On July 28, 2022, the California Privacy Protection Agency Board held a special public meeting to discuss state law preemption in the American Data Privacy and Protection Act (ADPPA). ADPPA, as currently drafted, preempts much of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The Board moved to approve of the Agency’s recommendation to oppose ADPPA and any other federal law that would preempt CCPA and other state law initiatives.
The Board’s main concerns are at least two-fold. First, unlike CCPA, ADPPA does not contain a safeguard to prevent the bill from being amended in a way that would decrease privacy protections. CPRA amended CCPA to allow the law to be further amended, provided that amendments are consistent with and further the purpose and intent of the act. Second, CCPA (and other state law) preemption could prevent the CPPA from taking future initiatives to expand privacy protections and account for changes in technology. The Board advocated that ADPPA should be a floor and not a ceiling, and that it should function similar to the Gramm-Leach-Bliley Act, which allows states to expand protections under state law.
Notably, although Board Member Angela Sierra briefly expressed concern that ADPPA could cause confusion regarding how it is enforced, the Board did not discuss ADPPA’s recent proposed amendment that explicitly permits the Agency to enforce ADPPA.
Alston & Bird’s Privacy, Cyber & Data Strategy Team will continue to monitor developments in federal, state and multi-national privacy law and provide updates as they become available. Please contact us if you have any questions.