Lawmakers Release Federal Data Privacy Bill

June 13, 2022 |

Updated June 13, 2022

2 minutes

Bipartisan bill will have an impact on multifamily data practices. 

For the past several years, Congress has continued to debate a federal consumer data privacy standard, but disagreements on federal preemption and private right of action have prevented meaningful progress. But in a significant step forward in the debate, House Commerce Committee Chair Frank Pallone (D-N.J.-6), Ranking Member Cathy McMorris Rodgers (R-Wash.-5) and Senate Commerce Chair Roger Wicker (R-Miss.) released a discussion draft in early June that establishes a federal data privacy standard that preempts most state laws, with some exceptions.

Why This Is Critical for Our Industry

This bill has been years in the making and includes several key provisions that will have direct impact on industry operations, including a:

  • requirement that groups minimize the data they collect from consumers;
  • prohibition of the transfer of sensitive data to third parties; and
  • limited private right of action allowing individuals to sue for privacy violations.

Where This Bill Is Headed

The bill reenergizes the debate and provides a framework for ongoing negotiations. But progress is unlikely until it gains the support of Senate Commerce Chair Maria Cantwell (D-Wash.), who is notably not a sponsor. Sen. Cantwell wants to see stronger consumer protections and will be unlikely to move the bill without changes. The congressional calendar also poses a challenge, as it’s an election year and there is not much time left before August break.

Our Take

NAA and NMHC are encouraged by this breakthrough legislation, which provides a framework for ongoing negotiations. Given the burden placed on rental housing firms by the growing patchwork of state data privacy standards, we continue to push for a national data privacy standard that preempts state data privacy laws and allow for flexibility and scalability. NAA and NMHC stress the need for any federal standard to clearly assign legal liability for data privacy and data security, given the industry’s reliance on third-party suppliers.