I htink there were three key sections that got cut out:
1) "A covered entity or service provider may not collect, process, retain, or transfer covered data in a manner that discriminates in or otherwise makes unavailable the equal enjoyment of goods or services on the basis of race, color, religion, national origin, sex, or disability." This was hugely important, it was sa major victory to get a bipartisan committee majority supporting similar language in APRA's predecessor ADPPA.
2) Requirements for algorithmic impact assessments by large companies (I forget the exact threshold).
3) A requirement to let people opt-out of consequencial automated decisions (with some exceptions), somewhat similar to California's CCPA.
I htink there were three key sections that got cut out:
1) "A covered entity or service provider may not collect, process, retain, or transfer covered data in a manner that discriminates in or otherwise makes unavailable the equal enjoyment of goods or services on the basis of race, color, religion, national origin, sex, or disability." This was hugely important, it was sa major victory to get a bipartisan committee majority supporting similar language in APRA's predecessor ADPPA.
2) Requirements for algorithmic impact assessments by large companies (I forget the exact threshold).
3) A requirement to let people opt-out of consequencial automated decisions (with some exceptions), somewhat similar to California's CCPA.