Data Privacy Can’t Be Assured Without States and Consumers

Recently, the CEOs who make up the Business Roundtable renewed their demand that Congress pass a federal privacy “standard” that preempts stronger state laws. That's the wrong way to go because Congress only does a good job protecting consumers either after a disaster (e.g., Wall Street's collapse of the economy) or after states lead the way. We shouldn't have to wait for a disaster. Learn more.

Consumer alerts

Recently, the CEOs who make up the Business Roundtable renewed their demand that Congress pass a federal privacy “standard” that preempts stronger state laws. Los Angeles Times columnist David Lazarus helpfully provides context: “Translation: We want privacy rules, but not California’s, and not anything that we can’t water down at the national level through congressional lobbying.” 

An earlier comprehensive BRT “Framework” made clear that the new law must also deny consumers the right to defend themselves against privacy harms. 

The Internet Association – which includes Amazon, Facebook, and Google among its members — made similar demands this month. Those digital platforms and many others also seek preemption of robust state privacy protections. They’re joined by the telecom and cable internet service providers (ISPs) that serve as the on-ramps to the online world, by the digital advertising firms that track and collect your life story, without your knowledge, consent or control and by myriad other virtually unregulated “data brokers.”

Let’s be clear: the goal of these businesses is not to protect your privacy, it is to continue to invade it. Their proposal would normalize the existing digital surveillance system that serves them well.  Its “grand bargain” is to notify you and allegedly give you power to control your digital life.

Their “notice and choice” proposal is a limited, industry-friendly, often confusing system that’s designed to fail. The firms offer a potpourri of minimal privacy protections enforceable primarily by the Federal Trade Commission.

On the other hand, our public interest privacy coalition has a detailed framework for comprehensive digital rights and privacy reform. True digital privacy protection would minimize data collection. It also would require privacy by design, civil rights protections, algorithmic oversight, prohibitions on certain data collection and uses, real redress rights and a new, tough Data Protection Agency. 

Further, Congress should not consider “privacy” legislation to benefit a handful of large tech companies while the House Judiciary Committee is investigating if these companies are violating antitrust laws with the help of a surveillance business model that their preferred federal privacy law would normalize. Other Congressional committees, the federal government and 50 states are looking into allegedly anticompetitive practices by one or more of the firms atop the digital ecosystem.

For many years, commercial interests argued, “we neither need nor want a federal privacy law.” Now, they say, “we desperately need a federal privacy law but not one like the new European GDPR.” The sudden reversal was no epiphany, religious or otherwise. Rather, it’s a calculated effort, backed by a flood of lobbying and campaign cash, to use the purported existential “threat” of a “patchwork” of state “mini-GDPRs” to shut down all state innovation on data privacy protections. California’s state law is the preferred bogeyman for these businesses, but they’re worried about other states as well.

With that in mind, passing that new federal law isn’t Job One for the big tech companies: pre-empting robust state legislation and denying consumers the right to defend themselves from privacy harms comes first.

In my 30 years in Washington, I have learned that Congress only does a good job protecting consumers in two circumstances. 

First, Congress does a good job after a disaster, generally one caused by powerful special interest overreach — for example, the 2007-2008 financial collapse followed by Wall Street reform. Second, Congress does a good job when states show Congress the way forward with true innovation and leadership.

A Congressional hubris is the mistaken belief that when it acts, its actions completely solve problems and therefore, it is OK to preempt state laws for special interests. 

To truly ensure consumer protection, Congress needs to allow states to pass additional reforms to solve missed problems or respond to unforeseen or local problems. Just as important, our state and federal laws need to give consumers rights to defend themselves.



Ed Mierzwinski

Senior Director, Federal Consumer Program, PIRG

Ed oversees U.S. PIRG’s federal consumer program, helping to lead national efforts to improve consumer credit reporting laws, identity theft protections, product safety regulations and more. Ed is co-founder and continuing leader of the coalition, Americans For Financial Reform, which fought for the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, including as its centerpiece the Consumer Financial Protection Bureau. He was awarded the Consumer Federation of America's Esther Peterson Consumer Service Award in 2006, Privacy International's Brandeis Award in 2003, and numerous annual "Top Lobbyist" awards from The Hill and other outlets. Ed lives in Virginia, and on weekends he enjoys biking with friends on the many local bicycle trails.