Opposition to U.S. federal privacy law grows louder

The latest draft of the American Privacy Rights Act (APRA), which would regulate privacy protection for U.S. citizens at the federal level, is getting a proper drubbing from advocacy groups and industry lobbyists alike, ahead of a markup session.

Criticism relates in part to a provision titled “Civil Rights and Algorithms,” which addressed protections against algorithmic discrimination – and has disappeared from the latest draft. Lawyers and digital rights groups are not happy, saying the removal opens the door to civil rights abuses. Advertisers are likewise not happy, arguing that the revised bill limits their ability to service a data-driven economy.

Legal group for civil rights calls APRA “house with no foundation”

The Lawyers’ Committee for Civil Rights Under Law, a nonprofit of law professionals that uses “legal advocacy to achieve racial justice,” has released a statement encouraging Members of Congress to vote against advancing the draft, “unless its civil rights provisions are restored and privacy loopholes closed.”

“By removing previously agreed upon bipartisan language that would address data-driven discrimination and require AI impact assessments, the new draft of APRA fails to address the core purpose of privacy: to ensure that who we are cannot be used against us unfairly,” says the committee’s statement. “This is unacceptable.”

“Over and over again, we have seen how many of the worst harms from tech companies’ exploitative data practices disproportionately affect Black people and other people of color. A privacy law that does not account for discrimination is a house with no foundation.”

Citing a gaping hole where there were once anti-discrimination protections, AI impact assessment requirements and the choice to opt-out of AI deployed in decisions involving housing, credit and other sensitive issues open to harmful racial bias, the Lawyers Committee says the bill erodes civil rights and contradicts existing privacy laws.

It also objects to a loophole in rules around personal data collected and used on an individual’s device. “Tech companies would be able to do almost anything they want with data that stays on a personal device – no data minimization rules, no protections for kids, no advertising limits, no transparency requirements, no civil rights safeguards, and no right to sue for injured consumers,” the lawyers say.

“As AI and computing become more powerful, allowing more processing to occur on a device, this loophole will grow. As a result, this draft of APRA is weaker than state laws it is preempting.”

The committee takes care to point out its long-term support of comprehensive privacy legislation. APRA, it says, no longer counts – and passing it risks ushering in a new era of algorithmic discrimination in the digital realm.

“We cannot abide a regime that would perpetuate, in the words of Dr. Ruha Benjamin, a form of ‘Jim Code’: ‘the employment of new technologies that reflect and reproduce existing inequities.’

Reporting in Nextgov suggests the civil rights provision may have been removed to appease partisan objections from extremist Republicans.

CDT also objects on civil rights grounds

The Center for Democracy and Technology (CDT), a nonprofit working to advance civil rights in the digital age, has also issued a formal rejection of the draft bill.

“Discriminating through data practices is one of the worst things companies can do with data, and one of the worst privacy-related harms experienced by society,” says a statement from Alexandra Reeve Givens, president and CEO of CDT. “Privacy legislation needs to clearly prevent discriminatory data practices, and APRA no longer does that. Members should oppose this version of the bill.”

Advertising lobby argues targeted ads are a social good

An organization called Privacy for America is also giving the latest draft of APRA thumbs-down. The lobby group, which represents the Association of National Advertisers (ANA) and the American Association of Advertising Agencies (4As), has stern words for Reps. Cathy McMorris Rodgers, R-Wash. and Frank Pallone, D-N.J., who introduced the revised bipartisan bill.

“We regretfully find ourselves needing to go on record in strong opposition to the discussion draft of the American Privacy Rights Act released on June 20, 2024,” says the lobby group’s letter. “We have consistently reiterated reasonable approaches to data privacy legislation that would increase consumer protection while allowing for responsible business practices to continue to form the bedrock of the modern data-driven economy, including through advertising.”

The advertisers’ argument hinges on the supposed economic ruin that could stem from this version of APRA. The draft, it says, “would severely impact and harm consumers by banning long-standing and responsible data practices that benefit consumers, businesses, and nonprofit organizations that drive innovation and economic growth.”

Privacy 4 America says the privacy law as-is would cripple businesses’ decision-making, hamper the ability of charities, churches and the military to find volunteers, and throw open the gates to fraudsters.

The group’s case, however, puts a fairly thin veneer over its core objection, which is effectively that they want to keep being able to collect as much customer data as they can, and use it how they want. APRA, it says, would prohibit “standard targeted advertising processes,” which “responsibly provide consumers with offers for products and services at the time they are interested in them.”

Those who enjoy having a funny conversation about Red Lobster with friends, then receiving weeks of digital ads about shrimp scampi, can peruse the advertisers’ full argument here.

Article Topics

American Privacy Rights Act  |  Center for Democracy & Technology  |  data privacy  |  data protection  |  legislation  |  United States