Tech companies and the ad industry are urging Congress to pass a national privacy law that would override laws in individual states, including the relatively strong new law in California.
But advocacy groups warned Congress this week against passing a federal law that would trump state initiatives.
“Federal privacy legislation that preempts stronger state laws would only benefit technology companies at the expense of the public,” 16 groups including the Center for Digital Democracy, Consumer Federation of America, Electronic Frontier Foundation and Electronic Privacy Information Center write in a letter sent to lawmakers Thursday.
The letter comes as Congress is gearing up to consider new online privacy legislation. Tech companies and ad industry groups have called for a single national privacy regime.
"A uniform federal privacy standard could provide clarity, market certainty, and add fuel to future innovation, while preserving the value and benefit that online advertising brings to the internet ecosystem," David Grimaldi, executive vice president for public policy at the Interactive Advertising Bureau, wrote to the Senate Commerce Committee in September.
But the advocacy organizations argue that states are better positioned than the federal government to respond to new technological privacy hazards.
“Given the rapid pace of changes in technology, Congress should continue to give states the freedom to quickly address and adapt to future threats that may impact privacy and consumer protection,” the groups write.
They add that other federal privacy laws -- including the Video Privacy Protection Act, which protects the privacy of people who rent video programs -- don't override tougher state laws.
Earlier this year, California and Vermont passed new privacy laws that were met with criticism by the ad industry. California's new law, which takes effect in 2020, will allow consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information.
The Vermont measure requires data brokers to notify people about security breaches, and to disclose whether they allow consumers to opt out of having their information collected, stored or sold.