Law professor and privacy scholar Daniel Solove writes:
I recently wrote a post about my concerns about the American Data Privacy and Protection Act (ADPPA) (updated version after markup is here), a bill making its way through Congress that has progress further than many other attempts at a comprehensive privacy law. Despite grading the law a B+, I was skeptical of the law because it would preempt state laws, a provision I believe to be a Faustian bargain. Here’s an updated version of the ADPPA after markup.
Omer Tene (Goodwin Procter LLP) has a series of tweets expressing puzzlement at my reaction to the law. He thinks I should be dancing in the streets. He writes that he is “genuinely puzzled by the logic here. Dan argues against passage of a good federal privacy law (he gives it a B+) bc it might be outdated in 20 years.” He argues that my concerns will be the same with every federal law because there won’t be a federal law without preemption. “[W]hat’s the alternative? Omer asks. “Having no federal law to update in 20 years? How’s that any better?” He further argues that “if the preferred option is state by state, it’s a very poor option. Dan and others have rightfully criticized the weak tea brewed by the states. ADPPA blows every one of the state laws out of the water.” The “ADPPA is *far* stronger than CPRA. Even in California. Not to mention it would also apply in 49 other states.”
Omer makes compelling arguments, and I want to respond to clarify and expand upon some things in my original post to better explain my position.
Read more at TeachPrivacy.