4 ways to strengthen the American Data Privacy Protection Act

Improvements are needed to protect critical privacy needs for retailers and consumers
Sr. Director, Grassroots Advocacy

There’s a new data privacy proposal in Congress that favors big tech, broadband providers and banks over consumers and Main Street businesses. The American Data Privacy Protection Act, sponsored by Representatives Frank Pallone, Jr., D-N.J., and Cathy McMorris Rodgers, R-Wash., and Senator Roger Wicker, R-Miss., includes several provisions that could make it harder for retailers to provide customers with exceptional service. It would also expose Main Street businesses to lawsuits and would leave out key privacy protections for consumers who expect their data to be protected by all businesses that handle it.

NRF has long advocated for a comprehensive federal law governing data privacy. The ADPPA is well-intentioned but does not fully meet the standard for comprehensively protecting the data privacy of Americans. Here are four ways to strengthen the ADPPA.

Take action

Join NRF in calling on Congress to support a preemptive federal privacy bill that requires all businesses to use customer data responsibly.

Establish a strong, national uniform standard that preempts a patchwork of state privacy laws

An essential component for any federal privacy law must be a strong, national uniform standard that protects consumers’ data across every industry that touches it, no matter where they live in the United States. Currently, there is no federal standard governing how companies collect and use customer data. That has enabled state legislatures to enact a patchwork of complex state privacy laws for businesses operating online and in physical locations to protect customers living in those states.

While the intent of the ADPPA is to preempt state privacy laws, it provides many carve-outs to its provisions as currently drafted that ultimately would prevent it from establishing a strong and uniform national law. Unless the ADPPA’s preemption language is amended, businesses will need to continue to monitor and comply with varying state and federal privacy laws. That will make it more difficult for retailers to put their customers first and serve them in the seamless fashion consumers expect in the 21st century.

Remove a private right of action that empowers trial lawyers to sue or threaten lawsuits against Main Street businesses

The ADPPA’s exemptions for favored industry sectors like big tech, broadband providers and banks will make it unlikely for them to face threatening lawsuits. This provision exposes retailers to potentially receiving thousands of meritless demand letters from enterprising trial attorneys, even for alleged privacy violations by business partners who serve them, such as contractors, franchises and other businesses over which they may not have direct control. Main Street retailers are especially vulnerable to becoming targets of litigation because many lack the in-house legal expertise and capital to fight off even meritless claims.

Congress should instead focus on ensuring consumers have privacy protections by creating incentives for businesses to come into compliance with the law and encourage federal and state enforcement authorities and businesses to work together to ensure compliance.

Include protections for customer loyalty programs

An important way many retailers develop lasting relationships with their customers is by providing tailored services and lower prices than competitors in the same industry sector. Loyalty programs must be preserved as a vitally important aspect of retailing and the modern shopping experience.

The current draft of the ADPPA includes language that appears to require businesses to offer the same pricing to all customers, which could jeopardize the future of these programs.  American consumers have shown that they want to voluntarily participate in these programs to receive discounted prices and the opportunity to accrue rewards points and other benefits that connect them with their favorite retailers.

According to a survey by Bond Brand Loyalty Inc., 79 percent of consumers say loyalty programs make them more likely to continue doing business with brands that offer them, and 32 percent strongly agree a loyalty program makes their brand experience better. Ensuring the ADPPA includes language that sufficiently clarifies that customer loyalty programs should be protected is essential to strengthen the bill and ensure customers’ needs are being met.

Eliminate unfair exemptions for big tech, broadband providers and banks

Any federal privacy law should make all businesses responsible for their own conduct in handling customers’ personal information. But the ADPPA treats consumers’ data differently based on who is handling their data. The bill creates special exemptions for industries like banks, big tech and broadband providers. These industries handle and store large volumes of sensitive consumer data, and yet the ADPPA does not require them to provide consumers with the same level of transparency and rights to their data as it requires of Main Street businesses. The ADPPA even permits these businesses to transfer or sell consumers’ sensitive personal information without consent.

This makes for confusing protections for consumers who expect their data to be protected to the same extent by all businesses that handle it. A consumer walking down Main Street would be surprised to learn the convenience store where they swipe their card must protect their privacy more than the bank that has their social security number, bank account numbers and credit card information. The ADPPA should be amended to ensure that every industry sector that handles consumers’ personal information has the same obligations to protect this data as comprehensively as consumers expect.

Take action

Data drives the shopping experience and allows retailers to offer customers the products, services, value and convenience they demand. NRF will continue to advocate for a balanced federal privacy law that establishes a uniform national standard applying to all businesses that handle sensitive personal information of consumers, no matter where they live in the United States.

A hearing on the ADPPA is scheduled for June 14, 2022, in the House Energy and Commerce Committee. Join NRF in calling on Congress to support a preemptive federal privacy bill that requires all businesses to use customer data responsibly.

Related content

Privacy legislation poses looming threat over Main Street businesses
Small retailers would be vulnerable to “drive-by” lawsuits under the American Privacy Rights Act.
Read more
Adequacy Decision for Transatlantic Data Privacy Framework
EuroCommerce and NRF welcome announcement by the European Commission on EU-U.S. Data Privacy Framework.
Read more
EuroCommerce and NRF Release White Paper Supporting Transatlantic Data Privacy Framework
EuroCommerce and NRF have released a white paper supporting an EU-U.S. agreement on transatlantic data transfers.
Read more