![24th Apr: On Your Lap (2025), 1hr 43m [TV-14] (6/10)](https://occ-0-1081-999.1.nflxso.net/dnm/api/v6/0Qzqdxw-HG1AiOKLWWPsFOUDA2E/AAAABZI9mksuUy-g4o4WxWbwdZWqxycwneaYOBbq3V4hyl-qYZySwv0hqI6xdI58ti4EvnGxmtDQH_ueEU1KPr185sscBBFifSnZWoOKw3tCwbCQzd9_dWalxRc2dnWafv6-HPHxhkoaN4lUujVHjO4DnN4pMzWVbfguIvretNCDsdwem-w-byQ.jpg?r=079 "24th Apr: On Your Lap (2025), 1hr 43m [TV-14] (6/10)")
Congress is once again attempting to pass a national data privacy law. But while it would introduce new protections in some states, it would weaken privacy rights in others — and it’s missing several elements that privacy advocates deem necessary.
The SECURE Data Act is the product of a Republican data privacy working group led by Rep. John Joyce (R-PA), who introduced the bill alongside House Energy and Commerce Committee Chair Brett Guthrie (R-KY). The proposal would require companies to collect only the user data they really need to perform the tasks they promise, let users see what information websites have on them and request its deletion, and require explicit opt in for collecting sensitive data like location or sexual orientation.
The Federal Trade Commission and state attorneys general would be able to bring legal action against companies accused of violating the law. A separate bill, the GUARD Financial Data Act, deals specifically with consumer financial data.
This is the latest attempt in a years-long effort to pass federal privacy protections for digital consumers, after several prior iterations failed to get key congressional leaders on board. In 2024, a planned meeting to discuss the last major bipartisan privacy proposal was abruptly cancelled as the bill reportedly faced opposition from House Republican leadership. In a joint statement, Guthrie and Joyce said the working group aimed to “reset the discussion on comprehensive data privacy.”
The SECURE Data Act would provide some new protections for many Americans. Only about 20 states so far have comprehensive data privacy laws, and many of these have received poor grades from outside advocates.The SECURE Data Act would also create additional protections for data on teens aged 13 to 15, requiring parents’ consent to process their information.
But the bill does not let individuals sue over alleged privacy violations. It doesn’t require sites to recognize universal opt-out mechanisms, so users would need to proactively and continually limit collection. It also exempts pseudonymous data from certain protections, which some groups warn would create a loophole for targeted ads.
Moreover, the bill seeks to preempt state laws that already offer equal or stronger protections — like California’s, which created a new privacy agency and lets consumers take legal action against companies for certain data breaches, or Maryland’s, which bans the sale of sensitive data and serving targeted ads to teens under 18. The Future of Privacy Forum (FPF), whose members include tech platforms but says its work is independent of individual stakeholders, writes that the bill “selects particular narrow approaches used by only a handful of states.”
FPF (which neither supports nor opposes the bill) says while the proposal goes beyond some of the narrowest state laws, it’s “consistently narrower and less prescriptive” than California’s privacy requirements. Some definitions in the bill are also more limited than in many state laws, the group writes, such as that for “biometric data,” which doesn’t include data from audio or video recordings.
Oregon, Delaware, Maryland, and Minnesota let consumers request the identity of third-party recipients of their personal information, according to FPF, and in Minnesota and Connecticut, users can “contest certain adverse profiling decisions” — all of which would also likely be preempted.
It’s “basically a green light for the tech industry to keep collecting whatever data they want from you”
The Electronic Privacy Information Center (EPIC), which closely watches privacy law, has opposed the plan. “This bill would wipe out a huge range of privacy, security, online safety, and civil rights laws without providing any meaningful protections for Americans,” EPIC deputy director and policy director Caitriona Fitzgerald says in a statement. “A weak federal standard is worse than no standard at all.”
R.J. Cross, director of the Public Interest Research Group (PIRG) Our Online Life Program, calls it “basically a green light for the tech industry to keep collecting whatever data they want from you and doing whatever they want with it. Then it makes sure that no pesky state that may want to, you know, actually regulate what companies are doing can get in the way.” Eric Null, director of the Center for Democracy and Technology’s privacy and data project, warns it “would cement the harmful online data practices that Americans need and want a privacy law to fix, resulting in more data breaches, more intrusive data collection, more creepy advertising practices, and more business for data brokers.” (The group receives funding from several large tech platforms but says its supporters don’t have influence over its priorities.)
Conversely, business groups have lauded the law, including its preemption element. “The cost and complexity of tracking and complying with more than 20 state privacy laws are crippling small businesses, and some states’ radical data restrictions are jeopardizing the digital tools that power small business growth,” said Rob Retzlaff, executive director of the Connected Commerce Council, which advocates for small businesses but has also received funding from large tech platforms like Amazon and Google. Several major industry groups including the US Chamber of Commerce, the National Retail Federation, and NetChoice, voiced their support. “The bill would end a confusing patchwork that harms consumers and small businesses,” they said in a joint statement.
“The bill would end a confusing patchwork that harms consumers and small businesses”
Democrats have historically opposed broad preemption of state privacy laws and supported a private right of action, and none are currently on board with the measure. Its sponsors are hoping to recruit them later, after the plan has passed out of the committee on a party line vote, according to CNBC. FPF says that many things left out of the bill “are likely intended to create a margin for negotiations” at that point.
If the bill passes, FPF says that states would likely fight for their statutes to remain, arguing that their standards don’t directly “relate to” the federal standard and should stand alone. California’s privacy law, for example, “may be more difficult to fully preempt because it covers employee data, B2B data, and applicant data—categories the federal bill exempts,” FPF says.
With midterm elections looming, the bill faces a tricky path forward. On paper, a federal privacy law is a significant and necessary step — but many fear this bill won’t go the distance.
