Urges “the floor, not the ceiling” for federal laws that will not preempt California’s cutting-edge privacy protections
OAKLAND – California Attorney General Rob Bonta today led a coalition of ten attorneys general in urging Congress to respect the role of states to enforce and provide for strong consumer privacy laws while advancing legislation enacting long-overdue privacy protections nationwide. The states call on Congress to create a baseline of consumer privacy laws that do not preempt states’ ability to respond with legislation to address changing technology and data protection practices. Numerous states already have strong privacy protections in place — including California — and state laws and enforcement are critical to protect consumers and their data.
“As our marketplaces continue to change, states must maintain the ability to respond when needed,” said Attorney General Bonta. “Our states have demonstrated that we are up to the task when it comes to privacy protection, and we welcome federal action that will help us continue this work. We urge the federal government to enact legislation that creates a floor, not a ceiling, and which will allow us to continue building on state privacy laws that currently exist.”
After California passed the first comprehensive state privacy law in 2018, other states have since followed suit; Colorado, Connecticut, Virginia, Utah, and Nevada all now have laws that vest consumers with new rights over their personal information, and other states are actively considering laws of their own. These laws complement existing state privacy and data security laws that cover a number of sectors and types of information. To strengthen the already present state data privacy efforts, in the letter, the coalition urges Congress to strengthen consumer privacy protections while not preempting states’ ability to protect consumers.
The coalition highlights how the legislation should allow states to protect their residents’ information by giving them the ability to set more stringent privacy standards where and when needed. Congress has a legislative history of setting floors, not ceilings, when it comes to the regulation of sensitive information. In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) establishing national safeguards for the protection of sensitive medical records, but gave State Attorneys General concurrent enforcement authority and only preempted State laws that were “contrary.” Similar to the health protections provided by HIPAA, now, the states ask Congress to enact protections for data privacy that allows states to both enforce the law and keep up with the changing pace of modern technology.
Attorney General Bonta is joined by the attorneys general of Connecticut, Illinois, Maine, Massachusetts, Nevada, New Jersey, New Mexico, New York, and Washington in filing this comment letter.