Congress held another federal privacy hearing. That sentence has been written before.
On June 3, 2026, the House Energy and Commerce Subcommittee on Communications and Technology convened a hearing examining legislation to establish a federal comprehensive privacy and data security law. According to initial coverage, the hearing focused on legislation reported as H.R. 8413, the SECURE Data Act, reportedly sponsored by Rep. Joyce of Pennsylvania, though the specific bill number and sponsor are reported, not yet independently confirmed. Witness categories reportedly included software industry representatives, legal experts, and public interest organizations.
What is confirmed: this hearing happened, this subcommittee called it, and the subject was comprehensive federal privacy legislation. That’s enough context to understand why it matters.
The pattern is established and worth naming plainly. Comprehensive federal privacy legislation has been introduced in multiple congressional sessions. It has consistently stalled on two disputes: the scope of federal preemption over state privacy laws, and whether individuals should have a private right of action to sue companies directly for violations. Neither dispute was resolved in previous cycles, and nothing in initial reporting suggests as of publication is different. The hearing is a signal of legislative attention, not legislative momentum.
Timeline
Why does as of publication feel different to industry? AI training data. Under a patchwork of state privacy frameworks, California’s CPRA, Colorado’s CPA, Connecticut’s CTDPA, Illinois’ BIPA, organizations training AI models on personal data face inconsistent consent requirements, opt-out mechanisms, and data subject rights across jurisdictions. A federal standard with clear AI training data provisions and preemptive effect on state laws would be worth billions in compliance simplification to large AI developers. That economic stake wasn’t present in the 2019 or 2021 federal privacy bill cycles. It is now. That’s why industry witnesses at these hearings are showing up with more urgency than they did five years ago.
For compliance teams, the practical reality hasn’t changed: don’t plan around a federal privacy standard that doesn’t exist yet. The state patchwork is the current compliance reality, and organizations need architecture that works within it. What’s worth monitoring is whether the AI training data angle produces a narrower legislative vehicle, a focused AI training data exemption or preemption bill, even if comprehensive privacy legislation continues to stall. That would be the legislative shortcut industry is actually seeking.
Context: TJS has documented the federal vs. state preemption dynamic across multiple briefs this month, including the White House framework’s call for preemption and state-level responses from Colorado and California. This hearing is part of the same policy cycle.
Who This Affects
What to watch
committee markup scheduling, that’s the step that separates a hearing from a bill. Also watch for any narrowing amendments that specifically address AI training data uses, which would signal the industry lobbying strategy gaining traction.
The real question isn’t whether Congress passes a comprehensive federal privacy law this session. It won’t. The question is whether the AI training data stakes produce a targeted privacy vehicle that moves faster than the comprehensive version, and this hearing is the kind of data point that shapes that answer over time.