Alston & Bird Privacy, Cyber & Data Strategy Blog

Congress Seeks Comments on Comprehensive Federal Data Privacy Law

By , , and

Since the first comprehensive state data privacy law went into effect in California in 2020, 18 other states have enacted comprehensive data privacy laws, with 14 others currently moving through their respective state legislative process. The proliferation of such state laws is happening at a breakneck pace, and leaving in their wake regulated entities who are grappling with a complex web of disparate requirements.

While there is currently no federal standard to override this “patchwork” of state laws, last week, the House Committee on Energy & Commerce announced the creation of a data privacy working group. Legislators in the past two congresses have attempted to enact comprehensive privacy legislation without success. Some of the key sticking points have included disagreements over federal preemption, private rights of action, and the potential implications for small businesses. The goal of the working group is to explore the parameters of a comprehensive federal data privacy and security framework. Efforts to enact a federal privacy law in 2025 face a long road and chances of passage remain slim, but this endeavor is a notable opportunity for interested stakeholders to offer their insights to inform policy development in this arena.

The working group is now seeking stakeholder input on its efforts. In a Request For Information published on February 21, the working group asked for feedback on several key areas, including for example:

  • How to address the various roles of different entities who deal with personal data;
  • The types of personal information and sensitive personal information to which a comprehensive federal data privacy law should apply;
  • The types of protections to give to the personal information and sensitive personal information;
  • How to account for existing federal privacy frameworks (e.g., HIPAA, FCRA, GLBA, COPPA);
  • How to address data security;
  • How to account for Artificial Intelligence; and
  • Who should be responsible for enforcing a comprehensive federal privacy law and how?


Comments should be submitted via email to PrivacyWorkingGroup@mail.house.gov no later than April 7, 2025. The working group also requests comments to be no more than 3,500 words and provided in both Word and PDF format.

LinkedIn
Jennifer Pike

About Jennifer Pike

When clients face health information privacy and security issues, they trust Jen’s ability to craft strategic and practical solutions to the most challenging problems.

[Read Bio]

Jennifer Everett

About Jennifer Everett

Jennifer Everett focuses on regulatory compliance, enforcement, and transactions in data privacy, cybersecurity, health care, and emerging technologies. Jennifer offers strategic guidance to public and private companies across several sectors, including life sciences and health technology, when navigating state, federal, and international privacy regulations.

[Read Bio]

Avatar photo

About Kate Hanniford

Kate Hanniford is a partner with Alston & Bird’s Privacy, Cyber & Data Strategy Team. . She focuses her practice on cybersecurity counseling, as well as federal securities law compliance, enforcement, and litigation.

[Read Bio]

Avatar photo

About Evan Collier

Evan uses his previous Capitol Hill and government relations experience to assist clients with the legislative process.

[Read Bio]

Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly