• by Wendy Davis  @wendyndavis, June 11, 2024

The tech industry group TechNet, U.S. Chamber of Commerce and other organizations are urging lawmakers to revise a proposed federal privacy law by more sweepingly overriding state privacy statutes.

The proposed American Privacy Rights Act “falls short of creating a uniform national standard due to its inadequate federal preemption of the ever-growing patchwork of state privacy laws,” the groups say in a letter sent this week to leaders of the House Energy and Commerce Committee.

As currently written, the proposed law appears to require businesses to allow consumers to opt out of online behavioral advertising -- meaning ads served based on cross-site and cross-app data. The current iteration also would require data brokers to let consumers opt out of data collection, and request deletion of their data. The measure additionally would allow consumers to sue over violations.

When Senator Maria Cantwell (D-Washington) and Representative Cathy McMorris Rodgers (R-Washington) unveiled the bill earlier this year, they stated it would override most state privacy laws.

But the current version of the measure has some built-in carve-outs, including ones that would allow Illinois residents to continue to sue companies over violations of that state's biometric privacy laws, and California residents to sue over some data breaches.

Another carve-out would appear to allow Washington's My Health My Data Act to remain in effect. That law, passed last year, prohibits app developers, website operators and others from collecting or sharing a broad range of health data without consumers' opt-in consent. The measure also outlaws geo-fencing within 2,000 feet health-care facilities.

TechNet, the Chamber of Commerce and other organizations write that without “full preemption” of state laws, the American Privacy Rights Act “will add to the privacy patchwork, create confusion for consumers, and hinder economic growth.”

Some privacy advocates have urged lawmakers to go in the opposition direction by allowing states to pass stronger laws.

“Strong federal protections do not have to come at the expense of the states,” Ashkan Soltani, executive director of the California Privacy Protection Agency -- which enforces that state's privacy law -- said in a letter sent to lawmakers last month. “Indeed, if we view states as laboratories in our federal system, the [American Privacy Rights Act] would slam the door closed when it comes to privacy and emerging technology.”

Lawmakers on a House subcommittee advanced the bill last month, but suggested that they plan to revise the measure before the full Energy and Commerce committee votes on it.