The American Privacy Rights Act (APRA) is a bipartisan federal data protection law introduced by Congresswoman Cathy McMorris Rodgers and Senator Maria Cantwell. It aims to establish a national standard for data privacy and security in the US [6], giving Americans greater control over their personal data [3] [5] [6].


The proposed legislation would ban the transfer of sensitive personal data to third parties without explicit approval [2], allow users to opt out of targeted advertising [2] [3] [5], and give individuals the right to request copies of their data or have it deleted [2]. Key provisions include allowing individuals to correct, delete [1] [2] [3] [5], or export their data [1] [5], opt out of targeted advertising [1] [2] [3] [5], and demand a downloadable version of their data [3]. The bill also addresses concerns about foreign adversaries accessing Americans’ personal data and would enable individuals to sue companies for privacy violations [2]. The law mandates security protections [1], prohibits the use of “dark patterns” to manipulate privacy preferences [3], and enforces compliance through the Federal Trade Commission and private suits by victims [3]. It preempts state privacy laws [1] [3], eliminates the patchwork of regulations [4] [6], and establishes clear [4] [6], national data privacy rights and protections for Americans [4]. The legislation includes provisions to create a national registry of data brokers, require companies to let individuals opt out of data collection and sale [5], and allow for individuals [5] [6], state attorneys general [5], and the FTC to sue for violations [5], with a private right of action included [1] [5]. Small businesses with less than $40 million in revenue are exempt [5], as long as they do not sell data [5]. The bill would go into effect six months after enactment [5], with restrictions on mandatory arbitration provisions [5]. The legislation faces a long road ahead in Congress [2], with low odds of passing before the 2024 election [2].


The American Privacy Rights Act has the potential to significantly impact data privacy and security in the US, providing individuals with greater control over their personal information. However, the road to passing this legislation is challenging, with uncertainties surrounding its enactment before the 2024 election. If successful, the APRA could set a new standard for data protection laws in the US, with implications for businesses, consumers [1], and regulatory agencies.