This post was originally published on this site
The American Data Protection and Privacy Act, if passed, would represent federal legislation pre-empting state data privacy regulation. It’s a big deal, not least because in its current version it has bipartisan support. It’s important to emphasize “current version,” because it has been through several drafts and may get extensively amended or rewritten between now and the finish line.
Nevertheless, it’s worth getting familiar with the main points in the current draft.
The law will apply only to “covered data.” So what data is covered by this legislation? “Information that identifies or is linked or reasonably linkable, alone or in combination with other information, to an individual or a device that identifies or is linked or reasonably linkable to an individual, and may include derived data and unique persistent identifiers.” Personal identifiable information, in other words, and quite broadly construed.This isn’t really about consent. Yes, covered data can only be collected with the explicit, affirmative consent of an individual to a clear and unambiguous request. But that doesn’t mean that providing one of those easy-to-click “I agree” buttons allows you to grab anything the individual might knowingly or unknowingly offer up.Only some types of data can be collected or processed at all. This is where the legislation has teeth. There are just seventeen permissible purposes for data collection, processing or transfer. The details appear beginning on page 14 of the linked draft, but here’s the short version: Data can be collected to complete a transaction or a fulfill an
Read more here: https://martech.org/3-things-to-know-about-the-american-data-protection-and-privacy-act/
