June 27, 2024, 8:05 p.m.
A behind-the-scenes spat has temporarily shelved data-privacy legislation.
The House Energy and Commerce Committee, at the last minute, canceled the markup of a comprehensive data-privacy bill after the committee’s chair clashed with House Republican leadership on details of the bipartisan bill.
The American Privacy Rights Act was the result of negotiations between House Energy and Commerce Chair Cathy McMorris Rodgers and Senate Commerce Chair Maria Cantwell, and it seemed to mark a high-water point for legislation addressing the complex issue.
But House Speaker Mike Johnson and Majority Leader Steve Scalise opposed the bill’s private-right-of-action provisions and carve-out for a handful of state data-privacy laws, Punchbowl News reported.
Preemption of state bills and private right of action have long been a point of contention for federal legislation, with Democrats generally favoring no preemption and a strong private right of action and Republicans generally supporting complete preemption and no private right of action.
While the compromise in this bill was enough to get the support of Cantwell, McMorris Rodgers, and House Energy and Commerce ranking member Frank Pallone, that compromise may have ultimately doomed the bill.
The legislation preempted all state data-privacy laws, except for a handful of specified statutes.
“What we currently have today is any state can do whatever the heck it wants at all times,” said Carl Szabo, the vice president and general counsel of NetChoice, a tech-backed advocacy group. “This fracturing of the United States into 50 different fiefdoms when it comes to data privacy, data collection, and data use isn't good for Americans. We are a highly mobile nation, and somebody today going from Connecticut to New York to New Jersey will be subjected to three different privacy laws.”
The bill leaves intact the Illinois Biometric Information Privacy Act, which has a strong private right of action for violations—a particular sore point for the tech industry.
“That piece of legislation is one of the greatest wealth transfers from private businesses to plaintiffs' attorneys we've had in quite some time,” Szabo said.
However, civil liberties groups have long advocated for federal laws to act as a data-privacy floor that would allow states to enact stricter or more comprehensive laws.
“There's no reason to not have enforcers in every state,” said Lee Tien, the senior staff attorney for the Electronic Frontier Foundation, arguing that there are “innovations that are happening at the state level, and where there's opportunities to legislate for the people, to actually try things.”
Tien said the industry can change practices much more quickly than Capitol Hill can act, making it important for states to have the ability to pass their own regulations in the future when new problems arise.
But Szabo also argued against the private-right-of-action provisions within the bill, which allow individuals to sue companies for violations, saying they would simply drown companies in frivolous lawsuits. These provisions, he said, would make trial lawyers rich but not actually improve the data-safety standards in the country.
While the bill does allow individuals to sue companies, they would have to jump through hoops to do so. Thirty days prior to filing any lawsuit, an individual would have to provide written notice to the company with their complaint and specific parts of the bill they feel the company violated, according to the bill's language.
If the company then fixes the alleged violation going forward, the individual would lose any chance of “injunctive relief.”
“It's a terrible idea for a private right of action,” Tien said. “This is like a free bite at the apple in terms of the private right of action.”
While both civil liberties groups and industry organizations came out against the APRA in droves, the ultimate death knell for the bill came from House Republican leadership.
On Wednesday night, Johnson and Scalise had a call with Republican members of the Energy and Commerce Committee to air their grievances with the bill, Punchbowl News reported.
Scalise told the members that he had tried to work with McMorris Rodgers for months to address his objections to the bill, but that he had been rebuffed repeatedly.
As late as Thursday morning, McMorris Rodgers had plans to continue with the markup despite the objections from Scalise and Johnson. But she canceled the meeting just minutes before its scheduled start.
“Everyone knows someone who has suffered because of the current state of the online ecosystem. It is happening with alarming frequency, especially to our children,” McMorris Rodgers said in a statement. "The American people are exhausted, anxious, and losing hope with the status quo. At its core, the massive commercial surveillance of data is fueling the problem.”
Though the statement did not mention the fight with Scalise or even the canceled markup, an Energy and Commerce Committee staffer told reporters they “could think about it as a statement on the cancellation.”
Pallone minced few words with his own statement about the cancellation.
“It’s outrageous that Republican Leadership would interfere with the Committee’s bipartisan regular order process. I commend Chair Rodgers for her dedication to giving Americans back control of their data,” Pallone said. “I’m committed to continuing to work with Chair Rodgers—we’re not giving up. The Energy and Commerce Committee is the only Committee that has had the willingness to take on Big Tech on behalf of the American people.”
Last year, Pallone and McMorris Rodgers were cosponsors of the American Data Privacy and Protection Act, which was killed when then-Speaker Nancy Pelosi wrote a Dear Colleague letter condemning that bill’s attempt to compromise on preemption.
While McMorris Rodgers maintained that this will not be the end of APRA, she did not give a timeline on when it will be taken up again.
“We're going to regroup, and we're going to make sure that Congress acts to protect American privacy rights, especially for our kids,” she told reporters.
