Senate Commerce Committee Chair Maria Cantwell and House Energy and Commerce Committee Chair Cathy McMorris Rodgers have unveiled the American Privacy Rights Act.

The proposals could mark the start of a national standard on data privacy regulation, replacing the patchwork of state laws currently in place across the US.

The American Privacy Rights Act (APRA) aims to give individuals greater control over their personal data, how the data is used, and how it moves through other organisations and data brokers. It would also enable individuals to take legal action against entities breaching their privacy rights.

However, the bill faces the procedural hurdle of committee approval in both chambers before potentially becoming law.

As per the draft, carrying out market research would be deemed a valid reason for harvesting, processing and holding or exchanging of data. De-identifying information for purposes of product development and research would also be permitted. 

Howard Fienberg, senior vice-president, advocacy, at the Insights Association, said:

“The Insights Association and the US insights industry support comprehensive federal privacy legislation that would provide strong protection for all American consumers.

“To fundamentally advance the way consumer privacy and data security are protected, a national privacy bill needs to replace the current conflicting patchwork of 15+ state privacy laws and raise the bar for consumer welfare, while allowing for the continued benefits of insights and analytics to flow to all consumers and the broader economy.”

Commerce Chair Cathy McMorris Rodgers, said:


“This landmark legislation gives Americans the right to control where their information goes and who can sell it. It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviours for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”


A federal data privacy law must do two things: it must make privacy a consumer right, and it must give consumers the ability to enforce that right…This bipartisan agreement is the protections Americans deserve in the Information Age,” she continued.


Know the risks

These are momentous times for the data privacy landscape in the US, with politicians responding to commercial pressures and ever-strengthening consumer demand for better data regulation. Safe, ethical and compliant data handling behaviour have never been more important; they depend on business leaders staying in touch with these sensitive issues as they evolve.

Get to the heart of the conversation next week at PrivSec & GRC Connect Chicago, where industry experts will discuss the risks, challenges and opportunities facing organisations in our dynamic digital era.

Not to be missed at PrivSec & GRC Connect Chicago:

Advocating for your Compliance Program: Proactive Strategies for 2024

  • Date: Tuesday 16th April, 2024
  • 11:30-12:15pm CST

This dynamic panel discussion focusses on proactive strategies for enhancing compliance programs in 2024 and beyond. This session will cover key topics including navigating regulatory shifts, leveraging technology for efficiency, effective risk assessment, fostering a culture of compliance, stakeholder engagement, robust training initiatives, measuring program effectiveness and addressing global compliance challenges.

Through insightful discussions and practical insights, attendees will gain actionable strategies to strengthen and future-proof their compliance programs, ultimately driving integrity, trust, and success in today’s evolving regulatory landscape.



  • Emily Miner, Vice President, Advisory Services, LRN Corporation
  • Jackie Wheeler, CCO Senior Manager, Corporate Governance Services, Honda Logistics North America, Inc
  • David Silverman, Compliance Expert and Author

AI Regulation: What Businesses Need to Know in 2024

  • Date: Tuesday 16 April, 2024
  • 14:15-15:00pm CST

This discussion convenes experts at the intersection of artificial intelligence (AI) and regulatory compliance to provide insights into AI governance. Against the backdrop of rapid technological advancements and increasing public scrutiny, the panel will delve into crucial topics such as emerging regulatory frameworks, ethical considerations, data privacy concerns and the impact of AI on various industries.

Attendees will gain a comprehensive understanding of the regulatory landscape surrounding AI in 2024, enabling businesses to navigate compliance challenges effectively while harnessing the transformative potential of AI responsibly and ethically.

Discover more at PrivSec & GRC Connect Chicago

GRC, Data Protection, Security and Privacy professionals face ongoing challenges to help mitigate risk, comply with regulations, and help achieve their business objectives - they must…

  • Continually adopt new technologies to improve efficiency and effectiveness.
  • Build a culture of compliance and risk awareness throughout the organisation.
  • Communicate effectively with stakeholders and keep them informed of GRC activities.

PrivSec & GRC Connect Chicago takes you to the edge of the debate, uniting the most influential GRC, Data Protection, Privacy and Security professionals, to present, debate, learn and exchange ideas.

This dynamic and content-rich experience takes place over April 16-17 at the Crowne Plaza Chicago West Loop.

Click here to register for free to PrivSec & GRC Connect Chicago