A draft bipartisan bill has been introduced to replace current data privacy laws in different U.S.states. Introduced to the house of representatives in early June, the draft requests the implementation of updated federal data privacy and protection regulations. The authors of the American Data Privacy and Protection Act (ADPPA) included representatives Frank Pallone, Cathay McMorris Rodgers, Roger Wicker, Gus Bilirakis, and Jan Schakowsky.
The ADPPA possesses several similarities to the European Union’s General Protection Regulation (GDPR). Despite sharing many provisions with state data privacy and protection laws, the new bill will preempt state privacy laws in the same way the GDPR laws would. The ADPPA pertains to ‘covered data’, which is defined as information that identifies or is linked or reasonably linkable to an individual or a device that identifies or is linked or reasonably linkable to one or more individuals, including derived data and unique identifiers.” Under the new regulations, covered entities are required to minimize the accumulation, processing, and transmission of data. Covered entities are commonly regarded as any entity subject to the Federal Trade Commision, an independent agency who protects U.S consumer rights. For this reason, nonprofits and government entities are exempt from ADPPA requirements.
Healthcare organizations subject to HIPAA law, will be required to comply with ADPPA. However, only in circumstances where the data they maintain is covered by ADPPA laws. The ADPPA would be applicable to any covered data that is not subject to HIPAA regulations, including healthcare data that is utilized by non-HIPAA-covered entities. Covered entities who are non-compliant to ADPPA can face punishment imposed by the FDA and state attorneys general. It is uncertain whether the bill will pass through congress in its current form. The bill will be subject to criticism and will likely receive several changes.