House Republicans on the Energy and Commerce Committee introduced the Securing and Establishing Consumer Uniform Rights and Enforcement (SECURE) Data Act on April 22, 2026. The legislation seeks to establish a single federal privacy standard, effectively preempting a growing patchwork of comprehensive state privacy laws currently active in more than 20 states, including California, Virginia, and Colorado.
The bill, led by Committee Chair Brett Guthrie (R-KY) and Data Privacy Working Group Chair John Joyce (R-PA), would grant consumers the right to access, delete, and port their personal data. It mandates data minimization, requiring companies to limit collection to what is adequate, relevant, and reasonably necessary for disclosed purposes. However, the proposal has drawn immediate criticism from privacy advocates and Democratic lawmakers for its lack of a private right of action, which prevents individuals from filing civil lawsuits against companies for violations. Enforcement is instead centralized under the Federal Trade Commission (FTC) and state attorneys general.
A significant technical provision of the SECURE Data Act involves the treatment of pseudonymous data. While the bill allows consumers to opt out of the sale of personal data and targeted advertising, it includes an exception for pseudonymous identifiers—such as tracking cookies or mobile device IDs—provided they are stored separately from information that identifies the individual. Critics, including representatives from Consumer Reports, argue this creates a substantial loophole for the digital advertising industry by allowing continued tracking under the guise of pseudonymity.
The legislation also proposes a national data broker registry managed by the FTC. Data brokers would be required to register annually and comply with specific security and disclosure mandates. Additionally, the bill introduces a safe harbor mechanism where companies can seek government approval for their compliance programs through a Code of Conduct. Adherence to these approved codes, verified by independent third-party auditors, would provide a rebuttable presumption of compliance in enforcement actions.
In tandem with the SECURE Data Act, House Republicans introduced the GUARD Financial Data Act. This companion bill aims to modernize the Gramm-Leach-Bliley Act (GLBA), extending similar privacy protections to the financial sector. It requires financial institutions to obtain affirmative opt-in consent before disclosing sensitive personal information and mandates disclosures regarding the use of artificial intelligence in data processing and automated decision-making.
Energy and Commerce Ranking Member Frank Pallone (D-NJ) criticized the measure, stating it prioritizes corporate interests over consumer privacy. Advocacy groups like the Center for Democracy and Technology noted the bill fails to address AI-driven discrimination or provide the same level of protection as some existing state laws. The bill now moves to the committee review stage, where it faces a divided Congress.