Federal vs. State Data Privacy Laws Debate Continues


Senate committees discuss federal proposals for protecting consumers’ data.

12/5/2019 11:30

Congress and business representatives focused on data privacy continued the discussion on the merits of federal data privacy framework compared to individual laws at the state level during a Senate hearing Dec. 4.

The discussion came as one of the most sweeping state data privacy laws to date, the California Consumer Privacy Act (CCPA), is set to take effect Jan. 1, 2020.

ACA International has consistently advocated for a balance between protecting consumers’ data privacy and ensuring legitimate businesses are not faced with duplicative laws that create regulatory burdens.

Wednesday’s hearing focused on federal laws, some that would preempt state regulations, some that would not.

“For the past year, members of this committee have worked to develop a strong, national privacy law that would provide baseline data protections for all Americans,” said Senate Committee on Commerce, Science, and Transportation Committee Chairman Roger Wicker, R-Miss., during the hearing, titled “Examining Legislative Proposals to Protect Consumer Data Privacy.”

Wicker released a fact sheet on his discussion draft for the United States Consumer Data Privacy Act (USCDPA) during the hearing. The act would establish national standards to bring the U.S. in line with the European Union and other nations’ data privacy laws while providing consumers the option to consent to or opt out of data sharing, among other requirements. Senator Wicker’s legislation is expected to be one of the main vehicles any federal legislation would potentially move on.

U.S. Sens. Maria Cantwell, D-Wash., ranking member of the committee, and Brian Schatz, D-Hawaii, Amy Klobuchar, D-Minn., and Ed Markey, D-Mass., also unveiled comprehensive federal online privacy legislation.

The Senate Banking Committee also recently discussed data privacy. In a  letter to Committee Chairman U.S. Sen. Mike Crapo, R-Idaho, and the committee’s Ranking Member U.S. Sen. Sherrod Brown, D-Ohio, in October, ACA noted the need for balance between protecting consumers’ data and legitimate businesses’ use of the data.

“We strongly support the goal of protecting the privacy of consumers and their data, and are committed to vigorous compliance in furtherance of this pursuit,” said ACA International CEO Mark Neeb in the letter submitted before the “Data Ownership: Exploring Implications for Data Privacy Rights and Data Valuation” hearing in October. “However, there are many lawful and important reasons why those in the accounts receivable management industry may collect and store consumer data in compliance with already existing privacy and consumer protection laws.”

State laws such as the CCPA and the European Union’s General Data Protection Regulation (GDPR) continue to shape discussion and debate over whether data should be treated as property to further protect consumers.

In California, the CCPA allows consumers the right to opt out of the sale or sharing of their personal information, and requires businesses to disclose data collection and sharing practices

The GDPR also has similar protections for consumers.

The California Attorney General held several public hearings on the CCPA in early December and opened public comment on some proposed regulations just before the law takes effect. Members of ACA and the California Association of Collectors Inc. attended the hearings and have a privacy coalition in place to advocate with legislators and regulators in California. Watch for coverage in ACA Daily.

Overall, ACA urges Congress to enact federal laws that preempt state requirements.

“As Congress moves forward with any potential new laws for federal data privacy, we ask that it is cautious not to create any duplicative, conflicting, or overly complex standards for those in the accounts receivable management industry who already work carefully to protect consumer data,” Neeb said. “ACA and its members have also outlined their concerns specific to the CCPA in hearings and through comments at the state level. We ask that you consider that feedback and those concerns if the committee looks to different state laws, as it considers a federal standard.”

ACA remains active in discussions at the state, federal and global level for new policies and requirements in the privacy area impacting the accounts receivable management industry.