California’s new privacy regulator, the California Privacy Protection Agency (CPPA), has been vocal in its opposition to the US Federal Privacy and Data Protection Bill (ADPPA). Bottom line for unanimous opposition: ADPPA would override California privacy laws — both the California Consumer Privacy Act and the California Privacy Rights Act effective as of 1/1/23 — and set a cap on state regulation of privacy. To provide some context, the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a threshold for protecting health information covered by the law. State laws that are “contrary” to the HIPAA Privacy Rule are pre-emptive, unless a specific exception applies. ADPPA’s pre-emption provision is broad and, according to all CAPP members, creates potential future limitation on California’s ability (whether through the state legislature, the vote of voters or the development of regulatory rules) to respond to new privacy concerns and to develop new legal requirements.
In public comments, most commenters agreed with CAPP and strongly opposed full federal preemption, urged the council to engage in public education about ADPPA and its effects, and to collaborate with other states with existing or pending privacy laws that would be preempted by the ADPPA to participate in public awareness campaigns. An exception was the former chairman of the Federal Trade Commission (FTC). In his remarks to CAPP, Jon Liebovitz urged the agency to help improve ADPPA rather than oppose it, and said he believed ADPPA was “much stronger than California law. present day” because it includes broader protections for children and civil rights. In addition, Liebovitz pointed out that the ADPPA’s private right of action is broader than that of California law: the private right of action in the CCPA/CPRA is limited only to security breaches.
CAPP voted unanimously (1) to approve the staff recommendation to oppose the ADPPA as currently drafted; (2) approve the Staff’s recommendation to oppose any federal bill that, in the judgment of the CAPP Staff, seeks to either (i) anticipate California privacy laws, (ii ) materially weakens privacy protections in California, or (iii) prevents the CAPP, the California Legislature, or California voters through a ballot initiative, from strengthening privacy rights in the future , responding to future changes in data privacy/security, or which limits CAPP’s ability to fulfill all responsibilities and mandates; and (3) authorized CAPP staff to support any federal bill that, in CAPP’s opinion, either (i) does not substantially prejudge California privacy laws, or (ii) which, in general, creates a “real” floor for the protection of privacy.
One of CAPP President Jennifer Urban’s closing remarks sums it all up: “We support the privacy of all Americans, we simply cannot support it at the expense of Californians. »
Watch this place.