In the United States, data protection law is implemented at state level, with 19 states currently having corresponding laws in force. However, the American Privacy Rights Act (APRA) currently in draft form, introduced by the House Committee on Energy and Commerce on 7 April 2024, could soon establish nationwide privacy and security standards. APRA, which is still in the proposal stage, will introduce regulations on automated decision-making technologies (such as AI) and impose additional rules on ‘large data holders’ and ‘data brokers’. The Privacy Bill would come into force 180 days after it is passed.
What does this mean for businesses? Businesses may welcome a uniform regulation applied across all states, potentially simplifying internal compliance processes. However, this will also require assessing and possibly adjusting current business practices in relation to data privacy. The scope of enforcement and definitions of personal information under APRA may differ from current state laws, requiring careful review and adaptation.
As we continue to monitor the progress of this law, stay tuned for further updates on the American Privacy Rights Act and its potential implications for your business.