September 6, 2022
The Honorable Nancy Pelosi, Speaker
United States House of Representatives
Washington, DC 20515
Re: H.R. 8152, The American Data Privacy and Protection Act — Oppose
Dear Speaker Pelosi,
We are writing to oppose H.R. 8152, the American Data Privacy and Protection Act (ADPPA), which would pre-empt the strongest privacy law in the nation, the California Privacy Rights Act (CPRA), and eliminate the fundamental privacy rights almost 9.4 million Californians voted to enact in 2020.
As currently written, ADPPA is a Trojan horse that significantly weakens existing privacy laws. It is vitally important that ADPPA instead be drafted as a national “floor” for privacy rights, not a “ceiling.” This would follow the tried and tested example set by other federal privacy laws that also set a floor for rights that states can work to strengthen. For example, the Health Information Portability and Accountability Act, the Gramm Leach Bliley Act, and the Fair Credit Reporting Act are all national privacy “floors” in their respective areas (health care, banking, credit reporting), and all allow states to adopt stronger protections. The only reason to preempt CPRA now, is to weaken our state’s strong protections.
While ADPPA has many good features, California’s law is significantly stronger in important ways. Just to highlight one in a post-Dobbs, post-Roe world: ‘service providers’ to government agencies are exempt under ADPPA, but covered under CPRA. This means people coming to California for reproductive health care can use CPRA to protect their searches and locations from home-state law enforcement surveillance—but not if ADPPA passes. Post-Dobbs, we think the last thing Congress should do is enact a law making it easier to prosecute women seeking healthcare.
In fact, the Dobbs decision is another stark demonstration of the disastrous effect the ADDPA would have on California legislators’ ability to protect their constituents. Whether it be passing sanctuary city bills like The California Values Act (SB 54) in the face of crackdowns from Immigration and Customs Enforcement in 2018, or more recently, rushing to protect out-of-state visitors seeking reproductive healthcare with bills like Assemblymember Rebecca Bauer-Kahan’s AB 1666 – the California legislature has often and proudly led the nation in responding legislatively to the pressing needs of the day. When events like Dobbs occur- when the next Dobbs occurs and presents a situation not foreseen or covered by the ADDPA – our representatives need to be able to move quickly to protect Californians’ privacy, and the ADPPA would preempt a response.
The ADPPA would also undo a key feature of CPRA, namely that the Legislature cannot amend the law in any way that harms consumer privacy— such a change would require another initiative. 40 million Americans now have a virtually guaranteed level of privacy—the ADPPA would remove this protection.
CPRA also has effective enforcement: the law created and funded an independent privacy protection agency which can audit businesses for compliance. ADPPA would give all enforcement authority to the FTC, with no additional funding to perform a herculean task, and no rights to audit businesses.
Governor Newsom, Attorney General Bonta, Senate Pro Tem Atkins, and Assembly Speaker Rendon have all strongly condemned preempting Californian’s new privacy rights.
Below please find a comparison chart of the CPRA and the ADPPA, showing the number of rights the federal law would eliminate. Californians overwhelmingly voted to enshrine these rights, and Congress should not overturn the will of the people of the great State of California, nor any other state working to strengthen privacy protections.
Sincerely,
Alastair Mactaggart
Californians for Consumer Privacy
Emory Roane
Privacy Rights Clearinghouse
cc: Honorable Frank Pallone, Honorable Cathy McMorris Rodgers, Honorable Jan Schakowsky, Honorable Gus Bilirakis; Members, United States House of Representatives