California Makes Moves on Privacy Legislation, but Where Is Congress?

Earlier this month, the California State Legislature passed the year’s final amendments to the California Consumer Privacy Act (CCPA), a bill to enhance personal data privacy and consumer protection online. These changes are expected to be enacted into law by October 13th, pending a signature from California Governor Gavin Newsom. On September 25th, policymakers released an additional “CCPA 2.0” initiative—The California Privacy Rights and Enforcement Act of 2020—to be placed on next year’s presidential election ballot. Among other things, CCPA 2.0 would establish an independent data protection agency, create a new class of “sensitive information” (such as passport and social security numbers), and include additional notice requirements for businesses.

Since its inception, the CCPA has been a political lightning rod. Congressional Democrats have called the bill a “floor,” not a “ceiling,” for federal privacy legislation. Conversely, Republicans have argued that stringent privacy laws create high compliance costs which pose a threat to small businesses, innovation, and consumer choice.

Policy experts have noted that California’s privacy laws often become de facto national standards. Members of Congress on both sides of the aisle have warned against simply transposing the CCPA into a model for federal legislation, even though Congress has yet to produce a politically viable alternative.

One major sticking point in the federal legislation debate is “preemption”—the ability for a federal law to preempt (override) state laws, such as the CCPA. Republicans have advocated strongly for preemption, warning against a patchwork of state laws that may disrupt interstate commerce and compound compliance costs. Some Democrats, particularly those with a hand in crafting or promoting the CCPA, are opposed to the idea of preemption, fearing that a national law might water down state laws.

In 2018, Congress had reached a consensus on the need for a strong federal privacy framework in the United States. Senator Robert Wicker (R-MS), head of the Senate Commerce, Science, and Transportation Committee, stated that he anticipated “a federal law on the books by the end of 2019.”

But Congress has yet to act. Still, many in Congress and the tech industry recognize that a clear nationwide privacy standard would be easier to comply with than different state by state laws.

Earlier this year, Senate Majority Whip John Thune (R-SD) stated that “the question is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape it should take.”

In June 2019, The New Center suggested potential reforms in a policy paper entitled “Take on Big Tech: Protecting Privacy and Public Discourse”. The New Center proposes the following solutions to create a sustainable and sensible framework for managing privacy concerns:

  • Enacting federal legislation to protect online privacy
  • Allowing the FTC to issue trade rules under the guidelines of the Administrative Procedure Act (APA), or creating a new privacy watchdog organization with APA rulemaking ability
  • Creating a legal framework to promote transparency in content moderation
  • Fostering a system of algorithmic accountability for AI use in moderating online content
  • Restoring of the Office of Technology Assessment

For privacy solutions forged in the center, read the full paper here.

Olive Morris is a policy analyst for The New Center, which aims to establish the intellectual basis for a viable political center in today’s America.