Key developments
House Republicans unveil SECURE Data Act
House Energy and Commerce Republicans introduced the draft Securing and Establishing Consumer Uniform Rights and Enforcement over Data (SECURE Data) Act on April 22 after more than a year of stakeholder consultation. The proposal would create a federal privacy standard intended to preempt comprehensive state privacy laws and would omit a private right of action, data protection impact assessments, data protection officers, and universal opt-out mechanisms. It would add FTC-managed data broker registration, a Commerce Department code-of-conduct safe harbor, and treat data about children under 13 as sensitive.
Why it matters
It is the clearest move today toward a new federal privacy framework and a possible rollback of state-law variation.
Sources & driving stories
IAPP.ORG
IAPP.org coverageEFF sues DHS and ICE over subpoenas
The Electronic Frontier Foundation sued the Department of Homeland Security and Immigration and Customs Enforcement on April 22 for records about administrative subpoenas the group says were used to identify people who criticized the government or attended protests. EFF is seeking policies, legal analyses, approval procedures, communications, and usage data after saying the agencies ignored its requests. The complaint argues the public should know the legal basis for obtaining subscriber information from tech companies without prior judicial approval.
Why it matters
The case could expose how immigration and homeland security agencies use subpoena power to identify online critics without a warrant.
Sources & driving stories
EFF · Hudson Hongo
EFF coverageMeta reportedly tracks employees for AI training
Forbes and Mashable reported that Meta is installing software on U.S. employees’ work computers to capture mouse movements, keystrokes, clicks, and some screen snapshots for AI training. Meta says the data will not be used for performance reviews and is aimed at building AI agents that can understand how people move through software and complete office tasks. The move underscores a shift from training on public content to collecting worker behavior as model data.
Why it matters
It raises fresh workplace privacy and labor concerns because employee behavior is being collected as training data rather than merely for productivity oversight.
Sources & driving stories
FORBES · Ron Schmelzer
Forbes coverageMASHABLE
Mashable coverageWorth noting
WORTH NOTING
Notion public pages exposed editor details
Researchers said public Notion pages can surface editor usernames, profile images, and email addresses, prompting mitigation work from the company.
WORTH NOTING
OpenAI open-sources prompt secret scrubber
A pre-submission filter for API keys and sensitive data could reduce accidental disclosure in chatbot prompts, especially for enterprise users.
WORTH NOTING
M&T Bank warns of vendor breach
The disclosure adds another example of third-party-originated bank data exposure, with notice to 462 Massachusetts residents and potential exposure of Social Security and financial account data.
Still unclear
OPEN QUESTION
Can the SECURE Data Act win bipartisan support?
Its state-law preemption and lack of a private right of action are the provisions most likely to determine whether the bill advances or stalls.
OPEN QUESTION
How far can ICE subpoenas go without court oversight?
EFF's lawsuit could force disclosure of the standards, approvals, and limits governing subscriber-data requests.