Data privacy regulators lobby lawmakers to not draft federal legislation preempting state laws

Two powerful state regulators are pushing a congressional working group crafting data privacy legislation to not draft a bill that would override existing state regulations.

The working group, which includes only Republican members of the House Energy and Commerce Committee, has been soliciting input from “stakeholders” since February on how to shape federal data privacy legislation.

Previous efforts to enact federal data privacy legislation have failed in large part due to arguments about “preemption,” which would allow a federal bill to wipe out regulations in the nearly 20 existing state data privacy laws. Some of those existing laws are tough on industry — likely more so than federal legislation would end up being, particularly in this Republican-controlled Congress.

In a letter to the working group on Monday, Tom Kemp, the head of the California Privacy Protection Agency, and New Jersey Attorney General Matthew Platkin argued that their relatively tough state laws should not be overtaken by what is sure to be weaker federal legislation. States have tried and in many cases succeeded in aligning their laws with each other, they said.

California has the strongest privacy law in the country and has recently been cracking down on data brokers.

The letter contradicts arguments scores of industry groups have made about the need to enact federal legislation that supersedes a patchwork of differing state privacy laws. 

“States play a crucial ongoing role in addressing emerging privacy challenges,” the letter said. “To ensure adequate safeguards, federal privacy laws should establish a floor of protections while allowing states the ability to adopt stronger protections.”

In January, the U.S. Chamber of Commerce and more than three dozen other industry groups  sent legislators a letter calling for a federal law that preempts state laws in an effort to create uniformity. Industry has said it is difficult and expensive to comply with the varying state laws due to their disparate rules.

A new federal law should allow consumers to know whether companies are processing their data, allow them to delete or correct their information and enable them to “opt out” of targeted advertising built off of sales of their web browsing and other personal data, the January letter from industry said.

However, the measures suggested by the industry groups omit tougher language included in strong laws such as California’s and instead closely mirror weaker laws such as Kentucky’s.

In their letter, Kemp and Platkin argued that the patchwork of state laws should not present businesses with logistical difficulties.

“The comprehensive state privacy laws in effect today build upon one another, establishing consistencies among the laws and promoting interoperability,” the letter said.

“To the extent that there are differences among state privacy laws, they often reflect the important role that states play in establishing and testing innovative solutions to new privacy problems.”