SECURE Data Act Draws Fire for Preempting State Privacy Laws

House Republicans introduced the SECURE Data Act, aiming to set a national privacy framework preempting state laws.

The SECURE Data Act, unveiled by House Republicans on April 22, 2026, sets out a federal standard for consumer data privacy and would preempt existing state statutes. The proposal aims to address business frustration over the current patchwork of state laws by establishing a uniform approach to privacy compliance.

• The bill covers companies with annual data processing on over 200,000 consumers and $25 million in revenue, or those handling at least 100,000 consumers when data sales comprise 25% of revenue. (S&P Global)
• Consumers would gain rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising and data sales.
• The bill raises the age requirement for parental consent to process sensitive data from 13 to 16, recognizing teens as a protected group.
• Enforcement would fall to the Federal Trade Commission and state attorneys general, but consumers would not gain a private right of action.
• The act would also repeal the longstanding Video Privacy Protection Act of 1988.

Supporters such as the Association of National Advertisers argue a federal law is crucial to protecting millions of advertising jobs and streamlining compliance, stating the bill “charts the best path to a national privacy standard.”

However, established privacy advocates, including Consumer Reports and EPIC, warn that the measure “would replace stronger state and local laws with a weak federal framework riddled with loopholes”—potentially eroding crucial online safety and civil rights guarantees.

Legal teams focused on privacy and compliance should closely track developments as the debate underscores persistent tension between consumer protection and business uniformity in U.S. data regulation.

Yes, but: The bill does not provide a private right of action, limiting individual enforcement options.