Nancy Pelosi says she supports addressing concerns that the federal data privacy legislation will preempt California’s existing law—a change that could impact bipartisan support for the bill. ACA continues to advocate for federal data privacy legislation that avoids creating a patchwork of requirements for regulated entities that may also conflict with existing regulations.
09/08/2022 9:30 A.M.
4 minute read
The federal data privacy legislation, which has advanced out of the Energy and Commerce Committee, may see some changes after Speaker of the House Nancy Pelosi, D-Calif., announced last week the federal bill does not include the needed consumer protections in the California privacy law already on the books.
“The Energy and Commerce Committee is to be commended for its work on federal data privacy legislation. Importantly, Democrats won the right for consumers for the first time to be able to seek damages in court for violations of their privacy rights,” Pelosi said in the statement.
“However, Governor Newsom, the California Privacy Protection Agency and top state leaders have pointed out the American Data Privacy and Protection Act does not guarantee the same essential consumer protections as California’s existing privacy laws. Proudly, California leads the nation not only in innovation, but also in consumer protection. With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights. California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians—and states must be allowed to address rapid changes in technology.”
Pelosi said congressional leadership will continue to work with U.S. Rep. Frank Pallone, D-N.J., chair of the Energy and Commerce Committee, to address these concerns.
How Did We Get Here?
The CCPA is opposing federal data privacy legislation that would preempt California’s data privacy act and other state privacy laws, ACA International previously reported.
The CPPA sent a letter to Pelosi and House Minority Leader Kevin McCarthy opposing the American Data Privacy and Protection Act, specifically for its measures that would replace California’s law, the California Consumer Privacy Act, with “weaker protections” and compromise the ability of the agency to fulfill its mandates under the state law, according to a news release.
The bill, H.R. 8152, advanced out of the House Energy and Commerce Committee in July.
Pallone and U.S. Rep. Cathy McMorris Rodgers, R-Wash., chairman and ranking member of the House Committee on Energy and Commerce, and U.S. Sen. Roger Wicker, R-Miss., ranking member of the Senate Committee on Commerce, Science, and Transportation, released the discussion draft of a comprehensive national data privacy and data security framework this summer, ACA previously reported.
On July 28, 2022, the CPPA Board of Directors voted unanimously to oppose H.R. 8152 and any other bill that seeks to preempt the California Consumer Privacy Act. The board, however, voted to support a privacy framework that would set a “true floor” on privacy and allow states to further innovate on those protections.
ACA’s Take
This is the strongest signal yet that the federal data privacy legislation is stalled in the 117th Congress. Changes at this point could result in the loss of bipartisan support for the bill.
ACA continues to advocate for federal data privacy legislation that avoids creating a patchwork of requirements for regulated entities that may also conflict with existing regulations.
The American Data Privacy and Protection Act, would, among other changes:
- Establish a strong national framework to protect consumer data privacy and security.
- Grant broad protections for Americans against the discriminatory use of their data.
- Require covered entities to minimize, on the front end, individuals’ data they need to collect, process, and transfer so that the use of consumer data is limited to what is reasonably necessary, proportionate, and limited for specific products and services.
“ACA appreciates that the legislation is designed to preempt many state privacy laws because all Americans deserve to receive a uniform level of privacy protections,” said ACA CEO Scott Purcell in a letter to McMorris Rodgers and Pallone. “Nonetheless, there are specific exceptions contemplated in this legislation that will result in an unnecessary and complicated patchwork of privacy protections.”
Those exceptions include:
- State data breach laws, including California’s private right of action for data breaches.
- Employee and student privacy laws.
- Facial recognition laws.
- The Illinois Biometric Information Privacy Act and Genetic Information Privacy Act.
- Fraud, identity theft, cyberstalking and cyberbullying.
- Public records laws.
- Laws regarding credit reports, financial information and financial regulations.
“The sheer breadth of these exceptions will unfortunately, limit and undermine the effectiveness of the preemption provision under consideration,” Purcell said. “Without question, the legislation and preemption as they currently stand will confuse and complicate compliance in a number of states. Given these realities, ACA respectfully urges the sponsors to eliminate or, at a minimum, narrow these exceptions to the preemption provision (except in instances of criminal behavior).”
Read ACA’s complete letter to the committee here.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.