US Lawmakers Push National Data Privacy Rules Amid State Preemption Concerns

The bipartisan push for a national data‑privacy regime reflects growing frustration with the United States’ fragmented regulatory landscape. By consolidating consumer rights—access, correction, deletion, and opt‑out—into two parallel statutes, lawmakers aim to give businesses a single compliance playbook while promising Americans clearer control over their personal information. The SECURE Data Act targets non‑financial entities, mandating data‑minimization, transparent notices, and a mandatory registration of data brokers with the Federal Trade Commission, which would host a searchable national registry.

For the financial sector, the GUARD Financial Data Act modernizes the Gramm‑Leach‑Bliley Act, extending opt‑in consent to sensitive data such as biometrics and precise geolocation. It also tightens rules around account‑access credentials used by aggregators, requiring explicit consumer permission before third parties can retrieve banking information. Both bills introduce a 45‑day cure period before enforcement actions, and they empower state attorneys general to bring civil suits, albeit without a private right of action for individuals.

Stakeholders remain sharply divided. Consumer‑rights groups argue the proposals dilute existing state protections, especially in California and Virginia, and lack robust enforcement mechanisms. Conversely, industry associations like the National Association of Manufacturers see a uniform federal framework as a way to eliminate costly compliance duplication across 50 states. As Congress debates the balance between national consistency and state autonomy, the outcome will set the tone for how personal data is governed in an era of AI‑driven analytics and cross‑border data flows.