California's attorney general is telling Congress not to preempt state data privacy laws like the one it is currently implementing.
The California Consumer Privacy Act (CCPA) has been pointed to by fans of preemption as one of the reasons Congress needs to come up with comprehensive data privacy legislation to prevent a balkanized landscape of individual state privacy laws.
"I invite Congress to look to the states as sources of innovation and expertise in data privacy, and not to undermine protections, like CCPA, that states have already developed," AG Xavier Becerra wrote, according to a copy of his letter to congressional leaders his office supplied Multichannel News.
He said he is okay with federal legislation, but only so long as it sets a floor, not a ceiling, and individual states are allowed to tailor their laws, which would still leave the potential for different online privacy requirements in different states, or what Becerra calls "further protections tailored to our residents."
The letter was sent to Sens. Roger Wicker (R-Miss.), chairman of the Senate Commerce Committee, Maria Cantwell (D-Wash.), ranking member, and Reps. Frank Pallone (D-N.J.), chairman of the House Energy & Commerce Committee, and Greg Walden (R-Ore.), ranking member.
Becerra said he appreciated their efforts to come up with bipartisan privacy legislation and said he hoped it could be informed by the CCPA, which went into effect Jan. 1 and includes the "right to know," the "right to delete," and the right to opt out of data collection.
CCPA applies to businesses with more than $25 million in annual revenues, that traffic in the personal info of more than 50,000 people/households/devices, or get at least 50% of their annual revenue from the sale of that information.
While the law is in effect, the state is working on how to enforce it. Final regulations must be published by July 1.