Tech groups call for preempting state laws in privacy bill

A wide-ranging group of tech and other companies is asking that a prominent data privacy bill be altered to fully preempt state privacy laws.

United for Privacy, a coalition of trade groups that also represent retailers, advertising agencies, and financial services companies, on Monday wrote to House Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., and the panel’s ranking member, Frank Pallone Jr., D-N.J., requesting changes to their draft bill.

The committee’s panel on Innovation, Data, and Commerce last month advanced by voice vote the discussion draft that would establish a federal data privacy standard, restrict the activities of data brokers, preempt some state privacy laws, prohibit targeted advertising to children and require parental consent for kids accessing certain platforms.

The proposal doesn’t go far enough in establishing a national standard, Carl Holshouser, executive vice president of TechNet, a tech industry trade group that’s part of the coalition, said in an interview.

“The most important piece of a national privacy law is to have it be fully preemptive, to eliminate the patchwork of laws that is confusing consumers and making it really hard for businesses, particularly small and medium sized businesses to comply,” Holshouser said.

The coalition includes the U.S. Chamber of Commerce, the Business Roundtable, the Interactive Advertising Bureau and the American Financial Services Association among others. The coalition’s letter, shared with CQ Roll Call, said the the lack of an overarching federal privacy standard could cost small businesses as much as $200 billion over the next 10 years, as they try to comply with differing state laws.

The draft federal data privacy legislation emerged in April as the result of an agreement Rodgers reached with Sen. Maria Cantwell, D-Wash., chair of the Senate Commerce Committee.

But the measure as it stands continues to provide leeway to California’s privacy law, a new privacy law enacted last month in Washington state that covers health-related data not covered by federal law, and a law in Illinois that prohibits collection of biometric data, Holshouser said.

The federal draft privacy as currently drafted “fails to achieve full preemption; it carves out a panoply of state privacy laws that really prioritize politics over policy,” Holshouser said.

After holding dozens of hearings over multiple sessions of Congress, lawmakers have yet to enact federal data privacy legislation. The last time Congress came close to passing a nationwide data privacy law was in 2022, when the House Energy and Commerce Committee approved legislation on a 53-2 vote. But the bill did not get a full vote in the House after then-Speaker Nancy Pelosi, D-Calif., objected to it on the grounds that it would weaken California state privacy legislation.

The Senate did not take up a companion measure.

The current draft addresses some of the issues but several groups are still opposing many aspects. Lawmakers also are facing the opposite pressures from state attorneys general asking Congress not to weaken state privacy laws.

In April, California Attorney General Rob Bonta led a 15-state coalition in calling for Congress to pass federal privacy legislation that would be a “floor, not a ceiling,” which would allow states to set tougher standards.

The Chamber, the most powerful advocate for American businesses, has separately objected to other parts of the bill.

In a letter addressed to Reps. Gus Bilirakis, R-Fla., and Jan Schakowsky, D-Ill., chair and ranking member of House Energy and Commerce Subcommittee on Innovation, Data, and Commerce, the organization called on lawmakers to prohibit private lawsuits against tech companies and reduce data minimization requirements on companies.