US Chamber of commerce facade showing opposition to federal privacy law

US Chamber of Commerce Opposes “Unworkable” Federal Privacy Law Despite Popular Support, Cites Override of State Law and Right to Private Action

Outside of individual tech giants, the US Chamber of Commerce is likely the largest organization standing in opposition to the passage of a federal privacy law. The group has come out against the recently proposed American Data Privacy and Protection Act (ADPPA), citing its priority over individual state law and its guarantee of rights to class action lawsuits as dealbreakers.

This is in spite of both bipartisan and popular support for the bill, which builds on several other prior efforts that date as far back as 2018. In addition to backing from both sides of the political aisle, the ADPPA is supported by consistent polling from Politico and other organizations throughout 2022 that tend to show about 55% to 60% of Americans are ready for a federal privacy law.

US Chamber of Commerce most staunchly opposed to right to private action

The US Chamber of Commerce expressed its objection to the proposed federal privacy law in a letter addressed to a number of political leaders, copies of which were obtained by several news outlets. The original draft of the letter called the ADPPA “unworkable” and insisted that it should “be rejected,” with an updated version of the letter softening the language to “unworkable at this time” and removing the call for a rejection of it.

The key sticking point appears to be the ADPPA’s guarantee of a private right of action, enabling consumers to initiate class action lawsuits based on violations of the law. This right of action is considered “limited” as it takes effect four years after whatever the ADPPA effective date ends up being, and requires individuals bringing a suit to first seek approval from the Federal Trade Commission (FTC) and appropriate state attorney general.

The US Chamber of Commerce clearly wants no private right of action in any federal privacy law that emerges. This is an issue that has been contentious in both other countries and US states, and different localities have come up with different compromises in this area. The European Union paves the way for this under the rules of the General Data Protection Regulation (GDPR) and other related privacy legislation, but the ability to sue also depends on both the circumstances and if a particular nation has passed relevant legislation looping the national court system into the process. In the US, states that have emerged with their own privacy laws vary in whether or not they offer a limited form of this right: California does, Colorado, Virginia and Utah do not.

The US Chamber of Commerce also takes issue with pre-emption of these state laws, some of which differ greatly from the proposed federal privacy law terms. The ADPPA only makes exceptions for certain state laws that are stronger than its currently proposed terms: Illinois’ unique biometric privacy laws, and California’s current CCPA rules regarding data breaches. A statement from the US Chamber of Commerce indicated that it seeks a unifying standard from a federal privacy law, taking exception to the idea of future “carve-outs” such as these as more states bring their own individual privacy laws online.

A statement from the US Chamber of Commerce posits that the private right of action creates an incentive for attorneys to generate cases that may be spurious, and that the overall process is being “rushed” without adequate time for business input.

Latest hurdle in long journey to a federal privacy law

Polling in the past year has shown strong support among Americans for a federal privacy law, and specifically for some of the terms laid out in the ADPPA.

A Politico poll from earlier in the year shows over 55% support among Americans for a strong federal privacy law, and more detailed issue-by-issue polling from Morning Consult in late June backs up this finding. The June poll found that Americans are most interested in a provision banning the sale of personal data to third parties without first obtaining explicit consent, something the ADPPA includes. They also heavily support the bill’s data minimization requirements, protections for minors aged 17 and under, and right to private action. This support is also bipartisan, with both sides of the political aisle almost equally in favor of these measures.

Big tech companies have signaled support for a federal privacy law, but with the understanding that they want a strong hand in shaping its terms. The one exception thus far is Apple, which recently renewed its focus on user privacy (and hardware sales) as the central selling point of its brand by way of new restrictions on targeted advertising. CEO Tim Cook gave his endorsement to the ADPPA, penning a letter to Congress encouraging swift passage of the bill.