The proposed American Data Privacy and Protection Act (ADPPA) was adopted by the House Energy and Commerce Committee on July 20, 2022, with a vote of 53-2.
The law would establish national guidelines and security measures for the personal data that businesses gather alongwith safeguards designed to counteract any possible discriminatory effects of algorithms.
Scope and Applicability
If it were to become law, the ADPPA would have a broad scope of application to organizations and companies doing business in the US.
Notably, the ADPPA would impose duties directly on service providers, including ones not contained in state privacy laws, such as the restriction of data transfers, other than service providers without specific affirmative authorization.
Oversight of AI and Algorithmic Decision-Making
Section 207 of the ADPPA would go a step farther than the majority of current state privacy laws by mandating that businesses assess particular artificial intelligence capabilities and disclose their findings to the FTC.
An algorithm impact assessment is also necessary for major data holders who use algorithms that have the potential to damage a person.
Enforcement
The American Digital Privacy Protection Act (APDPA) would require the Federal Trade Commission (FTC) to set up a Bureau of Privacy at the FTC to enforce its provisions.
Any ADPPA violation would be treated as a violation of an unfair or deceptive act or practise under Section 18(a)(1)(B) of the FTC Act.