On April 7, U.S. House Committee on Energy and Commerce Chair Cathy McMorris Rodgers and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell unveiled the draft for the American Privacy Rights Act of 2024. The Act is a comprehensive legislative proposal designed to enhance privacy protections for individuals and regulate the collection, use, and sharing of covered data by entities. This Act introduces various provisions aimed at safeguarding personal information, granting individuals greater control over their data, and establishing mechanisms for enforcement and accountability.
One of the key aspects of the Act is the definition of covered data, which includes a wide range of personal information such as biometric and genetic data, online identifiers, and geolocation data. By encompassing a broad scope of data types, the Act seeks to address the evolving landscape of data privacy concerns in the digital age.
The Act emphasizes the importance of transparency and accountability by requiring entities to provide clear and accessible privacy policies to individuals. These policies must outline the types of data collected, the purposes for which it is used, and the rights individuals have regarding their data. Additionally, entities are mandated to maintain a log of any material changes to their privacy policies over a specified period, ensuring that individuals are informed about updates that may impact their privacy rights.
To empower individuals with greater control over their data, the Act includes provisions for on-device data rights. Individuals have the right to access, correct, delete, and port their data when it is stored exclusively on their devices and can exercise these rights through user-friendly controls. This focus on on-device data rights reflects a commitment to enhancing user autonomy and data sovereignty in the digital ecosystem.
In cases where violations of the Act occur, individuals are granted the right to seek legal recourse through civil actions. If a plaintiff prevails in such actions, the court may award various forms of relief, including actual damages, injunctive relief, declaratory relief, and reimbursement of attorney’s fees and litigation costs. Moreover, specific provisions address violations related to biometric and genetic information, with potential remedies aligned with existing state statutes to ensure consistency and fairness in enforcement.
The Act also places obligations on entities designated as large data holders to report certain metrics annually. These reporting requirements aim to enhance transparency around data practices and promote accountability among entities that handle significant volumes of personal information. By mandating the disclosure of key metrics, the Act seeks to foster a culture of data stewardship and responsible data management practices.
Furthermore, the Act establishes a framework for collaboration between covered entities and the Commission to promote the adoption of privacy-enhancing technologies. By facilitating communication and coordination in this area, the Act aims to drive innovation and improve data protection measures across various sectors. A study conducted by the Comptroller General will assess the impact of these efforts and provide recommendations for enhancing privacy practices through technological advancements.
In terms of enforcement, the Act empowers the Commission to transmit information to executive agencies regarding potential violations of federal civil rights laws. This mechanism aims to strengthen compliance with existing legal frameworks and ensure that privacy rights are upheld in alignment with broader civil rights protections. Additionally, the Commission is tasked with submitting annual reports to Congress, detailing the types of information transmitted and how it relates to federal civil rights laws, thereby promoting transparency and accountability in enforcement efforts. So far, the bill has not been introduced.
If you have questions or concerns about how to navigate the U.S. and global AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.