Marketers should consider federal privacy bill ADPPA a done deal. What’s next?
Though a number of hurdles remain to passing a federal data privacy law in the US, the country is the closest it’s been in years. It’s time for marketers to be proactive.
/ Adobe Stock
The clock is on when considering the passing of the American Data Privacy and Protection Act (ADPPA). The US House of Representatives is going on break in August and will not return until September, which is critical as it leaves limited time for ironing out any objections to the bill before the midterm elections, and could change the current party split in the House. It is also important that many have this major legislative vote to round out their campaigns as privacy is a popular issue with many voters.
This may be the closest the US has come to signing into law a comprehensive federal privacy regulation that covers most businesses. For marketers, this means the advertising identifier and a user's app history will be subject to consent nationally. It would mark a divergence from the state-level patchwork of regulation that exists today.
Two of the primary hurdles to making ADPPA a bipartisan slam dunk are the need for refinement of arbitration language in the proposed framework, and the issues of allowing states to provide stronger privacy protections than the federal law.
Both issues carry the most weight for California and its privacy legislation; ADPPA would likely restrict the enforcement action of the California Privacy Protection Agency, while also precluding lawmakers’ ability to pass further amendments to the California Consumer Protection Act and The California Privacy Rights and Enforcement Act such as the proposed limitation of sensitive data processing and disclosures required for data minimization.
California policymakers have expressed concerns that ADPPA does not go far enough; Representative Anna Eshoo said that the bill should be the “floor and not the ceiling” of existing state enforcement of regulations. However, the California delegation is large and includes Speaker of the House Nancy Pelosi, who has yet to pledge support. This puts the entire bill in some jeopardy as the partisan dynamics of the House are forecasted to change in November.
Despite the unresolved issues, there is an overwhelming majority of votes in committee to get a federal privacy regulation passed by the House during this legislative term. The California preemption issue — as well as several smaller details that require ironing out — will take a toll on timing. However, bipartisan support — paired with pressure from business leaders and consumers alike — are motivating the House to pass ADPPA during this legislative period, though it may not happen ahead of the August break.
This has been an important area of regulation since March 2017, when the House voted to rescind the Broadband Consumer Privacy law that was passed by the US Federal Communications Commission (FCC) during the Obama administration just months before it was to be enacted. This killed the first opportunity to subject consumers' internet transactions to explicit consent. Outcry from advocacy groups and privacy professionals followed the decision.
Now, the ADPPA is the closest the House has come to renewing this effort. Since the last FCC action was taken by a Democrat-led commission, a partisan vote resulted in a draw and succeeded in killing the initiative. Since ADPPA has bipartisan support and committee votes have not followed typical partisan patterns, the success of the vote in the House — preemption issues aside — could clear the way for the first federal privacy law of its kind.
Since industry leaders like Tim Cook of Apple have issued public statements on the importance of a federal level regulation, and EU’s General Data Protection Regulation has brought privacy issues into mainstream conversations, there has been significant support for a federal privacy framework for the US. Sharp partisan differences aside, privacy is a general concern for most Americans, and the ability for US residents to control the privacy of their internet searches is crucial.
Important sections in the bill fulfill popular Biden initiatives like children’s online protections and the inability to target minors in advertising. Marketers would be wise to be transparent about their privacy policies and messages, regardless of the fate of federal bills in our legislative halls. Having an easily readable privacy policy, a simple, comprehensive way for users to opt-out and a retention plan that explains how data is stored and deleted is paramount in today’s advertising industry.
Data privacy decisions should lie the hands of the user. If the media and advertising industry is simply trying to comply with whatever national or state regulation is passed — and not truly trying to see this issue from the side of users — it has missed the boat.
Kelly Anderson is senior vice-president and head of data privacy and compliance at Emodo.