SECURE Data Act: Congress introduces new federal privacy framework | Freeman Mathis & Gary
SECURE Data Act: Congress introduces new federal privacy framework | Freeman Mathis & Gary
https://www.jdsupra.com/legalnews/secure-data-act-congress-introduces-new-8419239/
Publish Date: 2026-06-01 11:23:00
Source Domain: www.jdsupra.com
On April 21, 2026, Representative John Joyce (R‑PA) introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (the “SECURE Data Act”) in the House of Representatives. The bill represents the latest effort to establish a comprehensive national framework for consumer privacy rights.
Key provisions of the proposed SECURE Data Act
(1) Scope of the SECURE Data Act
The SECURE Data Act would generally apply to an entity that (a) conducts business in the U.S. or offers for use or sale to a resident of the U.S. a product or service, or (b) processes or engages in the sale of personal data of a resident of the U.S., and
(a) Collects and processes personal data of more than 200,000 consumers annually (excluding personal data controlled or processed solely for the purpose of completing a payment transaction) and has an annual gross revenue of $25 million or more (as adjusted for CPI annually);
or
(b) Collects and processes personal data of 100,000 or more consumers annually (excluding personal data controlled or processed solely for the purpose of completing a payment transaction) and derives 25% or more of its annual gross revenue from the sale of personal data.
(2) Consumer rights
The bill adopts a familiar consumer rights–based approach consistent with state privacy laws, including rights to know, access, correct, delete, and obtain a portable copy of personal data, as well as the right to opt out of certain processing activities, such as targeted advertising and data sales.
(3) National data broker registry
The SECURE Data Act would create a national data broker registry that requires data brokers to publicly register with the Federal Trade Commission (FTC) and provide disclosures regarding their data practices. The bill would define a “data broker” as a controller that:
(1) collects and processes personal data concerning a consumer who is not a client of or a user of a product or service provided by the…
