Signage is seen on the Chamber of Commerce building in the Manhattan borough of New York City, New York, U.S. April 21, 2021.
andrew kelly | Reuters
The bipartisan privacy proposal that has reignited a debate over federal protections for internet users is “unworkable,” a major business group says.
The U.S. privacy and data protection law “as written is unworkable and must be defeated,” the U.S. Chamber of Commerce wrote in a draft letter to congressional leaders on the matter, in a copy obtained by CNBC on Thursday. The House then updated the letter to say the act is “unenforceable at this time”, but deleted the suggestion that it should be dismissed.
The draft letter, which could still change before it is sent to lawmakers, is an early sign of how the companies will seek to use their leverage around renewed privacy negotiations. Lawmakers have spent years deadlocked on key questions about how privacy protections should be implemented, but the new proposal introduced Friday tries to thread a delicate needle on those trouble spots.
The bill would give consumers protections and more control over their online data and require companies to minimize the amount of information they collect about users.
The House disagrees with how the proposal addresses these two elements: the preemption of state laws and the right of individuals to sue for violation.
ADPPA, a talk project published by leaders of House Energy and Commerce Reps. Frank Pallone, DN.J., Cathy McMorris Rodgers, R-Wash., and Sen. Roger Wicker, R-Miss., the Commerce Committee’s ranking member, take a unique approach to both issues. The proposal would supersede some state laws, but allow others to remain enforceable, including the Illinois Biometric Privacy Act and other categories of state laws like general privacy laws. consumer protection or cyberstalking or cyberbullying laws.
The Chamber challenged these exclusions.
“A national privacy law should be a true national standard, but the bill’s preemptive language excludes fifteen different state laws, including those of California and Illinois,” wrote the group. “This legislation would create a new national patchwork of privacy laws.”
The discussion draft also includes a private right of action, which allows people who believe their rights have been violated to sue companies for the alleged violation. It’s something Democrats have advocated and Republicans have mostly opposed, though Wicker has begun to indicate openness about it in previous hearings. But the private right of action would take four years from the bill’s enactment to become enforceable.
The House argued in the draft letter that it would “encourage abusive class action lawsuits against legitimate businesses compounded by ADPPA’s many subjective standards that would result in massive litigation, costs and fees that the bill would award to plaintiffs’ attorneys.
Notably missing from that proposal was Senate Commerce Committee Chair Maria Cantwell, D-Wash., who released her own privacy proposal with other Senate Democrats. In a statement after the ADPPA was released, Cantwell said, “For American consumers to have meaningful privacy protections, we need strong federal law that isn’t riddled with privacy loopholes. Consumers deserve to be able to protect their rights on day one, not four years later.”
The House previously urged Congress to pass a federal privacy law to prevent a patchwork of state laws. But he said this one didn’t fit the bill.
“Unfortunately, the ADPPA was released less than two months before the August recess, and we believe that such a new, complex and far-reaching bill in business practices in almost every industry like manufacturing, retail, financial services, hospitality and innovation sectors should not be rushed in the last six months of the 117e Congress,” the group wrote. “National data privacy legislation deserves meaningful input from advocates and industry.”
LOOK: The Changing Face of Privacy in Times of Pandemic