A bipartisan bill hopes to put people in control of their data
The Future. A bipartisan bill called the American Data Privacy and Protection Act (ADPPA) would curb a majority of businesses, platforms, advertisers, and other entities from collecting data that can be linked back to a person’s identity. It also gives people the tools to fight back when those rights have been violated. If passed, it could give Americans the same data protections that users in the EU receive already… which every major platform already abides by.
My data, my choice
Per Fast Company, Congress may vote on a big power transfer regarding online data.
- The American Data Privacy and Protection Act passed the Committee of Energy and Commerce by a significant margin and is now on the docket to be voted on in both houses.
- The bill stipulates that “any entity collecting, processing, or transferring covered data, including nonprofits and sole proprietors,” will be required to collect only the minimal amount of data — anything that can be used to identify a person — it needs to function.
- That includes data for “authentication, security incidents, prevention of illegal activities or serious harm to persons, and compliance with legal obligations.”
- Entities will also be unable to bypass the rules by making users consent on those “I Agree” boxes, which are essentially just pages of fine print to trick people into signing away their rights so they can use their site.
Users will also be able to correct inaccurate information in their data, delete data held by entities, or sue if their rights have been violated.
The ADPPA will not apply to “research for public good” (good) and government entities (ehhh). And while states like California will see their data privacy laws usurped by federal legislation, laws that govern specific data types — like Illinois’ Biometric Information Privacy Act — will be left to their own devices.
Additionally, ADPPA only protects data that a person didn’t expressly permit entities to use that can be connected back to them. “De-identified” data, employee data, and publicly-available information will all still be free game.