By RIA ROEBUCK JOSEPH
THE CENTER SQUARE CONTRIBUTOR
(The Center Square) – The California Consumer Privacy Act (CCPA) is being threatened by the reintroduction of a federal bill sponsored by Rep. Pallone Frank, Jr. (D-N.J.). The bill is scheduled to be heard by the House Energy and Commerce Committee on March 1, in a “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” hearing, at which time the American Data and Privacy Protection Act, (ADPPA) will be considered. This drew the attention of California Governor Gavin Newsom, state Attorney General Rob Bonta, and the California Privacy Protection Agency tasked with the enforcement of the CCPA.
“There is no doubt that stronger federal action is needed to protect the privacy of Americans, but these actions must not preempt existing protections in place,” said California Attorney General Rob Bonta.
The Landmark CCPA provides for:
– The right to know about the personal information a business collects about them and how it is used and shared;
– The right to delete personal information collected from them (with some exceptions);
– The right to opt-out of the sale or sharing of their personal information;
– The right to non-discrimination for exercising their CCPA rights.
– The right to correct inaccurate personal information that a business has about them; and
– The right to limit the use and disclosure of sensitive personal information collected about them.
The ADPPA threatens to preempt California’s law with a weaker federally imposed privacy act according to a release by Mr. Bonta.
“California is at the forefront of privacy in response to quickly changing technology. We urge Congress not to undercut the important protections that have been established through efforts by the states. Any federal law should set the floor, not the ceiling for privacy law,” Mr. Bonta said.
The California Protection Agency’s Deputy Director of Policy and Legislation, Maureen Mahoney, in a July 2022 memorandum stated “The American Data Privacy Protection Act … seeks to preempt nearly all provisions of the CCPA, as amended by Proposition 24, the California Privacy Rights Act of 2020. California’s private right of action for a negligent data breach, in Cal. Civ. Code Sec. 1798.150, is explicitly carved out..” She recommended opposition to the bill.
In response to the proposed ADPPA, a letter signed by the governor, attorney general and executive director of the CPPA was issued to congressional leaders on Feb 28, states in part “The American Data Privacy and Protection Act (ADPPA) seeks to extend to every American the privacy rights that they deserve. However, by prohibiting states from adopting, maintaining, enforcing, or continuing in effect any law covered by the legislation, it would eliminate existing protections for residents in California and sister states. Undermining existing state protections is unnecessary to secure passage of the ADPPA.”
The signatories proposed the following changes to the ADPPA:
– Allow states to respond to changes in technology and data collection practices to allow rigorous enforcement in those areas most affecting residents; and
– Ensure that the ADPPA is passed without a preemption clause in order to protect critical data privacy protections in state law and preserve California’s authority to establish and enforce those protections.
Ashkan Soltani, Executive Director of the CPPA stated, “In the last year alone, California added key new children’s privacy and reproductive privacy legislation to its existing privacy laws. But if ADPPA is adopted in its current form, not only could existing privacy protections be weakened, but it could prevent California legislators, and Californians through the ballot initiative, from passing new protections to address changes in technology. We urge federal legislators to ensure that any federal privacy law allows states to continue to innovate on privacy.”
The offending line in the ADPPA says “the bill preempts state laws that are covered by the provisions of the bill except for certain categories of state laws and specified laws in Illinois and California.”
“National data privacy laws passed by Congress should strengthen, not weaken our existing laws here in California,” said Gov. Gavin Newsom.
“Passing a strong federal law today that remains strong tomorrow must be reinforced with language that allows the states to legislatively innovate and respond in real-time to emerging consumer protection issues. We therefore urge Congress to ensure that the ADPPA is passed without a preemption clause in order to protect critical data privacy protections in state law and preserve California’s authority to establish and enforce those protections” the letter concluded.
