Tech companies and the ad industry are
urging Congress to pass a national privacy law that would override laws in individual states, including the relatively strong new law in California.
But advocacy groups warned Congress this
week against passing a federal law that would trump state initiatives.
“Federal privacy legislation that preempts stronger state laws would only benefit technology companies at the
expense of the public,” 16 groups including the Center for Digital Democracy, Consumer Federation of America, Electronic Frontier Foundation and Electronic Privacy Information Center write in a
letter sent to lawmakers Thursday.
The letter comes as Congress is gearing up to consider new online privacy
legislation. Tech companies and ad industry groups have called for a single national privacy regime.
"A uniform federal privacy standard could provide clarity, market certainty, and add fuel
to future innovation, while preserving the value and benefit that online advertising brings to the internet ecosystem," David Grimaldi, executive vice president for public policy at the Interactive
Advertising Bureau, wrote to the Senate Commerce Committee in September.
But the advocacy organizations argue that states are better positioned than the federal government to respond to new
technological privacy hazards.
“Given the rapid pace of changes in technology, Congress should continue to give states the freedom to quickly address and adapt to future threats that may
impact privacy and consumer protection,” the groups write.
They add that other federal privacy laws -- including the Video Privacy Protection Act, which protects the privacy of people
who rent video programs -- don't override tougher state laws.
Earlier this year, California and Vermont passed new privacy laws that were met with criticism by the ad industry. California's
new law, which takes effect in 2020, will allow consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information.
The Vermont
measure requires data brokers to notify people about security breaches, and to disclose whether they allow consumers to opt out of having their information collected, stored or sold.