NEW YORK – States will have less power to prosecute privacy villains in court if new federal legislation is enacted into law, but state officials can rest their fears for a while before Congress picks up consumer protection measures.
In the meantime, state lawmakers are going right ahead in covering the federal legislative gap with rules they say offer better protections than the impending federal bills.
Lawmakers in the House and Senate have introduced bills that would create federal standards for the use of personal data and would allow for federal prosecutions of organizations that collect, sell or use personal information for transactions other than those agreed to by the consumers.
"I have been pushing for a markup of ... the Consumer Privacy Protection Act in the Energy and Commerce Committee so the bill could go to the House floor for consideration," said Rep. Cliff Stearns, R-Fla., chairman of the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection.
"However, no action has been scheduled due to the heavy workload before Congress. If there is a 'lame duck' Congress after the election, the bill may be considered then," Stearns said.
"This is a major priority of Hollings'," said Andy Davis, spokesman for Sen. Ernest Hollings, D-S.C., who introduced a similar bill that has been passed out of the Senate Committee on Commerce, Science and Transportation but has been buried on the Senate floor as lawmakers debate other issues.
Davis said Hollings first introduced an online privacy bill in 2000 and Hollings expects to make this version a priority when Congress returns in November from its election recess.
He added that the measure "has garnered support of almost 2-1" in the committee and Hollings is positive that momentum will continue.
Not so fast, say state officials. They want some improvements to the bills as they are currently written.
Minnesota, California and Vermont have already passed privacy laws that cover online transactions and suggest that their measures offer stronger protections than the federal measures being considered.
As it stands now, the Consumer Privacy Protection Act offers only an "opt out" or pre-emption provision for consumers to alert marketers that they don't want their online and offline information shared with third parties.
The bill also gives the Federal Trade Commission the authority to sue violators, and prohibits states from filing their own lawsuits against violators. State Attorneys General Christine Gregoire of Washington and Bill Lockyer of California argue that the FTC needs all the help it can get from states when it comes to safeguarding citizens’ privacy.
They add that as the main law enforcers in their states, they should have the ability to enforce federal privacy laws in their own states.
"States want the ability to enforce any federal law," so that they can bring violators to justice, said Julie Brill, an assistant attorney general in Vermont, who added that states are tired of waiting for federal action, especially when the federal government is only set to pass minimum standards.
Proponents of the measure say a blanket online privacy law would be much easier to deal with than a patchwork of 50 different state laws.
"Federal pre-emption legislation plays a crucial role in ensuring consistency and certainty into the marketplace," said John Palafoutas, a senior vice president at tech industry group AeA, who testified on Capitol Hill last month.
"Other states are now looking to make a template of these new laws -- laws that are provincial in nature and unconcerned with their deleterious impact on interstate commerce," Palafoutas said of the existing state laws. "The inherent danger is both imminent and profound."
Many businesses say they prefer to regulate information-sharing themselves, but have added that if they have to pick one, they favor federal law over differing state rules. Faced with the threat of more federal and state regulation, many companies say they are leaving it up to the consumer to decide how their information is used.