Pre-emption a Top Issue in Federal Data Privacy Law
Federal data privacy legislation is complicated, and passing a comprehensive federal data privacy bill will involve two polarized sides coming together on the issue of pre-emption over state laws and other federal laws that govern data by sector or industry, according to experts.
February 21, 2019 at 06:38 PM
3 minute read
Federal data privacy legislation is complicated, and passing a comprehensive federal data privacy bill will involve two polarized sides coming together on the issue of pre-emption over state laws and other federal laws that govern data by sector or industry, according to experts.
James Shreve, a partner and cybersecurity group chair at Thompson Coburn in Chicago, said Thursday one issue with data privacy legislation is that each bill on the subject may have to go through as many as six different committees on Capitol Hill before it heads to a vote.
“Then you layer on the fact that preemption is very contentious. It's a contentious issue on both sides of the aisle,” Shreve said.
There appears to be a switch in ideology. Democrats would like to see a federal data privacy bill that allows any existing or future state laws governing data privacy to remain intact. Meanwhile, Republicans, and the tech companies that support federal legislation, would like to see a federal law pre-empt state laws.
Shreve said he believes once other states see how the California Consumer Privacy Act works, they will follow suit.
Debra Farber, the senior director of privacy strategy at BigID, said it's good to know that companies are now taking data privacy seriously. However, with the CCPA coming into effect in 2020, the efforts on behalf of industry are too little too late.
“It used to be that all of the tech companies, which are largely libertarian-based, would fight against a federal law and said it would stifle innovation,” Farber said. “There is validity in the argument, but having told that story for so long and now all of the sudden turning around and embracing privacy and wanting federal legislation only because you don't want every single state to do what California did; it's just too little too late.”
Farber said it would make more sense for companies to advocate for more clarity in the CCPA and to make sure it would not impact smaller companies.
“The scope of it right now is what businesses are up in arms about because they feel like it is too vague and it encompasses too many small businesses,” Farber said.
Shreve explained that California was the first state to pass a data breach notification law and now all 50 states have data breach notification requirements on the books. Further, he said companies are perhaps fearful of the stringent requirements that the CCPA entails and how other states may copy those requirements.
“I think that's the case. California has certainly been a leader on privacy for many years,” Shreve said.
The CCPA provides stringent protections to consumers of companies doing business in California akin to those of the EU's General Data Protection Regulation.
“The requirements to the CCPA are just well beyond what we've seen up to this point. It's not an incremental step; it's a significant step,” Shreve said.
Farber said besides finding a consensus on pre-empting state laws that govern data privacy, there is also the issue of pre-empting the sector-by-sector data privacy laws already on the books.
“We have so many federal privacy laws in various different sectors,” Farber said. “In order to get a consensus on the federal level we'd have to re-architect all of the privacy laws that have different regulators based on different sectors.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All'Serious Disruptions'?: Federal Courts Brace for Government Shutdown Threat
3 minute readWill Khan Resign? FTC Chair Isn't Saying Whether She'll Stick Around After Giving Up Gavel
FTC, DOJ Withdrawal of Antitrust Guidelines for Collaboration Infuriates Republicans
5 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250