June 29, 2022 |

US Federal and Stateside Privacy News Roundup – June 29, 2022

US Federal

Comprehensive federal privacy bill released

The US House of Representatives and Senate have released a bipartisan draft discussion of a comprehensive data privacy bill, the American Data Privacy and Protection Act (ADPPA).

The ADPPA is the first comprehensive federal privacy bill to gain bipartisan and bicameral support. This bill has 4 main parts:

  1. Duty of loyalty
  2. Consumer data rights
  3. Corporate accountability
  4. Enforcement, applicability, and any other miscellaneous provisions.

ADPPA would include a private right of action and would preempt most state laws, with some exclusions. The State Attorneys General and FTC would have enforcement rights, and the FTC would have authorized rulemaking powers.

Growing bi-partisan consensus for increased regulation of children’s data

The FTC has signaled increased Children’s Online Privacy Protection Act (COPPA) enforcement against EdTech companies. The commission issued a Policy Statement highlighting raised scrutiny of compliance, and COPPA restrictions such as mandatory collection, use, and retention prohibitions as well as security requirements. This comes after the COVID-19 pandemic closed schools and forced remote learning, resulting in EdTech tools becoming necessary for participation.

FTC Fines Twitter for granting access for third parties to users’ personal information

The FTC fined Twitter $150 million after Twitter required users to submit phone numbers and email addresses to protect their accounts, then granted third parties access to the information. The complaint alleged Twitter obtained this data under the pretext of using it for security purposes, but then used it for the purpose to target users with ads.

US States

Maryland student data privacy law aims to increase student data protection

Maryland’s new student data privacy law, SB 325, took effect June 1, 2022. The law will increase student data protections by altering the definitions of covered information, operator, persistent unique identifier, and targeted advertising.

CPPA will discuss CPRA draft regulations

The California Consumer Privacy Agency (CPPA) announced its plans to discuss California Privacy Rights Act (CPRA) draft regulations during its board meeting on June 8. Draft rules cover making recognition of global opt-out signals mandatory (rather than optional per the CPRA’s text) and the CPPA’s noted problem of consumer choice via cookie management tools not meeting standards to constitute an opt-out request or request to limit the use of sensitive personal data.

New state privacy laws could leave big holes for security issues

Some state consumer privacy laws, such as Connecticut and Virginia’s laws, have been criticized for leaving personal data without security coverage by excluding cybersecurity requirements from large areas of data. Their use of exceptions language could make it so that much is left excluded from security requirements.


Use of, access to, and information exchanged on this web page or any of the e-mail links contained within it cannot and does not create an attorney-client relationship between Han Santos, PLLC, and the user or browser. Please do not post any personal or confidential information. You should contact your attorney to obtain advice with respect to any particular issue or problem. Contact us for additional information. One of our lawyers will be happy to discuss the possibility of representation with you. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.