Federal Data Privacy: Current Law, Gaps, and Legislative Proposals
This report examines the current patchwork of federal data privacy laws, including sector-specific statutes such as HIPAA for health information, COPPA for children's online data, and GLBA for financial data. It identifies gaps in the existing framework and discusses the absence of a comprehensive federal privacy law.
The report analyzes state privacy legislation, including the California Consumer Privacy Act (CCPA) and similar laws enacted in other states, and discusses how the lack of federal preemption creates compliance challenges for businesses operating nationwide.
Congressional considerations include proposals for comprehensive federal privacy legislation such as the American Data Privacy and Protection Act (ADPPA), debates over a private right of action, FTC enforcement authority, data minimization requirements, and the treatment of sensitive categories of data including biometric and geolocation information.
Note: This is a summary of a Congressional Research Service report. CRS reports are prepared for Members of Congress and their staffs. This summary is provided for informational purposes and does not constitute legal advice.