The American Data and Privacy Protection Act (ADPPA) will give users more control over their data, which has long been largely used by technology companies without consent.
The bill has already passed the U.S. House of Representatives Committee on Energy and Commerce by a 53-2 vote on July 20, 2022, but has yet to pass the full House and Senate.
ADPPA will not apply to government entities, but to “covered” entities, which are essentially companies that collect, process or transfer data, including non-profit organizations and sole proprietors.
Under ADPPA, data covered and protected includes biometric data, generic data and geolocation information, with the exception of data categories such as misidentified data, employee data and publicly available information, and social media accounts with publicly available privacy settings.
ADPPA reduces data collection to a minimum, as it only allows the companies concerned to collect, use or disclose a person’s data if it is reasonably necessary and proportionate to a product or service that the person requests.
It enables the collection for authentication, security incidents, prevention of illegal activities or serious personal injury and compliance with legal obligations.
The ADPPA will address the issue of service-based consent and prevent companies from using contract law to circumvent the law’s protections.
The sources for this piece include an article in TechXplore.