California AG says federal privacy legislation should not include preemption
On February 25, California Attorney General Xavier Becerra sent a letter to the chairmen and ranking members of the Senate Committee on Commerce, Science and Transportation and the House Committee on Energy and Commerce, asking lawmakers to not preempt state laws as they draft federal privacy legislation. While Becerra expressed his appreciation for Congress’ efforts to address consumer privacy issues through legislation, he stated, “I encourage Congress to favor legislation that sets a federal privacy-protection floor rather than a ceiling, allowing my state—and others that may follow—the opportunity to provide further protections tailored to our residents.” To emphasize his position, Becerra provided an update on the California Consumer Privacy Act (CCPA), which confers significant new privacy rights to California consumers concerning the collection, use, disclosure, and sale of their personal information by covered businesses, service providers, and third parties. The CCPA took effect January 1 but will not be enforced until July 1 following promulgation of the attorney general’s CCPA regulations. (See continuing InfoBytes coverage on the CCPA here.)
Becerra outlined several criteria for Congress to consider when drafting privacy legislation, encouraging Congress to “develop a final bill that builds on the rights afforded by [the] CCPA” as well as the additional guidance within the proposed regulations. These include the right for consumers to (i) “access, correct, and delete personal information that has been collected”; (ii) “minimize data collection, processing, and retention”; (iii) “data portability among services”; and (iv) “know what data is collected and processed and for what reasons.” In addition, Becerra stated that Congress should make clear that state attorneys general have “parallel enforcement authority” and that consumers are granted a private right of action to protect their rights.