The CPPA Opposes Current Construction of Proposed Federal Privacy Legislation

The California Privacy Protection Agency Applauds Speaker Pelosi for her Statement on Federal Privacy Legislation

On September 1, 2022, United States House Speaker Nancy Pelosi released a statement on Federal Data Privacy Legislation. She notes, in the relevant part, that the “American Data Privacy and Protection Act does not guarantee the same essential consumer protections as California’s existing privacy laws. Proudly, California leads the nation not only in innovation, but also in consumer protection. With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights.”

CPPA Executive Director Ashkan Soltani released a statement in support of Ms. Pelosi’s comments: “The California Privacy Protection Agency applauds Speaker Pelosi’s commitment to ensuring strong privacy protections, in California and across the country. We look forward to working with the Speaker and Chairman Pallone to ensure that any federal privacy legislation sets a true floor for privacy protections and preserves the key role of the states to innovate, particularly in response to rapidly evolving threats to privacy.”

CPPA Releases Letter Opposing the American Data Privacy Protection Act

On August 15, 2022, the CPPA sent a letter to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy opposing H.R. 8152, the American Data Privacy and Protection Act (ADPPA). 

As currently crafted, the ADPPA sets to preempt most of the CCPA, including substantially limiting the CPPA’s functions. The letter looks to help inform and seeks to cooperate with the federal legislators to create a future bill that would create a true “floor.” 

Of note, California Representatives Eshoo and Barragán, both members of the House Energy and Commerce Committee, voted against ADPPA at last month’s markup. Every member of the California delegation voted in favor of an amendment that would allow the states to pass stronger laws.

CPPA Board Votes to Oppose the American Data Privacy Protection Act

On July 28, 2022, the CPPA held a special meeting pursuant to Government Code 11125.4 to discuss preemption and to take possible action on proposed federal privacy legislation, including the ADPAA and similar legislation, and the effect it would have on the California Consumer Privacy Protection Action (CCPA) as amended by the California Rights Privacy Act (CPRA). 

In short, the Board members, and most stakeholders, expressed that the proposed federal privacy legislation fail or be revised to set the CCPA’s provisions as the new “floor” while also preventing any potential privacy ceiling from being established. 

Before the meeting took place, California lawmakers had expressed support for stopping the current legislation in its tracks. The CPPA provided meeting materials on its website, including the following: 

• Letter from Governor Gavin Newsom to Chairman Pallone
• Letter from Assembly Speaker Anthony Rendon to Speaker Nancy Pelosi re Federal Preemption of California’s Landmark Privacy Law
• Letter from Attorney General Rob Bonta and Nine Attorneys General to Congressional Leaders
• CPPA Staff Memo, Analysis and Recommended Agency Position on HR 8152
• CPPA Staff Memo, Recommended Agency Position on Legislation that Seeks to Preempt CCPA

Throughout the meeting, the Board members took turns expressing the importance of not only the role that California plays in as the watchdog to protect California’s privacy but also the need to take action. Board Member De La Torre stated: “Preemption to me doesn’t really align with ensuring that Californians or, for that matter residents of any state, enjoy the highest possible privacy protections.”  And, Board member Vinhcent Le commented that: “Preemption would mean that California no longer have the right to opt out of automated decision making or get meaningful information when an automated system profiles them or makes a high stakes decisions around who has access to jobs, healthcare, credit, housing, you name it.”

Ultimately, the Board voted unanimously to oppose the then-currently proposed federal privacy legislation. The Board observed that the legislation’s preemption language would significantly weaken the current privacy rights for Californians. For example, the ADPPA does not have a provision to prevent weakening of the law like the CPRA gave the CPPA.