The SECURE Data Act presents a uniform federal framework for digital privacy

A version of the following comments was submitted to the U.S. House Subcommittee on Commerce, Manufacturing, and Trade Committee on Energy and Commerce on June 1, 2026.

The SECURE Data Act represents a thoughtful step forward addressing a problem that has developed over more than a decade of congressional inaction. State privacy laws have created a fragmented landscape with inconsistent compliance obligations and uneven consumer protections across jurisdictions. By establishing a uniform national framework, the bill would bring needed consistency while preserving the core protections that have emerged across the states.

The bill builds on the familiar architecture of state privacy laws. It provides consumers with baseline protections, including the rights to access, correct, delete, and port personal data. It also gives individuals the ability to opt out of targeted advertising, the sale of personal data, and certain profiling decisions. In addition, it incorporates widely adopted concepts such as opt-in consent for sensitive data, defined roles for controllers and processors, and enforcement by both the Federal Trade Commission and state attorneys general. The legislation reflects the direction many states have already been moving rather than introducing a fundamentally new model.

At the same time, the SECURE Data Act addresses a central weakness in the current system. Its preemption provision would replace overlapping state regimes with a single national standard. For businesses, this would create a clearer and more predictable compliance environment. For consumers, it would ensure consistent protections regardless of where they live. This kind of harmonization reflects a more limited government approach by reducing duplication, compliance burdens, and regulatory overlap while improving the effectiveness of privacy protections by eliminating conflicting requirements.

The SECURE Data Act adopts a more restrained and workable enforcement model than prior federal proposals, such as the American Data Privacy and Protection Act (ADPPA) and the American Privacy Rights Act (APRA), by not including a private right of action. This approach is preferable because it would rely on enforcement by expert agencies rather than opening the door to large volumes of private lawsuits, which can increase costs, create legal uncertainty, and divert resources away from compliance. By emphasizing agency oversight, the bill promotes consistent enforcement while reducing the risk of excessive and fragmented litigation.

Overall, we believe the SECURE Data Act takes the core elements of the existing state privacy consensus and places them within a unified federal framework. With its emphasis on standardizing privacy law and providing regulatory clarity, the bill offers a pragmatic path forward in an area that has long lacked federal coordination.