State AGs Defend Privacy Laws Against Federal Preemption
The Attorneys General of 28 states and the District of Columbia defended a state role in consumer protection on privacy in a letter to the Federal Trade Commission at the end of August as part of the public hearing process on competition and consumer protection in the 21st century.
Businesses have so far made a strong case to the federal government for federal preemption of state privacy laws. The complexity of compliance with 50 different data privacy laws could create confusion for customers and increase costs for businesses. Nevertheless, the concept of local government rule and the states important role as laboratories of government caution against quick intervention after a single comprehensive state law, the California Consumer Privacy Act, has been adopted.
Here are the five major reasons that the Attorneys General believe there should not be preemption:
1. The states have traditionally played an important role in consumer protection and are in a unique position to identify and address unfair / deceptive conduct because the states often hear first from consumers regarding problems in the marketplace. Early state intervention can prevent local problems from becoming national problems.
2. States have been an important area of innovation in technology laws to benefit consumer protection. All 50 states now require businesses to notify consumers of data breaches, many states have enacted laws requiring organizations safeguard personal data, Vermont created the first law to require registration and security standards for data brokers, and California passed the nation’s most comprehensive privacy law.
3. State Attorneys General have significant experience in technology-related privacy issues, which they began focusing on in the 1990s. Since the times of enforcement actions against intrusive telemarketing, spam, spyware and the absence of privacy policies, the states have developed efficient processes to coordinate regional and national investigations and enforcement actions.
4. Parallel enforcement maximizes government resources, best deters potential violations and redresses consumer harm. State enforcement seeks the same goals as the federal government, transparency about privacy practices and actions consistent with the representations that they make to consumers.
5. State enforcement allows for independent actions when a privacy or cybersecurity incident disproportionately impacts the residents of one state. Not all incidents happen at multinational companies – states are best for local businesses affecting local consumers.
Congress seems likely to be focused on privacy this fall, but as MarTech Today pointed out recently, it’s unlikely that there will be substantial progress on federal privacy legislation before the mid-term elections. According to MarTech, it’s a “safe bet” that a new federal privacy law will look very different if the Democrats gain control of either the House or Senate. If the Democrats take control of the House, complete preemption of state privacy laws in a business-friendly manner becomes less likely.
More from Clarip
Read the latest privacy news on the Clarip Blog.
Find the third-parties that your organization shares personal data with via our data mapping software.