A group of 10 state attorneys general (AG) wrote a letter to Congress encouraging the legislators to set a Federal floor for critical privacy rights— and not a ceiling— while respecting important work already done by states to provide strong privacy protections for their residents.
In a letter from California AG Rob Bonta, the attorneys general said that a Federal legal framework for privacy protections should allow for flexibility to best keep pace with technology and not attempt to preempt more rigorous and protective state laws.
“Since California passed the first comprehensive privacy law in 2018, other states have followed suit: Colorado, Connecticut, Virginia, Utah, and Nevada all have laws that vest consumers with new rights over their personal information,” wrote Bonta. “Other states have passed innovative consumer protection laws requiring reasonable data security safeguards, establishing special protections for data that could be used to commit identity theft, or mandating consent before collecting biometric data.”
The letter pushes for Congress to adopt a Federal baseline, while continuing to allow states to make decisions on additional protections for consumers in their jurisdictions through detailing how this approach has been successful for other consumer privacy contexts, and that “state laws can also bolster privacy protections where there are violations of Federal law.”
The attorneys general also say that states are better equipped to adjust to challenges presented by technological innovation quickly.
Further, the attorneys general have concerns over a portion of preemption language in both the American Data Privacy and Protection Act (ADPPA) and the Consumer Online Privacy Rights Act (COPRA).
“While we appreciate that the drafts articulate a specific role for enforcement by state attorneys general, the bills as drafted appear to substantially preempt many states’ ability to investigate,” they say. “Section 404 preserves state consumer laws and causes of action, but the text in subdivision (c) provides that ‘a violation of this Act shall not be pleaded as an element of any such cause of action.’”
The group says that in many states, AG offices use civil investigative demands under its consumer protection authority to demand documents or information from entities when they believe there should be a legal violation. Section 404, they say, would act as a bar for investigating violations of the Federal law, as it prohibits them from forming the basis for state consumer protection claims.
Joining Bonta on the letter are Connecticut AG William Tong, Illinois AG Kwame Raoul, Maine AG Aaron Frey, Massachusetts AG Maura Healey, Nevada AG Aaron Ford, New Jersey Acting AG Matthew Platkin, New Mexico AG Hector Balderas, New York AG Letitia James, and Washington AG Bob Ferguson.