WASHINGTON—Bipartisan legislation to give Americans more control over their online data moved forward in Congress on Wednesday, even as new objections to the bill emerged from California and other states.

The House Energy and Commerce Committee voted 53-2 to approve the American Data Privacy and Protection Act, with backers calling it a milestone.

The legislation, which must still be approved by the full House and the Senate, would put sweeping new limits on how businesses—especially large technology companies—can collect and use consumers’ data.

“We are one step closer than Congress has ever come to establish national privacy and data security protections,” said Rep. Cathy McMorris Rodgers (R., Wash.).

The legislation would put new limits on how businesses, especially large technology companies, can collect and use consumers’ data.

There are still disputes over the particulars, however, and this week a group of state attorneys general raised concerns that the bill could pre-empt tougher privacy standards adopted at the state level. They also said it could preclude protections states might adopt in the future as technology evolves.

“It is critical that Congress set a federal privacy-protection floor, rather than a ceiling, to continue to allow the states to innovate to regulate data privacy and protect our residents,” said a letter to lawmakers Tuesday from the attorneys general of California, New York, Illinois, Massachusetts and six other states.

California Gov.

Gavin Newsom

and other state leaders wrote similar letters to lawmakers this week, and their concerns were echoed by several members of the powerful California congressional delegation at Wednesday’s committee vote.

“I’m concerned that the bill before us would threaten California’s privacy rights and protections,” said Rep.

Anna Eshoo

(D., Calif.).

Some lawmakers made it clear they were voting in favor of the bill but might oppose it when it reaches the House floor.

“Without additional change it does not have my support on the floor,” said Rep.

Doris Matsui

(D., Calif.).

Sponsors of the legislation said they already have taken steps to ensure that existing state privacy protections and authority are preserved—for example, giving state data-privacy agencies authority to enforce the proposed federal law.

The legislation will “ensure that states are allowed to legislate on matters touching privacy,” the committee’s chairman, Rep. Frank Pallone Jr. (D., N.J.), said.

Democratic Rep. Anna Eshoo of California said she was concerned the bill ‘would threaten California’s privacy rights and protections.’



Photo:

greg nash/pool/Shutterstock

Under the bill, big tech companies would be limited to collecting, processing and transferring only the data that is reasonably necessary to provide their services.

Individuals would have the right to access, correct, delete and export data covered by the legislation. And for some sensitive categories of data, such as geolocation data or biometric information, the bill would prohibit transfer or restrict it to very limited circumstances.

Individuals could opt out of targeted advertising, as well as the transfer of any covered data to a third party.

The legislation also includes antidiscrimination protections and requires large data holders, such as online advertising companies, to try to limit harms that might arise when algorithms process data to make decisions.

For children, the bill would prohibit targeted advertising aimed at users under the age of 17, and all data related to individuals under 17 would be considered sensitive and subject to tougher restrictions. The latest version of the bill would also make the largest social-media platforms more responsible for knowing the ages of their young users.

The legislation would provide for enforcement by the Federal Trade Commission and state attorneys general. It also would allow for consumer lawsuits over violations in some circumstances—a concern for industry groups.

But those provisions wouldn’t take effect immediately. Consumer advocates say such lawsuits shouldn’t be restrained. .

But perhaps the biggest question over the bill is the issue of pre-empting state laws. Some Republicans suggest they won’t support the legislation unless it overrides the patchwork of state privacy laws.

“It’s essential that our bill sets a pre-emptive standard,” said Rep.

Gus Bilirakis

(R., Fla.), saying it was important to protect small businesses from having to comply with multiple state privacy standards.

Tech companies are also pushing for a federal standard.

Some Republicans also suggested they are worried the legislation could concentrate more power in the hands of the largest tech platforms.

Some groups representing internet advertisers also have raised concerns about the upheaval the legislation could bring to online advertising. In a letter to lawmakers this week, they warned the legislation’s restrictions on data collection and use could undermine many kinds of digital advertising, including advertising by nonprofits and candidates.

Write to John D. McKinnon at john.mckinnon@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Leave a Reply

Your email address will not be published. Required fields are marked *