The Washington Post
Civil rights advocates say federal privacy bill won’t hurt California’s protections
Privacy and civil rights advocates are pushing back on criticisms from California officials that a federal privacy bill would weaken protections in the state, arguing that the bipartisan measure recently unveiled in Washington is even stronger than California’s landmark law.
California Democrats for years have warned congressional colleagues that any attempts to dilute or override the California Consumer Privacy Act would meet stiff opposition.
“California’s bill is the best. Why would we want to preempt it?” Rep. Jackie Speier (D- Calif.) told me in February 2019. How a federal privacy law would intersect with a growing number of state laws has been a major sticking point for talks in Congress.
Now as lawmakers consider a landmark privacy bill — the American Data Privacy and Protection Act — that would preempt conflicting state rules, the issue is again gaining attention.
As Bloomberg Government reported, the California Privacy Protection Agency recently expressed concerns to House Speaker Nancy Pelosi (D- Calif.) that the bill “would hurt Californians” by limiting state legislators and regulators from boosting protections. The issue has also been raised by California lawmakers and more broadly by top House Democrats.
But those fears aren’t shared by several D.c.-based privacy advocates.
A memo comparing the measures prepared by three prominent nonprofits and shared with The Technology 202 argues that the federal bill’s consumer protections are equal to or better than the California law in a vast majority of areas.
Alan Butler, executive director of the privacy group EPIC, said that the federal bill (ADPPA) would be more effective in minimizing how much data companies can collect from consumers, has stronger guardrails around sensitive data and, notably, contains a section on civil rights.
“ADPPA is basically much clearer on the obligations of companies to limit the extent of their processing, the collection … and transfer of data to a specific list of permissible purposes,” he said.
David Brody, managing attorney for the Lawyers' Committee for Civil Rights Under Law, said the bill also gives consumers a more robust mechanism to bring lawsuits against violators, whereas the “private right of action” under the California law is limited to data breaches.
“One of the biggest and most obvious reasons why the federal bill is better is because it actually has a private right of action,” he said.
The bill also covers a
“broader” array of entities and is “more protective” when it comes to children’s and teens’ data, according to the memo, which EPIC and the Lawyers’ Committee compiled along with the Center for Democracy and Technology. (CDT receives funding from tech companies including Google, Apple and Twitter.)
Still, questions about the legislation’s language around state preemption and private right of action are expected to be a focus next week as the House Energy & Commerce Committee looks to mark up and advance the bill to the chamber floor.
It would mark the first time a comprehensive consumer privacy bill has made it out of committee on Capitol Hill, a historic feat. But it faces major hurdles in the Senate.
Senate Commerce Chair Maria Cantwell (D-wash.) has said the enforcement mechanism of her colleagues’ bill is too weak.
One key aspect of California’s law could prove contentious on Capitol Hill: It contains language blocking state legislators from weakening its protections.
While ADPPA may be stronger than California’s law in the eyes of some privacy advocates, members of the California delegation may still be reluctant to pass a federal law that could be watered down by another Congress, unlike the California Consumer Privacy Act.
Another is that by overriding California’s law, it could severely weaken the power of the state’s newly created regulator, the California Privacy Protection Agency. Butler said he hopes it’s an issue lawmakers on Capitol Hill can address as they debate their bill.
“This is an issue that I think it's really important to resolve in ADPPA, but I don't think it's an issue that’s … a fundamental structural flaw,” he said.