California’s privacy agency held a public meeting to formally oppose the U.S. Federal Privacy and Data Protection Act.
During the meeting, board members expressed concern that ADPPA, and bills with similar preemption provisions, would set a cap on privacy in California.
As Maureen Mahoney, CAPP’s deputy director of policy and legislation described it, ADPPA would, in some cases, provide fewer privacy protections than those offered by the California Consumer Privacy Act.
California’s new privacy regulator, the California Privacy Protection Agency (CPPA), has been vocal in its opposition to the federal proposal, and all are unanimous that ADPPA would preempt California privacy laws and cap state privacy regulation.
For context, the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a floor for the protection of health information covered by the law.
State laws that are « contrary » to the HIPAA privacy rule are preempted, unless a specific exception applies. The HIPAA preemption provision is broad and, according to all CAPP members, creates a potential limitation on California’s ability (whether through the state legislature, voter vote, or regulatory rulemaking) to respond to emerging privacy concerns and develop new legal requirements.
In public comment, most commenters agree with CAPP and strongly oppose full federal preemption. They called on the Board to raise public awareness of PPACA and its effects and to work with other states with existing or pending privacy laws that would be preempted by PPACA to launch public awareness campaigns.
By Mélissa Walehiane