Privacy & Cybersecurity Law Blog

On July 1, 2022, the California Privacy Protection Agency (“CPPA”) sent U.S. House of Representatives Speaker Nancy Pelosi a memo outlining how H.R. 8152, the bipartisan American Data Privacy and Protection Act (“ADPPA” or the “Act”), would lessen privacy protections for Californians, and California Democrats have joined the cause.

The CPPA’s memo asserts that the ADPPA, by preempting the California Privacy Rights Act (“CPRA”) and other state privacy laws, proposes to eliminate:

• The unique “floor” on California privacy protections in the CPRA, which limits amendments to those consistent with the purpose to further protect California consumers’ privacy rights;
• The statutory authority creating and funding the CPPA, empowering it to issue implementing regulations and enforce the CPRA;
• The CPPA’s role as a privacy enforcement body, given that the ADPPA and current California state law likely do not authorize the CPPA to enforce the ADPPA;
• The privacy protections that result from the CPPA’s activities, including its expert privacy staff, its annual budget of at least $10 million, and the exercise of its powers including to audit businesses without litigation;
• California’s ability to pass privacy laws that are more protective than the ADPPA, including pending legislation governing children’s data, smart speaker data, and in-car cameras, and CPRA rulemaking currently underway; and
• CCPA and CPRA provisions that are more privacy-protective than the ADPPA, including:
  • Rights to access and opt out relating to automated decision-making, including profiling, provided by the CPRA but not present in the ADPPA;
  • The requirement to honor a global opt out mechanism, provided by current CCPA regulations but likely not clarified under the ADPPA for another 18 months;
  • The inclusion of unique identifiers within covered personal information, expressly provided by the CCPA and CPRA but not by the ADPPA; and
  • The inclusion of inferences within consumers’ right to know, clarified by the California Attorney General under the CCPA but less clear under the ADPPA.

Ahead of the U.S. House of Representatives Committee on Energy and Commerce’s vote on the ADPPA planned for next week, California Democrats led by Representative Anna G. Eshoo have expressed these concerns in the ADPPA negotiations, where preemption remains a contentious issue.