AI Accountability and Personal Data Protection Act

Key Points

• This bill creates a new federal legal right for individuals to sue any company that collects, uses, sells, or otherwise exploits their personal data without getting clear, upfront permission first. It covers a very broad range of data, from names and locations to browsing history and biometric information.
• AI companies are specifically targeted: training a generative AI model on someone's data or generating content that imitates a person's identity would count as exploitation requiring consent. This is one of the first federal proposals to directly regulate how AI companies use personal data for training.
• If you win a lawsuit under this bill, you'd receive at least $1,000 in damages—or up to triple the profits a company earned from misusing your data, whichever is greater. Punitive damages, injunctive relief, and attorney's fees are also available.
• Companies can no longer bury data-sharing permissions in long privacy policies or terms of service. They must separately and clearly disclose every third party that will receive your data and get your direct acknowledgment—a simple hyperlink to a privacy policy won't count.
• The bill bans forced arbitration and class-action waivers for any disputes arising under this law. That means companies can't force you into private arbitration when you sue over data misuse—you keep your right to go to court and join a class-action lawsuit.
• Existing state privacy laws are fully preserved. The bill sets a nationwide floor for data protection but explicitly allows states to maintain or pass stronger protections of their own.

Votes

No votes have been recorded for this legislation yet.

Related Bills

No related bills have been identified yet.