By Ben Zeisloft, THE DAILY WIRE
September 9, 2022
The American Data Privacy and Protection Act, a key piece of federal online privacy legislation, appears to have a carveout for organizations gathering data for the government.
The legislation would adopt a “data minimization” approach toward collection of user information such that only the data points “reasonably necessary and proportionate” to specific applications — including user authentication, fraud prevention, and transaction execution — are procured. The bill overwhelmingly advanced out of the House Energy and Commerce Committee at the end of July.
Although a bipartisan group of lawmakers claimed in a statement that the bill “puts people back in control of their online data,” the current version exempts government agencies — as well as any “person” or “entity” involved with “collecting, processing, or transferring” relevant data on behalf of a government agency — from its definition of a “covered entity.”
Indeed, progressive nonprofit Consumer Watchdog provided The Daily Wire with a letter sent to House Speaker Nancy Pelosi (D-CA) noting that the American Data Privacy and Protection Act is weaker than the California Consumer Privacy Act and could supersede the existing law.
“A major loophole in the ADPPA allows companies who contract with government entities for data collection to avoid its protections,” the group’s letter explained. “In contrast, under California law, companies that contract with the government are covered businesses that must comply with the law. Sensitive personal information residents choose to protect from companies and the government under the CCPA would be exposed under the ADPPA. That means unfettered access by governments to mass data collection by tech companies like Google.”
In one recent example, Amazon smart doorbell company Ring said in a letter to Sen. Ed Markey (D-MA) that the firm had provided law enforcement with videos from user devices in emergency situations nearly one dozen times since the beginning of 2022. Ring explained that it had made a “good-faith determination that there was an imminent danger of death or serious physical injury” to parties needing information on short notice.
“Once data gets into other hands, it goes everywhere and is hard to track,” the letter from Consumer Watchdog added. “Purchasing data is one way governments circumvent the constitutional protections that require them to seek judicial approval through warrants before they violate our Fourth Amendment rights against unreasonable searches. But, under California’s law, any resident who exercised their opt-out choice is protected from a government’s extra-judicial purchase of their private information. ADPPA would overturn that protection.”
According to a report from the Los Angeles Times, Pelosi has committed to ensuring that the Golden State “continues offering and enforcing the nation’s strongest privacy rights” and will work with Rep. Frank Pallone (D-NJ), a sponsor of the legislation, to address concerns.
While the American Data Privacy and Protection Act does not entirely ban online targeted advertising — which is often the impetus behind sites’ collection of user data — it bans such advertising directed toward children or based upon “sensitive covered data,” including health information and precise geolocation. President Joe Biden called for a similar law in his most recent State of the Union address.
“It’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children,” he said.