Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: CRS publishes summary of APRA and potential legal challenges

On May 31, 2024, the U.S. Congressional Research Service (CRS) published a summary of the American Privacy Rights Act (APRA).

What is the legislative history of the APRA?

In particular, the CRS provided that the APRA was introduced on April 7, 2024, incorporating elements of the American Data Privacy and Protection Act (ADPPA). The CRS noted that updates by the House Energy and Commerce Committee to the APRA, which includes a new Title II, amending the Children's Online Privacy Protection Act of 1998 (COPPA). Other amendments include creating a centralized mechanism for individuals to request that data brokers delete their personal information and prohibiting covered entities from targeting advertisements to children under the age of 17 years.

The CRS summary outlines how the amended APRA differs from the original draft introduced on April 7, 2024, how the APRA would amend COPPA, and how the language compares with previous bills that sought to amend COPPA. For example, the CRS summary notes that the APRA would amend COPPA to include a ban on transferring sensitive covered data, which includes information about a covered minor, without affirmative express consent, and a prohibition on targeted advertising to minors. The APRA would also amend COPPA to include data minimization requirements, though such requirements differ from previous legislative attempts to amend COPPA.

What are the future challenges to the APRA?

The CRS summary provides that although the APRA has garnered bipartisan support, issues remain surrounding the private right of action and whether the APRA should pre-empt state privacy laws. For instance, the CRS summary details that the California Privacy Protection Agency (CPPA) was critical of the APRA for pre-empting state privacy laws and that the APRA should set a 'floor' for privacy rights rather than a 'ceiling.' The U.S. Chamber of Commerce has also criticized the APRA for taking too narrow an approach to pre-emption. Finally, the CRS summary suggests that the expansive reach of the APRA's savings clauses may give rise to litigation seeking to clarify whether various state privacy laws qualify as one of the categories of statutes exempt from pre-emption.

You can read the CRS summary, only available to download, here.