California Privacy Agency Opposes ‘Weaker’ Federal Privacy Bill

California’s privacy agency urged Congress to reject a Republican-led privacy bill unveiled last week, saying it would wipe out privacy rights in the state and kill the agency’s enforcement powers.

The SECURE Data Act has a broad preemption provision that would cancel existing rights under the California Consumer Protection Act and Delete Act, Tom Kemp, CalPrivacy’s executive director, wrote in a Monday letter to the House Energy and Commerce Committee, which rolled out the legislation.

The bill would establish a national data privacy standard and override state laws, aiming to bring compliance relief to companies that have been forced to adapt to a patchwork of nearly two dozen state laws. Democrats and consumer and privacy advocates have criticized the legislation for including fewer protections for residents of states like Maryland and California, which passed some of the strongest US privacy laws.

“A strong federal privacy law is worth pursuing, but it should not strip away rights that tens of millions of people already depend on,” Kemp said in a press release. “The SECURE Act would set privacy rights back and make it much harder for consumers to exercise them in this AI-driven world where personal data is being collected at unprecedented scale.”

The agency criticized the “weaker” federal privacy bill provisions that wouldn’t restrict how long a company could hold on to consumer data, or the purposes for which it could use it. Kemp also pushed back on provisions that would allow businesses to charge for, or ignore, privacy requests in excess of two per year, and would let companies operating in the state stop honoring opt-out preference signals, which let users broadcast “do not sell” warnings across websites they visit.

The legislation would also erase the state’s first-in-the-country data deletion tool, which more than 280,000 California residents have already used to submit data deletion requests to data brokers.

The federal bill would also only authorize enforcement by the Federal Trade Commission and state attorneys general, threatening the California agency’s ability to enforce the state’s privacy and data broker laws.

“Constraining effective existing privacy enforcers when Americans need greater privacy enforcement disadvantages consumers,” the agency said.