chairs Rodgers, Cantwell Unveil Historic Draft Comprehensive Data Privacy Legislation. (n.d.). House Committee on Energy and Commerce. Retrieved April 27, 2024, from https://energycommerce.house.gov/posts/energycommerce.house.gov