Unpacking the SECURE Data Act

2026-04-26 · Source: Tech Policy Press · Field: Legal & Regulatory — Regulatory Affairs & Government Relations, Compliance & Risk Management · Depth: Intermediate, extended

Summary

A recent podcast episode unpacks the proposed SECURE Data Act, a new federal privacy bill introduced by House Republicans, with Eric Null, Director of the Privacy & Data Project at the Center for Democracy & Technology. Null argues the bill has significant structural weaknesses, including a narrow definition of sensitive data, weak data minimization standards, and broad exemptions for companies, particularly for AI training data. He highlights concerns that the Act would preempt stronger state privacy and civil rights laws, such as Illinois' Biometric Information Privacy Act, and lacks a private right of action, limiting individuals' ability to seek redress. The discussion also touches on the historical challenges of passing comprehensive federal privacy legislation in the U.S., the increasing urgency of privacy protections in the age of AI, and the privacy implications of competition-focused legislation like California's Base Act.

Key takeaway

For CTOs and VPs of Engineering navigating the complex U.S. privacy landscape, the SECURE Data Act represents a potential step backward. You should prioritize understanding its preemption clauses, as they could nullify stronger state-level protections your organization currently relies on, particularly concerning biometric and civil rights data. Focus on robust internal data governance and ethical AI development, as this federal bill offers minimal new safeguards and broad exemptions for data collection, including for AI training.

Key insights

The SECURE Data Act is a weak federal privacy bill that undermines existing state protections and fails to address AI's data demands.

Principles

• More data does not always mean better AI outputs.
• Privacy rights are fundamentally civil rights.
• Federal preemption can weaken state-level protections.

In practice

• Review state privacy laws for stronger protections.
• Assess AI training data for quality over quantity.
• Advocate for private rights of action in privacy legislation.

Topics

• SECURE Data Act
• Federal Privacy Legislation
• Data Minimization
• Preemption
• Civil Rights Protections

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Policy Maker, Legal Professional, AI Ethicist

Related on AIssential

• Congress's New Privacy Bill Is Built on Empty Promises — The SECURE Data Act is a regressive privacy bill that fails to protect consumers and undermines stronger state laws.
• The AI Ethics Brief #190: The Data We Leave Behind — Data reuse without consent and AI-generated misinformation erode trust and highlight critical governance gaps.
• US government ramps up mass surveillance with help of AI tech, data brokers – and your apps and devices — Pervasive data collection by private entities fuels a commercial market exploited by government agencies, eroding privacy.
• Unpacking the Great American Artificial Intelligence Act of 2026 — Comprehensive federal AI regulation requires balancing innovation with risk, focusing on frontier model development while preserving state authority over deployment.
• A Roadmap for Federal AI Legislation: Protect People, Empower Builders, Win the Future — Effective AI governance requires a balanced federal framework that protects people while fostering innovation and competition.
• State AI Law Is the Only AI Law. Everywhere It's Crumbling. — State-level AI regulation efforts are broadly failing, resulting in minimal oversight.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Tech Policy Press.