House Republicans Roll Out National Privacy Bill

The United States has long relied on a patchwork of state privacy statutes, from California's comprehensive Consumer Privacy Act to Virginia and Kentucky’s more modest frameworks. Lawmakers have argued that a single federal rule could eliminate compliance complexity for businesses while guaranteeing baseline protections for all Americans. The Secure Data Act emerges as the GOP’s answer, mirroring key elements of recent state laws—notice, opt‑out, and data‑minimization—while seeking to create a uniform national standard.

At its core, the bill grants consumers the ability to opt out of data collection used for targeted ads, third‑party sales, or automated decision‑making, and obligates firms to provide portable copies of personal data upon request. It imposes a “adequate, relevant, and reasonably necessary” test for data collection, mandates disclosure of any third‑party sharing—including to foreign governments—and introduces a new FTC‑run data‑broker registry with security and minimization requirements. By centralizing oversight, the legislation aims to curb the opaque data‑broker ecosystem that has long evaded robust regulation.

Political reception, however, is sharply divided. While Republican leaders tout the bill as a balanced, business‑friendly approach, Democrats and privacy advocates warn it preempts stronger state protections, lacks a private right of action, and offers a 45‑day cure period that could dilute enforcement. Critics also highlight the absence of AI‑specific safeguards, a glaring omission as large language models increasingly rely on personal data. The bill’s future hinges on bipartisan negotiations, and its ultimate shape will influence not only today’s data‑privacy landscape but also how emerging technologies are regulated at the federal level.