Skip to content

Tech groups call for preempting state laws in privacy bill

Companies are hoping to avoid having to comply with a patchwork of requirements

Rep. Cathy McMorris Rodgers, center, has draft legislation on a federal privacy standard that’s the subject of intense debate over its scope.
Rep. Cathy McMorris Rodgers, center, has draft legislation on a federal privacy standard that’s the subject of intense debate over its scope. (Tom Williams/CQ Roll Call file photo)

A wide-ranging group of tech and other companies is asking that a prominent data privacy bill be altered to fully preempt state privacy laws.

United for Privacy, a coalition of trade groups that also represent retailers, advertising agencies and financial services companies, on Monday wrote to House Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., and the panel’s ranking member, Frank Pallone Jr., D-N.J., requesting changes to their draft bill.

The committee’s panel on Innovation, Data, and Commerce last month advanced by voice vote the discussion draft that would establish a federal data privacy standard, restrict the activities of data brokers, preempt some state privacy laws, prohibit targeted advertising to children and require parental consent for kids accessing certain platforms.

The proposal doesn’t go far enough in establishing a national standard, Carl Holshouser, executive vice president of TechNet, a tech industry trade group that’s part of the coalition, said in an interview.

“The most important piece of a national privacy law is to have it be fully preemptive, to eliminate the patchwork of laws that is confusing consumers and making it really hard for businesses, particularly small and medium-sized businesses, to comply,” Holshouser said.

The coalition includes the U.S. Chamber of Commerce, the Business Roundtable, the Interactive Advertising Bureau and the American Financial Services Association, among others. The coalition’s letter, shared with CQ Roll Call, said the lack of an overarching federal privacy standard could cost small businesses as much as $200 billion over the next 10 years as they try to comply with differing state laws.

The draft federal data privacy legislation emerged in April as the result of an agreement Rodgers reached with Sen. Maria Cantwell, D-Wash., chair of the Senate Commerce Committee.

But the measure as it stands continues to provide leeway to California’s privacy law, a new privacy law enacted last month in Washington state that covers health-related data not covered by federal law, and a law in Illinois that prohibits collection of biometric data, Holshouser said.

The federal draft privacy as currently drafted “fails to achieve full preemption; it carves out a panoply of state privacy laws that really prioritize politics over policy,” Holshouser said.

After holding dozens of hearings over multiple sessions of Congress, lawmakers have yet to enact federal data privacy legislation. The last time Congress came close to passing a nationwide data privacy law was in 2022, when the House Energy and Commerce Committee approved legislation on a 53-2 vote. But the bill did not get a full vote in the House after then-Speaker Nancy Pelosi, D-Calif., objected to it on the grounds that it would weaken California state privacy legislation.

The Senate did not take up a companion measure.

The current draft addresses some of the issues, but several groups are still opposing many aspects. Lawmakers also are facing the opposite pressures from state attorneys general asking Congress not to weaken state privacy laws.

In April, California Attorney General Rob Bonta led a 15-state coalition in calling for Congress to pass federal privacy legislation that would be a “floor, not a ceiling,” which would allow states to set tougher standards.

The U.S. Chamber of Commerce, the most powerful advocate for American businesses, has separately objected to other parts of the bill.

In a letter addressed to Reps. Gus Bilirakis, R-Fla., and Jan Schakowsky, D-Ill. — the chair and ranking member, respectively, of the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce — the organization called on lawmakers to prohibit private lawsuits against tech companies and reduce data minimization requirements on companies.

Rodgers has said that she is open to making changes to the draft before it’s taken up by the full committee.

“We have intentionally kept this latest version of the legislation a discussion draft, and we remain committed to continuing to work to get this right between now and the full committee,” she said at the subcommittee markup last month.

Recent Stories

Legal questions surround Trump’s talk of political prosecutions

Trump can make immigration moves on his first day back in office

How RFK Jr.’s health proposals would stack up in practice

High hopes for bald eagle bill in the lame duck

Here’s a look at who’s in — and possibly in — Trump’s second administration

Trump administration faces antitrust enforcement dilemma