The American Privacy Rights Act stands to be America's GDPR

A new US Senate draft proposal could lead to national privacy protection laws.

A sign that says privacy please: Will America get a GDPR-like law?

In the US, there is currently a draft proposal for a new federal level privacy law known as the American Privacy Rights Act. In its current form, the law would greatly boost the privacy of millions of Americans and people around the world. By reigning in Big Tech and limiting the data broker industry, the American Privacy Rights Act (APRA) is a first step in the right direction.


What is the American Privacy Rights Act?

Earlier this month, Washington Senator Maria Cantwell and Representative Cathy McMorris Rodgers introduced the first initial draft of the American Privacy Rights Act (APRA). The bill is a step towards introducing a general data privacy law which would supersede those introduced by individual States.

This would be the first major push towards instituting a legal right to privacy in the United States of America.

The initial draft, available here, would be a great step in the right direction with Rep. McMorris Rodgers stating:

“It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”

Official Title and Summary of the proposed American Privacy Rights Act

As currently written APRA would give the FTC, State Attorneys General, and even private citizens the ability to pursue legal action against those who violate the new privacy rights act. Beyond giving the average Joe the ability to fight back against invasive data collection, APRA would also require the FTC to maintain a registry of data brokers. This legislation would require data brokers to identify themselves, link to their entry in the FTC registry, and create tools for individuals to opt-out of having their data collected. This is a great step forward in fighting back against sketchy “people search” websites which gather and distribute information that can be used for harassment and stalking.

The proposed law has since gained further positive discussion and privacy experts are cautiously optimistic. A summary statement of their proposal draft is available for public review here.

Current Status of American Privacy Law

In contrast to Europe and Germany with its excellent data protection laws, the United States does not have a singular piece of legislation which protects US citizen’s right to privacy or their online data at present. There is an older piece of legislation, the Privacy Act of 1974 , which regulates the privacy rights and data protection for data stored by various federal government organizations, but these do not extend to private companies like Facebook or Google that collect vast amounts of personal data to post targeted advertisements.

In place of a federal law protecting the privacy of American’s, many individual states have created their own forms of privacy regulations which seek to protect the online privacy of their residents, but the enforceable scope of these laws is limited.

The most famous and widest in scope is the California Consumer Privacy Act (CCPA) of 2018 and its extension the California Privacy Rights Act (CPRA) of 2020. These laws allow residents of California the right to know: what kinds of data is collected about them, if that data is sold, the option to opt-out of the sale of personal data, and the ability to request that businesses purge any data related to that person in a timely manner.

Other states have created similar laws, but they are generally more limited with many only protecting medical information or Social Security numbers.

Why the APRA is a major move in the right direction

Federal privacy legislation has been an on-going battle. Proposals are made and are quickly squashed due to partisan politics. The current proposal is unique in that it is currently being warmly received by both major political parties. Should it become law, ALL 50 US states will receive data protections beyond those of today. This legislation would also, pending that there are no changes, reign in the massive data broker industry. The new law will make it easier for American’s to have their data removed from these huge data sets.

By requiring companies to adopt an “opt-in” form of consent to data collection, we are crossing our fingers that the internet moves towards a more privacy oriented default. This kind of data protection law is what we need. It offers actual online privacy in place of the continued push for breaking encryption, expanding surveillance powers, or the censorship of information.

But it ain’t all flowers

Despite the current APRA proposal being a move in the right direction, there are still some concerns raised by privacy groups like the Electronic Frontier Foundation (EFF).

The EFF expresses concerns related to the relationship between APRA and state laws which may come into conflict. They are calling for law makers to set APRA as a nation-wide minimum privacy standard and allow states to expand upon these new regulations as they see fit.

The biggest flaw found in the current legislation is that there remain open loopholes which can be used by data brokers to sell personal information to the federal government.

Hopefully, with enough pressure from privacy activists and voters like you, we can push for a better privacy law that will set a high standard moving forward.

Impact outside the United States

Just as non-EU residents can take advantage of the GDPR by using services which are owned and operated in the EU, so to will these new laws impact the privacy of non-US residents. This will have a major impact on global privacy as the leading Big Tech companies like Google, Apple, Amazon, and Meta are all based in the United States.

Rep. McMorris Rodgers acknowledges that the voters want better privacy laws, “Americans overwhelmingly want these rights and they are looking to us, their elected representatives, to act.”

We can’t count a win yet, but we can still keep our fingers crossed that this legislation will proceed from its current draft form to acceptable legislation that improves the privacy of everyone.

Privacy for the win

At Tuta we celebrate this outlook for a better privacy legislation in the United States. Whenever people around the world get better privacy protections, we feel like the internet is turning into a slightly better place.

Our mission is to fight mass surveillance and extensive data abuse by tech services with technology: By building a secure email and calendar service that encrypts as much data as possible end-to-end, we make sure that no one can abuse your data.

Don’t wait for US politicians to change things for you. Join the privacy revolution now and sign up for a free encrypted email account!