Congressional leaders introduce new legislation for a national data privacy framework
Author
Maxx Silvan
Seamus Dowdall
Upcoming Events
Related News
Key Takeaways
On April 7, U.S. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and U.S. Senate Commerce, Science and Transportation Committee Chair Maria Cantwell (D-Wash.) introduced the American Privacy Rights Act. Unveiled as a discussion draft, this legislation seeks to set a national data privacy framework and define relevant rights and protections of Americans.
What would this legislation do?
If enacted in its current form, the American Privacy Rights Act would enumerate national data privacy rights and set data security standards. In doing so, the bill prohibits covered entities (i.e. for-profit organizations) from:
- Collecting, processing, retaining or transferring more personal data than is proportionate and necessary to provide or maintain a product or service requested by the consumer
- Transferring sensitive personal data (i.e. government-issued identifiers, personal health information, financial information, etc.) to a third party without the consent of the consumer
This legislation also requires entities to provide consumers with the ability to:
- Access its personal data which the entity holds and the name of third parties to whom data has been transferred
- Correct any inaccuracies or incomplete personal data that has been collected, processed or retained
- Delete personal data that has been collected, processed or retained (and requires the entity to notify third parties of this action if data has been transferred)
- Receive exported personal data which the entity collected, processed or retained
Consumers would also have the right to opt-out of targeted advertising that leverages personal data and algorithm-based decision making for housing, employment and health care. It also establishes civil right protections that prohibit entities from employing discriminatory data collection or use practices.
To enhance transparency, entities must publicly provide a privacy policy to its consumers laying out its data collection, processing, retention and transfer activities. In addition, a short-form notice of data practices (of no more than 500 words) must also be made available.
What does this mean for counties?
Generally, these provisions would not apply to county governments or entities that are acting as a service provider to the county. However, this legislation would apply to many entities that county governments regularly interact with, including third-party vendors that counties may interact with to provide services to residents.
NACo supports initiatives and systems to ensure that personal and county information is secure from illegitimate actors and hackers. Furthermore, NACo supports ensuring that third party providers conform to county privacy policies and practices that maximize the security of private information. NACo has not yet taken a position on the American Privacy Rights Act, and we encourage feedback from members interested to learn more about the legislation.
Want to learn more?
NACo will continue to monitor developments around The American Privacy Rights Act. To learn more about the bill and ongoing discussions on federal data privacy policy, click here.
Related News
Courts ponder the constitutionality of the Universal Service Fund
The U.S. Fifth Circuit Court of Appeals ruled in Consumer’s Research v. FCC that the mechanism underlying the Federal Communications Commission’s Universal Service Fund is unconstitutional.
Secure our world by protecting county digital assets
Cybersecurity Awareness Month is a good occasion to note that protecting digital assets is a job for the entire county workforce, not just the IT department.
Webinar
Overview of the U.S. Department of Justice Final Rule on Web Accessibility for State and Local Governments
This webinar will include important details on forthcoming compliance requirements for web-based local government services, and outline other key implications for counties.