Preemption & Privacy Law
The preemption doctrine puts forward the legal concept that a higher authority of law will override the law of a lower authority of law when there is a conflict between the two.
The concept of preemption has been the talk of the town recently when a new federal privacy bill, the American Data Privacy Protection Act (H.R.8152) was presented. Privacy professionals have, since then, been scrutinizing the possible effects on state privacy laws.
The Conflicts Arising from Federal Preemption
The Supremacy Clause of the Constitution. U.S. Const. art. VI., § 2 lays down the preemption of federal law over state law. Preemption applies regardless of whether the conflicting laws come from legislatures, courts, administrative agencies, or constitutions. For example, the Voting Rights Act, an act of Congress, preempts state constitutions, and FDA regulations may preempt state court judgments in cases involving prescription drugs.
In general, preemption gives rise to 3 different types of conflicts:
Outright conflict occurs when an ordinance directly opposes a state law.
Express Preemption means a state law directly opposing a local power.
Implied Preemption occurs in any of the 3 following cases:
- when an act that is permitted by the state legislature is prohibited by local ordinance
- when an act is permitted by the local ordinance but the state legislature prohibits it
- when there is clear legislative intent that the state law preempts the “field”. The “field” is usually defined as when there is a broad scope of preemption of all local regulations in an area by state regulations. The field occupation occurs when state law addresses an area that has traditionally been a matter of the state (for instance the process of mortgage foreclosure)
Implied preemption is harder to prevent than the other two cases of preemption, making it a rather controversial doctrine. Owing to this, some states have made implied preemption illegal. It is worth noting that if a state allows a specific action, then the local government typically cannot prohibit it.
Federal Preemption of State Privacy Law Hurts Everyone
The recently proposed federal law, American Data Privacy Protection Act (H.R.8152), is the hot topic these days. Privacy professionals are keen to find out how federal law will affect the state privacy laws.
Though the ADPPA’s preemption provisions are thought to impact just the state privacy laws, if we look at a broader aspect, we will find out that it somehow has adverse consequences for the country as a whole.
Preemption of Many Existing Privacy Laws
A minimum of five states have passed comprehensive consumer data privacy laws over the last few years.
Similar to ADPPA, these laws state how companies can collect, use, store, or share data, and give people the right to access, delete, or hinder sale of their data. Some provisions of these state laws are stronger than corresponding features of ADPPA but that would still not be able to overpower ADPPA.
For instance, ADPPA would rule out rights to data privacy that states have enshrined in state laws. The current bill indicates that ADPPA is also a threat to state privacy rules that address particular business types.
This restricts states from acting on areas where some recent gains have been seen.
Some states do not have any data privacy laws at present. As a result, their residents would take full advantage of a federal baseline. But the states must have to be given room to build on that federal foundation. The ADPPA alone cannot act as a solution to data privacy problems currently faced by us.
Freezing Further Action
A major drawback of the ADPPA is that it is insufficient to fix the future problems that might be faced in the future. Congress does not actively respond to privacy concerns in a timely manner. The last comparable chance to pass federal privacy legislation was eleven years ago in 2011, the same year Uber launched all across the country and exactly one year before Facebook went public. It predates the Apple Watch, consumer augmented reality, and products from companies such as TikTok, Slack, and Zoom.
Privacy landscape has changed with the advent of these new developments. Considering new angles in the legislation of privacy has become need of the hour. When we look at past practices, states laws have always taken a lead, acting as the first step to address these issues at the federal level.
We have always seen giant technology firms doing all that they can do to stop enactment of strong privacy laws at all levels. They have only recently been seen expressing openness to federal laws because of activity in the states. In their struggle to stop states from passing strong legislation, they are siding with the federal preemption to stop this so-called “patchwork” of state laws.
People have the leverage to pass bills at the state and local level which is one of the greatest edge that they have in the fight for data privacy. Interestingly, there is bipartisan and bicameral agreement that there a federal privacy law must be passed to protect consumers’ privacy.