The ad industry on Thursday officially asked Congress to pass a national privacy law that would override state laws, including California's sweeping Consumer Privacy Act.
“Policy affecting the entire consumer economy and consumers nationwide is being shaped by Europe and a single state,” the coalition Privacy for America said in a letter to lawmakers. “This fragmented regulatory environment is untenable, creating a disparate set of privacy protections for American consumers depending on where they live, as well as significant disruption, costs and uncertainty for American businesses.”
Privacy for America, formed earlier this year, includes the Interactive Advertising Bureau, Association of National Advertisers, American Association of Advertising Agencies and Network Advertising Initiative.
The organization is urging Congress to ban some practices -- including using data to discriminate based on factors like race or religion, and using data to reject applicants for insurance, jobs, housing or credit.
The coalition also says companies shouldn't collect “the most sensitive types” of personal information including medical financial or biometric data, without people's express consent.
Other types of personal information should only be shared with third parties if there are “enforceable contracts ensuring that the other party will secure the data and use it lawfully,” the coalition writes.
The ad groups don't define what they mean by “personal information,” including whether the term would cover data attached to cookies, device identifiers or other “pseudonymous” identifiers that don't include people's names. But in the past, the ad industry has often argued that pseudonymous identifiers are not personal data.
Not surprisingly, the coalition's requests would give the ad industry more leeway to collect and use data than a framework unveiled earlier this week by Senate Democrats.
That proposal calls for legislation to establish that consumers have the right to avoid tracking by online advertisers, as well as requirements that companies minimize data collection.
Privacy for America's letter comes almost one month before California's privacy law is set to take effect. That law allows consumers to learn what personal information about them is held by businesses, request the deletion of that data, and opt out of its sale or transfer.
California's definition of “personal information” includes data that could potentially be linked to households or individuals -- like cookies, persistent identifiers, browsing history and IP addresses.
A new law in Maine, also set to take effect next year, requires broadband access providers to obtain consumers' opt-in consent before drawing on their web activity for ad targeting.
That measure's also takes a broad view of broad “personal information" -- defining it as including web-browsing history, precise geolocation information, IP addresses and device identifiers.