Understanding the American Data Privacy and Protection Act

On June 3, 2022, a discussion draft of the American Data Privacy and Protection Act (ADPPA) was released, described as “the first comprehensive privacy proposal to gain bipartisan, bicameral support.” The proposed bill would apply to the collection, processing, and transfer of “covered data”, defined as information that identifies or is reasonably linkable to an individual or device by a “covered entity”, defined as any person or entity that is covered under the Federal Trade Commission Act, is a common carrier, or is a non-profit organization.
Consumer data rights would :

  • Require covered entities to minimize and limit data activities
  • Provide individuals with the right to access, correct, delete, and/or obtain a copy of their covered data
  • Require consent to collect, process, or transfer sensitive covered data
  • Afford opt-outs for transfers & targeted advertising

Covered entities will have to respond to individual consumer requests depending on the size of the entity. Entities which qualify as large data holders would also be required to conduct privacy impact assessments.

Action items

1. Keep an eye out for updates on the DPO advisor board

2. Due to the increase in regulations and discussion surrounding this federal regulation, companies should have a privacy program in place to ensure compliance