United States of America: Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act) including business registration requirement was introduced to House of Representatives

On 21 April 2026, the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act) was introduced in the House of Representatives. The SECURE Data Act would apply to data brokers, defined as controllers that collect and process personal data of consumers who are not customers, clients, users, readers, or subscribers of the controller and that derive 50 % or more of annual gross revenue from the sale of such personal data. Data brokers would be required to register annually with the Federal Trade Commission no later than 12 months after enactment, paying a reasonable registration fee. Each registration statement would include the data broker's legal name, contact details, a description of each category of personal data sold, a statement on whether a purchaser credentialing process is implemented, a description of any previously reported unauthorised access incidents, and links to the data broker's privacy policy and consumer rights website. The Federal Trade Commission would establish and maintain a publicly searchable central registry of registered data brokers no later than 18 months after enactment. Data brokers would also be required to post a conspicuous public notice identifying themselves as data brokers and informing consumers how to exercise their rights. Section 5 of the SECURE Data Act would take effect one year after enactment.