September 26, 2022

Volume XII, Number 269

Advertisement

September 26, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

California Privacy Protection Agency Unanimously Opposes the American Data Privacy and Protection Act

The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA).   The bottom line for the unanimous opposition:  the ADPPA would preempt California’s privacy laws – both the California Consumer Privacy Act and the California Privacy Rights Act effective as of 1/1/23 – and establishes a ceiling on privacy regulation by states.  To provide some context, the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), establishes a floor for protection of health information covered by the statute.  State laws that are “contrary” to the HIPAA Privacy Rule are preemption, unless a specific exception applies.  The ADPPA preemption provision is broad and, according to all members of the CPPA, creates a potential future limitation on California’s ability (whether via state legislature, voter ballot, or regulatory rulemaking) to react to new privacy concerns and develop new legal requirements.

In public comment, most commenters agreed with the CPPA and strongly opposed full federal preemption, urged the board to engage in public awareness of the ADPPA and its effects, and collaborate with other states with existing or pending privacy laws which would be preempted by ADPPA to engage in public awareness campaigns.  One exception was the former chair of the Federal Trade Commission (FTC).  In remarks to the CPPA, Jon Liebovitz urged the agency to help improve the ADPPA rather than oppose it, and said that he believed the ADPPA is “much stronger than the current California law” because it includes broader protections for children and civil rights.  Further, Liebovitz pointed out that the ADPPA’s private right of action is broader than that in California law:  the private right of action in the CCPA/CPRA is limited only to security breaches.

The CPPA unanimously voted (1) to approve staff recommendation to oppose the ADPPA as currently drafted; (2) approve staff recommendation to oppose any federal bill that in CPPA staff judgment seeks to either (i) preempt California privacy laws, (ii) substantially weakens privacy protections in California,or (iii) prevents the CPPA, the California legislature, or California voters through ballot initiative, from strengthening privacy rights in the future, responding the future changes in data privacy/security, or that limits the CPPA’s ability to fulfill all responsibilities and mandates; and (3) authorized the CPPA staff to support any federal bill that in the CPPA’s judgment either (i) does not broadly preempt California privacy laws, or (ii) that in general, creates a “true” floor for privacy protections.

One of CPPA Chair Jennifer Urban’s closing remarks sums all of this up:  “We support privacy for all Americans, we just cannot support it at the expense of Californians.”

Watch this space.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume XII, Number 220
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose Privacy Attorney Mintz Levin
Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Associate

Kevin represents clients in acquisition and financing transactions and general corporate matters. He has experience negotiating merger and acquisition (M&A) transactions and debt and equity financings as well as licensing and technology transactions. His practice also includes a focus on start-ups, including company formation and structuring.

 Prior to joining Mintz, Kevin was a corporate associate with a Bay Area law firm focusing on start-up companies and their investors. Kevin focused on M&A transactions, including mergers, asset purchases, and stock purchases. He also...

415-432-6098
Advertisement
Advertisement
Advertisement