US lawmakers have introduced a comprehensive federal privacy bill that, if signed into law, would make it harder for data buyers and sellers to collect and use non-aggregated, non-anonymised data.

The American Data Privacy and Protection Act aims to create an overarching data privacy framework for the entire US – a country that so far has been governed by a patchwork of state-level regulations. Under the current text of the bill, data buyers could face major repercussions for using individualised data, particularly within protected categories like geolocation, biometrics/genetics and information that identifies any information related to a protected status.

According to a senior House Democratic aide who is involved with the bill, data providers may want to pre-emptively assess their data assets to discover any areas where their data could come under fire. “It might be worth [vendors] doing an internal audit, or minding their data hygiene,” he said. “I think that would be a wise thing for anyone to engage in.”

The current iteration of the bill would serve as a starting point for discussions and legislative compromise. Senior House staffers told Neudata News they anticipated the bill would be marked up at the subcommittee and full committee level this month. Hearings for the bill began on Tuesday, June 14.

However, the likelihood that the bill would become law is still uncertain. US legislators have, in the past, attempted to make laws protecting consumer data, notably the SAFE Data Act in 2021. "The SAFE Data Act did not go anywhere, and it's not clear that this bill will advance either (particularly given the disagreement over the four-year delay on the private right of action)," said Don D'Amico, managing director and general counsel at Neudata. "The bill also defers many of the specific compliance requirements to future Federal Trade Commission guidelines, leaving its potential impact on alternative data vendors very uncertain."

Photo by Giammarco Boscaro on Unsplash