House Republicans Introduce Secure Data Act to Strengthen U.S. Digital Privacy Rights

House Republicans Unveil Secure Data Act to Address U.S. Digital Privacy Gaps

House Republicans introduced the Secure Data Act on Wednesday, marking Congress’ latest attempt to establish comprehensive digital privacy legislation for Americans. The bill seeks to empower consumers with greater control over their personal data while imposing stricter requirements on businesses to ensure transparency and accountability.

Key Provisions of the Secure Data Act

The Secure Data Act includes several provisions designed to protect consumer data:

• Opt-out rights: Consumers can opt out of data collection by individual businesses for purposes such as targeted advertising, selling to third parties, or use in automated decision-making.
• Transparency requirements: Companies must inform consumers when their personal data is collected or used, provide a portable version of that data, and obtain parental consent for data collection involving teenagers.
• Data minimization: Businesses must limit data collection to what is "adequate, relevant, and reasonably necessary," and only for purposes disclosed to consumers in advance.
• Third-party disclosures: Companies must disclose any third parties with whom they share or sell consumer data, including adversarial foreign governments such as Russia and China.
• FTC oversight: The Federal Trade Commission (FTC) would gain greater authority to regulate data brokers, including a new national registry requiring registration and compliance with data minimization, disclosure, and security mandates.

"This bill establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping."

Bill’s Origins and Drafting Process

The Secure Data Act is the result of over 16 months of internal discussions and consensus-building among House Republicans. A working group led by Rep. John Joyce (R-Pa.) and other House Republicans solicited feedback from 170 organizations and received more than 250 public responses to a Request for Information released last year.

However, House Republicans did not involve Democratic members in the drafting process, which observers suggest could complicate efforts to secure bipartisan support. Cobun Zwiefel-Keegan, managing director at the International Association of Privacy Professionals, noted that while the bill’s drafters may challenge Democrats to support it, there are "plenty of ways that people will point to how it’s weaker" compared to existing state-level privacy laws.

Comparison to Existing State Privacy Laws

Zwiefel-Keegan told CyberScoop that, based on the draft and discussions on Capitol Hill, the Secure Data Act most closely resembles privacy laws recently passed in states like Virginia and Kentucky—the home state of Rep. Guthrie. These laws emphasize providing notice and opt-out rights to consumers while tying business compliance to "reasonable" standards of evidence that they acted to protect consumer data.

Additionally, the bill could further empower the FTC and state attorneys general to investigate and sanction bad actors, aligning with broader efforts to strengthen enforcement mechanisms in digital privacy regulation.

Potential Challenges Ahead

The partisan drafting process may pose challenges for the Secure Data Act’s path to becoming law. Without early bipartisan engagement, the bill could face resistance in a divided Congress. However, its introduction reflects growing momentum among Republicans to address digital privacy at the federal level, particularly as state-level laws continue to proliferate.