The agency opposes the federal law because of measures that would preempt California’s data privacy act and compromise the mandates it has to fulfill under that act.
08/17/2022 1:30 P.M.
3 minute read
The California Privacy Protection Agency (CCPA) is opposing federal data privacy legislation that would preempt California’s data privacy act and other state privacy laws, it announced this week.
The CPPA sent a letter to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy opposing H.R. 8152, the American Data Privacy and Protection Act, specifically for its measures that would replace California’s law, the California Consumer Privacy Act, with “weaker protections” and compromise the ability of the agency to fulfill its mandates under the state law, according to a news release.
H.R. 8152 advanced out of the House Energy and Commerce Committee in July.
U.S. Reps. Frank Pallone Jr., D-N.J. and Cathy McMorris Rodgers, R-Wash., chairman and ranking member of the House Committee on Energy and Commerce, and U.S. Sen. Roger Wicker, R-Miss., ranking member of the Senate Committee on Commerce, Science, and Transportation, released the discussion draft of a comprehensive national data privacy and data security framework this summer, ACA International previously reported.
On July 28, 2022, the CPPA Board of Directors voted unanimously to oppose H.R. 8152 and any other bill that seeks to preempt the California Consumer Privacy Act (CCPA). The board, however, voted to support a privacy framework that would set a “true floor” on privacy and allow states to further innovate on those protections.
The CPPA, created and funded in 2020 by California voters, is the first data protection authority in the U.S., and its sole focus is the protection of California residents’ privacy rights.
U.S. Reps. Anna Eshoo, D-Calif., and Nanette Barragán, D-Calif., both members of the House Energy and Commerce Committee, voted against H.R. 8152 at last month’s markup. Every member of the California delegation voted in favor of an amendment that would allow the states to pass stronger laws, which Eshoo proposed, according to the CPPA.
ACA Advocacy
ACA continues to advocate for federal data privacy legislation that avoids creating a patchwork of requirements for regulated entities that may also conflict with existing regulations.
The American Data Privacy and Protection Act, would, among other changes:
- Establish a strong national framework to protect consumer data privacy and security.
- Grant broad protections for Americans against the discriminatory use of their data.
- Require covered entities to minimize, on the front end, individuals’ data they need to collect, process, and transfer so that the use of consumer data is limited to what is reasonably necessary, proportionate, and limited for specific products and services.
“ACA appreciates that the legislation is designed to preempt many state privacy laws because all Americans deserve to receive a uniform level of privacy protections,” said ACA CEO Scott Purcell in a letter to McMorris Rodgers and Pallone. “Nonetheless, there are specific exceptions contemplated in this legislation that will result in an unnecessary and complicated patchwork of privacy protections.”
Those exceptions include:
- State data breach laws, including California’s private right of action for data breaches.
- Employee and student privacy laws.
- Facial recognition laws.
- The Illinois Biometric Information Privacy Act and Genetic Information Privacy Act.
- Fraud, identity theft, cyberstalking and cyberbullying.
- Public records laws.
- Laws regarding credit reports, financial information and financial regulations.
“The sheer breadth of these exceptions will, unfortunately, limit and undermine the effectiveness of the preemption provision under consideration,” Purcell said. “Without question, the legislation and preemption as they currently stand will confuse and complicate compliance in a number of states. Given these realities, ACA respectfully urges the sponsors to eliminate or, at a minimum, narrow these exceptions to the preemption provision (except in instances of criminal behavior).”
Read ACA’s complete letter to the committee here.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.