The American Privacy Rights Act (APRA) is set to be introduced in the House of Representatives, but recent revisions to the bill have sparked criticism from privacy advocates. Initially intended to replace a patchwork of state-based data privacy rules with a national standard, the final draft of APRA omits key provisions related to civil rights protections, algorithmic accountability, and oversight by the Federal Trade Commission (FTC). As a result, several privacy groups have withdrawn their support, arguing that the bill no longer sufficiently protects against discriminatory data practices and privacy violations.
A significant change in the bill is the removal of the “Civil Rights and Algorithms” provision, which was originally designed to prevent data collection and processing that discriminates based on race, color, religion, national origin, sex, or disability. The removal has been attributed to partisan disagreements, and eliminates measures that required large data holders to assess and mitigate algorithmic harm and to provide users with opt-out options for algorithmic processes. Privacy advocates, such as Evan Greer from Fight for the Future, have condemned these omissions, asserting that they undermine the bill’s effectiveness in regulating large tech companies and protecting civil rights.
Despite these setbacks, the updated draft of APRA includes new language to enhance the protection of minors’ data and expands user control over biometric data. The bill now mandates express consent for the transfer and access of biometric or genetic information and prohibits the transfer of biometric data to third parties. These provisions aim to safeguard sensitive personal data, particularly in the context of digital service providers and online platforms catering to children.
While the bill has faced significant revisions, some experts believe it still offers substantial data privacy protections. Cobun Zweifel-Keegan, managing director of the International Association of Privacy Professionals, emphasized to Nextgov/FCW that the bill’s enforcement mechanisms are largely intact.
“Most of the bill could be enforced by private lawsuits from consumers, and all of the bill’s requirements would be enforceable by the FTC and state attorneys general,” he said. “This change does not affect the types of enforcement teeth in the law, it just removes a tooth from the picture, while keeping most of the substantive privacy requirements that are expected in comprehensive laws.”
The bill will undergo committee markup on Thursday, where further amendments could impact its final content.
Source: Nextgov/FCW
–
June 26, 2024 – by Cass Kennedy
Related News
Identity News Digest – June 26, 2024
Experts Highlight Nuances of Anti-fraud Data Collection in Senate APRA Testimony
Russian Government Plans Biometric Border Initiative
Secretive Group Details Russia’s Biometric Surveillance Apparatus in New Report
Illinois Residents Get Their $32.56 Payouts for Instagram’s Biometric Privacy Violations
Facebook Reaches Settlement in Texas Biometric Privacy Lawsuit
Follow Us