Digital Policy Alert logo

United States of America: Announced American Data Privacy and Protection Act discussion draft including data protection measures

Go to policy change overview
Share

Compare with different regulatory event:

Description

Announced American Data Privacy and Protection Act discussion draft including data protection measures

On 3 June 2022, bipartisan members of the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science, and Transportation released a discussion draft of the American Data Privacy and Protection Act, a data privacy and security framework with bipartisan legislative support. The draft contains extensive rules on data protection. It begins by laying out basic definitions, such as 'covered entities', 'covered data', and 'sensitive covered data'. It prohibits unnecessary data collection and restricts certain harmful data practices. Further, covered entities are required to implement data collection, processing, and transfer policies that take privacy risks into account, and to provide information about these policies to individuals in a transparent manner. The draft also gives individuals rights to access, correct, delete, and portability of their data, as well as a right to being provided with a means to consent or object to new uses of their data. Stricter data protection rules apply to children and minors, including prohibitions on targeted advertising to individuals under the age of 17. Additionally, the Act prohibits covered entities from collecting, processing, or transferring data in a way which discriminates or makes the equal enjoyment of goods or services unavailable on the basis of race, colour, religion, national origin, gender, sexual orientation, or disability. The prohibition does not apply where data is processed for the purpose of diversifying an applicant, participant, or consumer pool. Finally, the draft specifies that it will preempt the States privacy laws with the exemption of the ones regulating facial recognition technologies, electronic surveillance, wiretapping, health information or the laws that govern the privacy rights of employees and students.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2022-06-03
under deliberation

On 3 June 2022, bipartisan members of the House Committee on Energy and Commerce and the Senate Com…

2022-06-21
under deliberation

On 21 June 2022, the American Data Privacy and Protection Act is introduced in the United States Ho…

2023-01-03
rejected

On 3 January 2023, the American Data Privacy and Protection Act was rejected after failing to pass …

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All
2
Type Private organisation
Economic activity online advertising provider
Category All
3
Type Private organisation
Economic activity cross-cutting
Category All
4
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data: biometric: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: biometric: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: biometric: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: biometric: transfer (any destination)
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data (all forms): data collection
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data (all forms): storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data (all forms): data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data (all forms): transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: genetic: data collection
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: genetic: storage (any form)
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: genetic: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: genetic: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: identity: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: identity: storage (any form)
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: identity: data processing
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: identity: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: health: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: health: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: health: data processing
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: health: transfer (any destination)
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: content of private communications: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: content of private communications: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: content of private communications: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: content of private communications: transfer (any destination)
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: ethnicity: data collection
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: ethnicity: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: ethnicity: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: ethnicity: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: financial or credit information: data collection
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: financial or credit information: storage (any form)
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: financial or credit information: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: financial or credit information: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: location: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: location: storage (any form)
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: location: data processing
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: location: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: religious beliefs: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: religious beliefs: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: religious beliefs: data processing
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: religious beliefs: transfer (any destination)
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: sexual orientation: data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: sexual orientation: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: sexual orientation: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: sexual orientation: transfer (any destination)
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: web browsing history: data collection
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: web browsing history: storage (any form)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: web browsing history: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
consumer data: web browsing history: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: information pertaining to minors: data collection
Regulatory tool
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: information pertaining to minors: storage (any form)
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: information pertaining to minors: data processing
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data: information pertaining to minors: transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Privacy by default obligation
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data (all forms): data collection
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Privacy by default obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data (all forms): storage (any form)
Regulatory tool
Other data governance tool
Privacy by default obligation
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data (all forms): data processing
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1 2
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
personal data (all forms): transfer (any destination)
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Privacy by default obligation
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
advertisement: behavioural targeting: operate
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Data minimisation obligation
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4
algorithm (any type): operate
Regulatory tool
User right to withdraw consent
Purpose/processing limitation
User consent: Opt-in requirement
TBR - Prohibition
Other data governance tool
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Civil penalty
Regulated subjects
1 2 3 4

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data: biometric: data collection

personal data: biometric: storage (any form)

personal data: biometric: data processing

personal data: biometric: transfer (any destination)

consumer data (all forms): data collection

consumer data (all forms): storage (any form)

consumer data (all forms): data processing

consumer data (all forms): transfer (any destination)

personal data: genetic: data collection

personal data: genetic: storage (any form)

personal data: genetic: data processing

personal data: genetic: transfer (any destination)

personal data: identity: data collection

personal data: identity: storage (any form)

personal data: identity: data processing

personal data: identity: transfer (any destination)

personal data: health: data collection

personal data: health: storage (any form)

personal data: health: data processing

personal data: health: transfer (any destination)

consumer data: content of private communications: data collection

consumer data: content of private communications: storage (any form)

consumer data: content of private communications: data processing

consumer data: content of private communications: transfer (any destination)

personal data: ethnicity: data collection

personal data: ethnicity: storage (any form)

personal data: ethnicity: data processing

personal data: ethnicity: transfer (any destination)

personal data: financial or credit information: data collection

personal data: financial or credit information: storage (any form)

personal data: financial or credit information: data processing

personal data: financial or credit information: transfer (any destination)

consumer data: location: data collection

consumer data: location: storage (any form)

consumer data: location: data processing

consumer data: location: transfer (any destination)

personal data: religious beliefs: data collection

personal data: religious beliefs: storage (any form)

personal data: religious beliefs: data processing

personal data: religious beliefs: transfer (any destination)

personal data: sexual orientation: data collection

personal data: sexual orientation: storage (any form)

personal data: sexual orientation: data processing

personal data: sexual orientation: transfer (any destination)

consumer data: web browsing history: data collection

consumer data: web browsing history: storage (any form)

consumer data: web browsing history: data processing

consumer data: web browsing history: transfer (any destination)

personal data: information pertaining to minors: data collection

personal data: information pertaining to minors: storage (any form)

personal data: information pertaining to minors: data processing

personal data: information pertaining to minors: transfer (any destination)

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): data processing

personal data (all forms): transfer (any destination)

advertisement: behavioural targeting: operate

algorithm (any type): operate