Attorney General Bonta to Congressional Leaders: Federal Data Privacy Law Should Set a Floor, Not a Ceiling
Rapidly changing technology requires responsive, flexible state privacy policy
OAKLAND — California Attorney General Rob Bonta today led a multistate coalition of 15 attorneys general urging congressional leaders to remove preemption language in the current draft of the American Privacy Rights Act (APRA), a proposed federal data privacy bill. The preemption clause currently in the APRA would result in California’s landmark privacy law being replaced with weaker protections and would hamper the ability of California to adequately protect the privacy of its citizens in the future. In today’s letter, Attorney General Bonta and colleagues from across the country call on Congress to set a floor and not a ceiling with any federal privacy law, and to respect additional protections states provide or would provide in future state-level legislation.
“Federal action to protect Americans' privacy is essential, but not at the expense of the robust protections already in place in California and in states across the country. California is at the forefront of privacy protections and must retain the ability to respond to privacy concerns as tech rapidly innovates,” said Attorney General Bonta. “We urge Congress not to undercut the important protections that states have established; states must be able to protect their residents from evolving privacy threats.”
With the first comprehensive privacy law in the country, California has the strongest protections in the nation. Californians currently have robust protections and rights to manage and control the use of their data through the California Consumer Privacy Act and other state laws. Since California passed the first comprehensive privacy law in 2018, numerous states have followed suit. States play a critical role in flexibly adapting to real-world circumstances and have set minimum data privacy standards that have driven innovation, including in the adoption of the global privacy control, and have not impeded business or technology.
In the letter, the attorneys general highlight the importance of current and future state privacy protections, and ask that any federal privacy framework leave room for states to legislate responsively to changes in technology and data collection practices, as states are better equipped to quickly adjust to the challenges presented by technological innovation that may elude federal oversight. As Congress considers adopting APRA, the coalition urges changes to the proposed law — the APRA in its current form would impair some existing state protections and hamper state efforts to keep up with and adapt laws to changing technology.
In sending today's letter, Attorney General Bonta was joined by the attorneys general of Connecticut, Delaware, Hawaii, Illinois, Maine, Massachusetts, Maryland, Minnesota, Nevada, New York, Oregon, Pennsylvania, Vermont, and the District of Columbia.
Attorney General Bonta is committed to protecting the privacy rights of Californians:
- Last month, Attorney General Bonta and California Governor Gavin Newsom sent a letter to Congress urging congressional leaders to not include preemption language in the APRA.
- Last year, Governor Gavin Newsom, Attorney General Bonta, and the California Privacy Protection Agency (CPPA) sent a joint letter to Congress opposing preemption language in similar proposed legislation.
- In March, Attorney General Bonta joined a bipartisan multistate letter to the Federal Trade Commission expressing support for updates to the Children’s Online Privacy Protection Act and advocating for further clarity for proposed rules.
- In February Attorney General Bonta announced a settlement with DoorDash, resolving allegations that the company violated the CCPA and the California Online Privacy Protection Act (CalOPPA) by selling its California customers’ personal information without providing notice or an opportunity to opt out of that sale.
- In January, Attorney General Bonta, Assemblymember Buffy Wicks, and Senator Nancy Skinner introduced the California Children’s Data Privacy Act (AB 1949 Wicks), and the Protecting Our Kids from Social Media Addiction Act (SB 976 Skinner), landmark legislation seeking to protect youth online. These two bills would, respectively, limit the harms associated with social media addiction and provide more robust protections for kids’ data privacy.
- Earlier this year, as part of ongoing efforts to enforce the CCPA, Attorney General Bonta announced an investigative sweep, and sent letters to businesses with popular streaming apps and devices, alleging that they fail to comply with the CCPA. The sweep focused on the compliance of streaming services with CCPA’s opt-out requirements for businesses that sell or share consumer personal information, including those that do not offer an easy mechanism for consumers who want to stop the sale of their data.
- In September 2023, Attorney General Bonta announced a $93 million settlement with Google resolving allegations that its location-privacy practices violated California consumer protection laws.
A copy of the letter can be found here.
Source: Office of the Attorney General of California