Attorney General Bonta, Governor Newsom and CPPA File Letter Opposing Federal Privacy Preemption

News:

Federal privacy law should be the “floor, not a ceiling”

SACRAMENTO — Today, Governor Gavin Newsom, Attorney General Rob Bonta, and the California Privacy Protection Agency (CPPA) sent a joint letter to Congress opposing preemption language in H.R. 8152, the American Data Privacy and Protection Act (ADPPA). The ADPPA, introduced in the last Congressional session, sought to replace California’s landmark law with weaker protections and could compromise the ability of the California Privacy Protection Agency (CPPA) to fulfill its mandate to protect the privacy of Californians. California today calls on Congress to set the floor and not the ceiling in any federal privacy law, and to allow states to provide additional protections in response to changing technology and data privacy protection practices.

“National data privacy laws passed by Congress should strengthen, not weaken our existing laws here in California,” said Governor Newsom. “As personal data is routinely bought and sold it is critical that consumers have the ability to consent to the sharing of this information, especially in an era where Roe v. Wade has been overturned and access to personal data can be used in legal proceedings. California has been on the leading edge when it comes to creating new digital technology, but we have also coupled these advances with stronger consumer protections. The rest of the nation should follow our lead.”

“There is no doubt that stronger federal action is needed to protect the privacy of Americans, but these actions must not preempt existing protections in place,” said California Attorney General Rob Bonta. “California is at the forefront of privacy in response to quickly changing technology. We urge Congress not to undercut the important protections that have been established through efforts by the states. Any federal law should set the floor, not the ceiling for privacy law.”

Ashkan Soltani, Executive Director of the CPPA, said: “Federal privacy protections cannot come at the expense of Californians and residents of other states that have adopted innovative privacy protections. In the last year alone, California added key new children’s privacy and reproductive privacy legislation to its existing privacy laws. But if ADPPA is adopted in its current form, not only could existing privacy protections be weakened, but it could prevent California legislators, and Californians through the ballot initiative, from passing new protections to address changes in technology. We urge federal legislators to ensure that any federal privacy law allows states to continue to innovate on privacy.”

The joint letter was submitted to the House Energy & Commerce Committee in advance of the Committee’s March 1 hearing, "Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy.” The Committee is expected to reintroduce ADPPA in the new legislative session.

California continues to lead on data privacy, and to adopt laws in response to rapidly evolving technology, with the strongest and most groundbreaking data protections in the nation. Californians currently have robust protections and rights to manage and control the use of their data through the California Consumer Privacy Act (CCPA). As Congress considers adopting ADPPA, California urges changes to the proposed law as the ADPPA in its current form would undermine the CCPA and would hamper state efforts to keep up with and adapt laws to changing technology.

The path forward to a robust data privacy law is one that sets a federal floor, not a ceiling, to allow states to continue to innovate and be nimble in protecting their residents. In the letter, Governor Newsom, Attorney General Bonta, and CPPA urge Congress to make changes to the ADPPA proposal that:

  • Allow states to respond to changes in technology and data collection practices to allow rigorous enforcement in those areas most affecting residents, and
  • Ensure that the ADPPA is passed without a preemption clause in order to protect critical data privacy protections in state law and preserve California’s authority to establish and enforce those protections.

Last fall, then-United States House Speaker Nancy Pelosi released comments outlining her concerns with ADPPA’s limits on state privacy protections. Governor Newsom, Attorney General Bonta, Assembly Speaker Rendon, and members of the California Senate have also previously released letters raising concerns about ADPPA. On July 19, 2022, Attorney General Bonta led a multistate coalition calling on Congress in its consideration of ADPPA to respect the role of states to enforce and provide for strong consumer privacy laws while advancing legislation enacting long-overdue privacy protections nationwide.

The California Privacy Protection Agency released a letter opposing H.R. 8152 last year, and in September, Agency Chairperson Jennifer Urban published an opinion piece in the San Francisco Chronicle highlighting how the ADPPA could remove existing protections from California consumers.

The California Privacy Protection Agency’s mission is to protect the consumer privacy of Californians. Established in 2020, the Agency is governed by a five-member board that consists of experts in privacy, technology, and consumer rights. The Agency has several responsibilities, such as promoting public awareness of consumers’ rights and businesses’ responsibilities under the CCPA; adopting regulations in furtherance of the CCPA; and beginning July 1, 2023, the Agency is tasked with enforcing the CCPA through administrative enforcement actions. It will share CCPA enforcement authority with the Attorney General.

A copy of the letter can be found here.