Lawmaker Proposes Sweeping Overhaul of US Privacy Act
A US lawmaker has unveiled a plan for a comprehensive overhaul of the US Privacy Act. The proposed legislation indicates a significant push for stricter data privacy regulations, which could impact how tech companies handle user data and compliance.
- The proposal was unveiled by Democratic Rep. Lori Trahan, who argues the Privacy Act of 1974 is fundamentally unequipped for the modern era of artificial intelligence, cloud storage, and data brokers. The original act was passed in the aftermath of the Watergate scandal to address government overreach and surveillance. - A key recommendation is to expand the definition of "individual" to cover all natural persons whose data is processed by the federal government, not just U.S. citizens and lawful permanent residents. The proposal also suggests redefining "record" to encompass any personally identifiable information that can be linked to an individual. - The plan calls for replacing the current data standard of "relevant and necessary" with a stricter "necessary, proportionate, and limited" standard for data processing. This aims to significantly strengthen data minimization requirements for federal agencies. - The proposed overhaul suggests a risk-based regulatory model, where high-risk data uses like eligibility determinations or surveillance would face stricter scrutiny, while low-risk administrative functions would have a lower compliance burden. - Under the proposal, every federal agency would be required to establish a Chief Privacy Officer (CPO) who would report directly to the head of the agency. - The original 1974 Act primarily governs federal agency records that are retrieved by a personal identifier such as a name or Social Security Number. It established "fair information practices" and gave individuals the right to access and request corrections of their data held by the government. - This federal proposal comes as numerous states are enacting or amending their own data privacy laws in 2026. States like California have already implemented comprehensive laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). - Previous bipartisan efforts to pass comprehensive federal privacy legislation, such as the American Data Privacy and Protection Act (ADPPA), have stalled in Congress, highlighting the challenges of creating a national standard.
