The Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (The SECURE Data Act) is the most significant federal privacy proposal in years. The bill was introduced by Rep. John Joyce of Pennsylvania and would create the first comprehensive national consumer privacy framework in U.S. history, superseding the growing patchwork of state laws that currently governs how companies handle personal data.
The bill establishes five core rights for every consumer such as the right to access, correct, and delete their personal data, the right to a portable copy of that data and the right to opt out of targeted advertising, data sales, and automated profiling that has a legal or significant effect on them. Controllers must limit data collection to what is necessary, provide clear privacy notices, and cannot discriminate against consumers who exercise their rights.
A separate tier of sensitive data, including biometrics, health diagnoses, precise geolocation, racial origin, and data collected from children and teens requires affirmative opt-in consent before any processing. For teens between 13-15, verifiable consent is required, extending COPPA’s current age-13 threshold. Data brokers must register annually with the FTC, which will maintain a searchable public registry.
Enforcement rests with the FTC and state attorneys general. There is no private right of action. State privacy laws are broadly preempted. Most provisions take effect two years after enactment; consumer rights and data broker requirements kick in after one year.
This is all great, but the bill faces a competitive legislative calendar ahead of the 2026 midterms and will require bipartisan support to advance.
;
