Experts Clash Over Federal Preemption and State Laws on Privacy

Should a federal privacy law pre-empt state laws?

Experts Clash Over Federal Preemption and State Laws on Privacy
Panelists on privacy at Broadband Breakfast's Big Tech & Speech Summit in March 2023

WASHINGTON, March 9, 2023 – After a panel of experts recommended Thursday that Congress focus on passing federal privacy legislation, another group of experts wrangled with whether it is feasible for there to be a coexistence of federal and state privacy laws.

A number of states have already passed or are in the midst of passing their own privacy laws, with versions in California, Colorado, Connecticut, Utah, and Virginia having already come into – or are coming into effect – this year. Simultaneously, Congress is seized with pushing forth one blanket law for the entire country, with commitments from members of an innovation subcommittee to resurrect such a law. All laws address the collection, use, storage and sharing of data.

Photo of “Regulating Data Privacy” panelists Shane Tews, India McKinney, Alan Butler, Carl Szabo, Sara Collins and John Verdi (moderator) by Drew Clark

The last federal privacy proposal, called the American Data Privacy and Protection Act, did not pass both chambers before legislative turnover. One sticking point for lawmakers on that law was the possibility of pre-empting state laws, including California’s, whose members were vocal about their opposition on that front. Rep. Anna Eshoo, D-Calif., proposed her own amendment that would make the federal law a baseline and states could add provisions on top.

On Thursday at the Big Tech & Speech Summit, panelists grappled with the implications of that. On one side was the Electronic Frontier Foundation, represented by director of federal affairs India McKinney, who argued for more state consumer protection laws. McKinney suggested that a layering of privacy laws would actually increase consumer protections. The EFF has argued for a floor, not a ceiling, for any version of a federal privacy law.

The organizations has argued that some provisions in the aforementioned state laws are stronger than the ADPPA. Part of the argument is that states are knowledgeable of their own problems and should be able to fix them themselves.

Differing perspectives from ‘pro-privacy’ panelists

On the other side were Carl Szabo, vice president and general counsel for free speech and enterprise trade association NetChoice, and Shane Tews, nonresident senior fellow at the think tank American Enterprise Institute. Szabo pressed for a federal privacy law with pre-emption because of what he argued was a problematic patchwork of various laws that create regulatory and financial burdens on businesses.

Szabo piggybacked off a point made by Cathy Gellis, a lawyer and moderator for another panel, who argued that having different state laws would put her clients in a difficult spot because she wouldn’t be able to advise them in different jurisdictions in which she isn’t licensed to practice. In other words, the client would have to see more lawyers to ensure compliance.

Dane Snowden, senior advisor at telecom-focused law firm Wilkinson Barker Knauer, argued in an earlier panel that it is unfeasible for a product traveling through multiple jurisdictions to have to comply with various different privacy laws.

Szabo said having lots of privacy laws in the country is good for lining the pockets of lawyers, but bad for businesses.

Tews, who also argued for a federal privacy law, touched on the issue from a consumer perspective.

“Consistency, I think, is one thing that’s very important,” Tews said. “From a consumer’s perspective…it is that the information is consistent…we need to have a consistent national perspective on this.”

Tews also touched on this being an international trade issue.

Years ago, for example, the European Union made a fuss about its trading partners not having sufficient data privacy protections for its citizens. Its data protection law, the General Data Protection Regulation, was leveraged as a trade issue to ensure its citizens had data privacy protections for goods and services transacting across borders.

“We need to think about where this information is flowing and where this is actually ending at the end of the day,” Tews said.

Big Tech & Speech Summit
At the intersection of content moderation and political power.