US Federal Privacy Bill Advances to House Floor

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

American Data Protection & Privacy Act Advances to the House Floor

The House Committee on Energy and Commerce voted 53-2 to report an amended version of HR 8152 (implementing the American Data Privacy and Protection Act) favorably to the House.

The amended version of the bill, among other changes, expands the definition of “sensitive covered data” to include “information identifying an individual’s online activities over time and across third party websites or online services”.

The collection or processing of sensitive covered data is prohibited under the bill except as strictly necessary to provide or maintain a product or service requested by the individual or for certain other purposes.

Targeted advertising is not included as a permitted purpose for the collection or processing of sensitive covered data.

IMPACT ON ADVERTISING INDUSTRY

In response to passage of the amended bill, the Interactive Advertising Bureau (IAB)’s Vice President for Public Policy issued a statement that the IAB cannot support the bill as it currently stands.

The IAB noted that the proposed legislation is more punitive than EU regulations and would impose heavier regulations than any state currently does.

The impact, according to the statement, is that “the average internet user enjoying speed and convenience will encounter a less friendly online environment.” 

Senate Committee to Consider Expanding COPPA

The Senate Committee on Commerce, Science and Transportation will hold an Executive Session July 27 to, among other actions, consider S. 1628 implementing the Children and Teens’ Online Privacy Protection Act.

The bill would amend the Children’s Online Privacy Protection Act (COPPA) by, among other changes, requiring consent for use, disclosure or compiling of personal information of known minors ages 13-16 for targeted marketing and prohibiting such use, disclosure and compiling from known children under 13.

“Constructive Knowledge” that a user is a child or minor would be imputed to an operator in certain circumstances, including if the operator collects or makes available data, promotional materials or communications that estimate or promote the age of visitors to the property or receives complaints about the age of users. 

WHY IT MATTERS

The FTC resolved in Fall 2021 to focus its enforcement efforts on harmful conduct directed at children under 18 and has received pressure from U.S. Senate Democrats asking for prohibitions on targeted children.

President Biden also noted in his March 2022 State of the Union Address that “it’s time to strengthen privacyprotections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children”.

This legislation would expand the FTC’s ability to enforce privacy protections to minors, beyond children under 13. 

Plaid to pay $58 million class action settlement for selling consumer data

A federal judge approved a class action settlement based on allegations that fintech app Plaid amassed and sold to third parties data about consumer spending habits without authorization or proper notice.

The complaint alleged claims of intrusion upon seclusion and unjust enrichment, among other statutory and constitutional claims.

WHY IT MATTERS

While it’s important to focus on the specific requirements of CCPA, GDPR and other comprehensive privacy laws, companies are smart to remember that tort law is still out there and may be used to enforce the basics of human privacy.

The tort of intrusion upon seclusion, for example, requires that the plaintiff prove that the defendant intruded into the plaintiff’s private affairs, seclusion or solitude and that the intrusion would be objectionable to a reasonable person.

When designing privacy programs, therefore, companies should not only look to check compliance boxes but also to take a step back and think about whether their practices violate fundamental principles of human privacy. 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.