A US federal privacy law? The draft American Privacy Rights Act

Robyn Mohr, Chanda Marlowe and Teodoro Shelby of Loeb & Loeb LLP assess the proposal and its chances of success.

With 15 states passing their own consumer privacy laws, federal lawmakers unveiled, on 7 April, a new privacy discussion draft, the American Privacy Rights Act (APRA). This federal proposal was brokered by Washington Sen. Maria Cantwell (the Democratic chair of the Senate Committee on Commerce, Science and Transportation) and Washington Rep. Cathy McMorris Rodgers (the Republican leading the House Committee on Energy and Commerce).

The fact that Senate Democrats and House Republicans were able to reach any kind of agreement is noteworthy. Over the years, the parties have constantly and consistently disagreed on a handful of key issues, federal preemption and a private right of action being chief among them. In the spirit of compromise, APRA provides for federal preemption (meaning, the bill would supersede similar state laws); however, APRA would not preempt state laws based on consumer protection, civil rights, employee privacy, student privacy, data breach notification, public records and medical records (among others). APRA would still allow much of the privacy-related litigation we are seeing, however, as laws regarding electronic surveillance and wiretapping, cyberstalking and blackmail, and unsolicited email and phone laws would remain intact. APRA proposes a somewhat complicated private right of action, where consumers could seek actual damages for certain substantial privacy harms. And with respect to litigation, more broadly, APRA would prohibit or otherwise invalidate arbitration provisions for privacy violations of a minor (a child under the age of 17), as well as claims alleging a substantial privacy harm.

Continue Reading

International Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.