The following statement can be attributed to Chris Mohr, President, the Software & Information Industry Association (SIIA), regarding the updated draft of the American Privacy Rights Act of 2024 (APRA), released on June 20.
It is critical for Congress to pass comprehensive federal privacy legislation to end the current state privacy patchwork that is harmful to consumers and businesses alike. The latest version of APRA is well-intentioned and contains meaningful provisions. In the updated draft, we were pleased to see positive changes, including:
- Provisions on civil rights and covered algorithms, including the opt-out right for consequential decisions, have been removed.
- The private right of action now includes a 60-day right to cure along with a 60-day deadline for providing notice before seeking actual damages, and a provision to dismiss bad faith actions.
- The draft permits the use of ZIP code-level “coarse geolocation data” for use in contextual advertising, direct mail and email targeted advertising, and data processing for advertising performance measurement.
- Several of the eighteen categories of “sensitive covered data” are overbroad and will lead to restrictions of services that will have a negative impact on consumers without providing meaningful protection to appropriately sensitive data.
- The proposed limitation of “publicly-available information” is at odds with state law, raises First Amendment concerns, and will limit productive uses of data in ways that hurt consumers, businesses, government, the economy, and social services.
- The constructive knowledge standard under COPPA 2.0, which differs from COPPA and raises a host of concerns, including the need to gather substantially more personal information to ensure compliance.
- The expansion of COPPA 2.0 to cover data “from or about” minors rather than data “from” minors.
- Limitations on contextual advertising will limit the support for the creation of high-quality content for children and teens.