Washington, D.C. — Congresswoman Julie Fedorchak (R-ND), a member of the House Energy and Commerce Committee’s Data Privacy Working Group, today helped unveil the SECURE Data Act. The comprehensive framework will protect Americans’ personal data, strengthen consumer rights, and set clear rules for companies in the digital economy. The legislation is part of a coordinated, joint-committee effort alongside the House Financial Services Committee’s GUARD Financial Data Act, which focuses on protecting Americans’ sensitive financial information.
“Americans are tired of their personal information being manipulated and abused online, and they’re looking to their elected representatives to act. Every day, personal data is collected, shared, and sold—often without clear understanding of where it goes or how it’s used. After months of gathering input from stakeholders across industry, consumer groups, and policy experts, and working to build consensus, we’re proud to unveil a comprehensive national data privacy framework,” Fedorchak said. “This legislation puts Americans back in control of their own information—establishing clear rights to access, delete, and limit how personal data is used, while strengthening protections for children online. It also creates a consistent standard, so families and small businesses aren’t navigating a confusing patchwork of state laws. I’m grateful to Chairman Brett Guthrie and Rep. John Joyce for their leadership and commitment to advancing this effort.”
The SECURE Data Act marks a major step forward in establishing a durable, nationwide privacy and data security standard, building on frameworks already adopted by the majority of states while creating consistency across state lines. It gives consumers rights over their personal information and sets enforceable obligations for companies, with oversight from the Federal Trade Commission and state attorneys general.
“The Energy and Commerce Data Privacy Working Group was created to reset the discussion on comprehensive data privacy, taking wide ranging input from stakeholders and crafting a consensus bill that protects the privacy and security of Americans’ personal data. The SECURE Data Act is the result. This bill establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping. We look forward to working with our colleagues to build support for this bill and advance data privacy protections fit for our 21st century economy,” said House Committee on Energy and Commerce Chairman Brett Guthrie (R-KY) and Leader of the Energy and Commerce Data Privacy Working Group Rep. John Joyce, M.D. (R-PA)
Under the legislation, Americans will have the right to access, delete, and transfer their personal data from large data brokers, and to opt out of targeted advertising and data sales. The bill also requires explicit consent for the use of sensitive data.
Companies will be required to limit data collection to what is necessary, clearly disclose how data is shared—including with foreign adversaries—and implement strong security practices. Data brokers will face new transparency requirements, including registration with the FTC and inclusion in a public, searchable registry so consumers can better understand and control how their data is used.
The bill also strengthens America’s position in the global digital economy by supporting secure cross-border data flows and addressing risks posed by foreign data practices, including restrictions and adversarial access to sensitive information.
Background on the SECURE Data Act:
A National Privacy and Data Security Standard:
Establishes a national privacy and data security standard to protect the personal data of all Americans and their families.
Builds on the proven framework adopted by the overwhelming majority of states that have enacted comprehensive privacy and data security laws.
Establishes new rights for consumers and obligations for companies—enforced by the Federal Trade Commission and state attorneys-general.
Consumer Privacy Rights:
Consumers will have the right to:
Know their data is being collected and used.
Access a copy of their personal data, including in a portable format.
Delete their personal data.
Opt-out of targeted advertising, sales of personal data, and certain automated decisions.
Sensitive data can only be processed with a consumer’s consent.
A parent’s consent is required to process a child and teens’ personal data.
Commonsense Obligations on Businesses:
Companies must:
Limit their collection of personal data to what is “adequate, relevant, and reasonably necessary” for the purposes disclosed to consumers.
Disclose what personal data they share with others, including any personal data processed in or sold to China, Russia, or other foreign adversaries.
Implement data security practices to protect the personal data they process.
Data brokers must:
Comply with the data minimization, disclosure, and data security requirements.
Register with the FTC and provide information about their privacy and data security practices and about the personal data they sell.
The FTC will establish a searchable public-facing registry of data brokers, where consumers can learn how to exercise their privacy rights.
Advances American Leadership in the Global Digital Economy:
The Secretary of Commerce is empowered to:
Continue its longstanding promotion of cross-border data flows and the protection of personal data in international commerce.
Address the negative impacts of foreign data localization and data transfer restrictions.
Protect Americans’ data from the risks posed by foreign adversaries.
###