What is the fate of the “American Data Privacy and Protection Act” (ADPPA) (H.R. 8152) in light of the Speaker of the House’s stance on the bill?
Of course, drafting a national data privacy and protection is a moving target with all the stakeholders inside and outside Congress looking for changes, and so the revised ADPPA package passed out of committee before the August recess will require more changes in order to come to a vote on the House floor. And, it is not news that Speaker Nancy Pelosi (D-CA) has been iffy on any data privacy law that would preempt California’s laws. In 2019, Pelosi said“[w]e in California are not going to say, “You pass a law that weakens what we did in California.”..[t]hat won’t happen.” Now that ADPPA had advanced to the House, Pelosi seems to be demanding that the bill be changed to allow California’s privacy laws to survive, and this change may result in Republicans and industry stakeholders walking away from the bill.
It is obviously not news that the House Energy and Commerce Committee sent ADPPA to the House in late July. However, I have not had the opportunity to write about the revised ADPPA and to point out where and how it differs from the bill the Consumer Protection and Commerce Subcommittee reported to the full committee in late June, but that’s for another post. Right now, instead of the substance of the bill, the political prospects for ADPPA may have suffered a fatal blow.
Pelosi’s refusal to bring ADPPA to the floor without major change has endangered the quid pro quo that gave us the bill. For years, Democrats have resisted preemption of state privacy laws when California had the only data privacy law in the U.S. Republicans and many industry stakeholders demanded one national data privacy standard because they claimed businesses would not be able to navigate many different state privacy laws. However, after extensive negotiation and the passage of weaker state laws, key Congressional stakeholders came to agreement. The bargain they struck would preempt almost all state privacy laws in exchange for one of the strongest data privacy laws that has ever received serious legislative consideration. If Pelosi prevails in rolling back the preemption provisions, Republicans would lose a significant incentive to support the bill, probably leading to the collapse of the effort to pass data privacy legislation in this Congress.
In a statement issued last week, Pelosi asserted that “Governor Newsom, the California Privacy Protection Agency and top state leaders have pointed out the American Data Privacy and Protection Act does not guarantee the same essential consumer protections as California’s existing privacy laws.” It is interesting that Pelosi herself is not making the claims that ADPPA falls short; rather she is quoting Newsom, the CPPA, and state officials. This could give Pelosi the wriggle room she needs to permit the House to pass something short of what California state officials want. Moreover, their claims that ADPPA is weaker than California’s privacy laws, the soon-to-be moot “California Consumer Privacy Act” (AB 375) (CCPA) and soon-to-be operative “California Privacy Rights Act” (Proposition 24) (CPRA), is debatable.