The Senate Commerce Committee is holding a hearing on consumer privacy this week, but consumer privacy groups like EFF were not invited. Instead, only voices from big tech and Internet access corporations will have a seat at the table. In the lead-up to this hearing, two industry groups (the Chamber of Commerce and the Internet Association) have suggested that Congress wipe the slate clean of state privacy laws in exchange for weaker federal protections. EFF opposes such preemption, and has submitted a letter to the Senate Commerce Committee to detail the dangers it poses to user privacy.
Current state laws across the country have already created strong protections for user privacy. Our letter identifies three particularly strong examples from California's Consumer Privacy Act, Illinois' Biometric Privacy Act, and Vermont's Data Broker Act. If Congress enacts weaker federal data privacy legislation that preempts such stronger state laws, the result will be a massive step backward for user privacy. As we explain in our letter:
In essence, a federal law that sweeps broadly in its preemption could reduce or outright eliminate privacy protections that Congress has no intent to eliminate, such as laws that protect social security numbers, prohibit deceptive trade practices, and protect the confidentiality of library records.
The companies represented at Wednesday's hearing rely on the ability to monetize information about everything we do, online and elsewhere. They are not likely to ask for laws that restrain their business plans. Instead, as we highlight in our letter:
The Committee should understand that the only reason many of these companies seek congressional intervention now, after years of opposing privacy legislation both federally and at the states, is because state legislatures and attorney generals have acted more aggressively to protect the privacy interest of their states’ residents.
We urge the Committee to recognize the scope of what companies might request before acting on federal legislation. We further urge Congress to consider particular privacy concepts—including opt-in consent, the "right to know," data portability, the right to equal service, and a private right of action—as necessary for any federal legislation that genuinely improves Americans' data privacy.