Considering the polarized nature of today's Congress, businesses' antipathy for a broad private right of action, and the states' strong interest in avoiding preemption, it seems unlikely the American Privacy Rights Act will pass, at least in any form that resembles the current draft.
The state law preemption issue is a tricky one. States want any federal privacy law to create a floor rather than a ceiling so that they are able to legislate more stringent or additional protections to protect their residents' interests. Precedent for such a framework exists with HIPAA, the federal health privacy law that permits states to keep existing stronger laws governing health data. But businesses want a federal law to, among other things, eliminate the compliance difficulties resulting from the current patchwork of state data privacy laws.
Privacy advocates tend to agree with the states. They argue, among other things, that the states are more agile in responding to emerging issues and technologies, something that is not practicable for Congress. While acknowledging a federal law is desirable to protect citizens in states without data privacy laws, these advocates argue that preemption would be to the detriment of many others, and thus result in a law that harms more than it helps.
The evolution of the APRA and its ultimate outcome will undoubtedly involve some engaging considerations and twists that will satisfy some and frustrate others.