In essence, a federal law that sweeps broadly in its preemption could reduce or outright eliminate privacy protections that Congress has no intent to eliminate, such as laws that protect social security numbers, prohibit deceptive trade practices, and protect the confidentiality of library records.
The companies represented at Wednesday's hearing rely on the ability to monetize information about everything we do, online and elsewhere. They are not likely to ask for laws that restrain their business plans. Instead, as we highlight in our letter:
The Committee should understand that the only reason many of these companies seek congressional intervention now, after years of opposing privacy legislation both federally and at the states, is because state legislatures and attorney generals have acted more aggressively to protect the privacy interest of their states’ residents.
We urge the Committee to recognize the scope of what companies might request before acting on federal legislation. We further urge Congress to consider particular privacy concepts—including opt-in consent, the "right to know," data portability, the right to equal service, and a private right of action—as necessary for any federal legislation that genuinely improves Americans' data privacy.