Abstract

This article examines the draft American Privacy Rights Act 2024 (APRA) in the context of the European data protection regulations (GDPR) and the current political situation in the United States. The author points out that APRA represents the first attempt in many years to introduce a uniform federal privacy protection standard in the US, which could eliminate the current “patchwork” system of fragmented sectoral and state solutions.
The article outlines the issue of data transfer to third countries in EU law, the philosophy of privacy protection in the US system and selected APRA solutions (definitions, principles, rights of individuals, obligations of processors and supervision mechanisms) compared the EU data protection model.
The author notes the similarities between the APRA and the GDPR, at the same time pointing out fundamental differences, including, in particular, the limitation of protection provided in the APRA to the group of US citizens and residents and maintenance of broad data access powers of US public authorities in order to preserve national security.
The text then discusses the development of state regulations (including: California, Texas, Oregon, New York), leading to a gradual increase in privacy standards though still not ensuring the coherence and uniformity of the American system in this area.
The author concludes that despite some convergences with the GDPR, the APRA (if enacted) would not lead to the development of a transatlantic personal data protection system.