USA: Bill for the American Data Privacy and Protection Act introduced to House of Representatives
House Resolution ('HR') 8152 for the American Data Privacy and Protection Act was introduced, on 21 June 2022, to the U.S. House of Representatives, with some differences from the discussion draft for a bipartisan federal privacy bill submitted to the House of Representatives. In particular, HR 8152 would apply to a covered entity which is defined as:
- any entity or person, other than an individual acting in a non-commercial context, that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data and is subject to the Federal Trade Commission Act;
- is a common carrier subject to the Communications Act of 1934;
- is an organisation not organised to carry business for their own profit or that of their members; and
- includes any entity or person that controls or is controlled by another covered entity.
Additionally, HR 8152 would, among other things:
- require covered entities and service providers to establish, implement, and maintain reasonable policies, practices, and procedures regarding the collection, processing, and transfer of covered data;
- require a covered entity to provide an individual with a means to withdraw any consent that is as easy to execute as the means to provide consent, with respect to the processing or transfer of the covered data of the individual;
- provide for data subject rights, such as access, deletion, correction, and the right to export covered data of the individual, as well as the right to opt-out of targeted advertising;
- prohibit targeted advertising to children and minors under the age of 17; and
- require that a covered entity or service provider that knowingly develops an algorithm, solely or in part, to collect, process, or transfer covered data or publicly available information to, before deploying the algorithm in interstate commerce, evaluate the design, structure, and inputs of the algorithm, including any training data used to develop the algorithm, to reduce the risk of the potential harms identified.