Presentation is loading. Please wait.

Presentation is loading. Please wait.

Individual Rights and Federal Preemption of State Privacy Laws

Published byYuliana Sudirman Modified over 5 years ago

Similar presentations

Presentation on theme: "Individual Rights and Federal Preemption of State Privacy Laws"— Presentation transcript:

1 Individual Rights and Federal Preemption of State Privacy Laws
Peter Swire Defamation and Privacy Section AALS 2019 New Orleans January 3, 2019

2 Overview Panel Topic: Substantive Issues in Privacy and Defamation in the Internet Age: Prospects for Civil Recovery Passage of California Consumer Protection Act in 2018 Private right of action for data breach In reaction, major push for federal privacy legislation Preemption of state laws a major rationale for industry & administration support My current writing on federal privacy preemption Ways private civil remedies may both expand and contract

3 California Consumer Privacy Act
CCPA passed 2018 Washington, Oregon, and others may follow soon Private right of action and class action for data breaches (see next slide) State AG only for enforcement of other new privacy requirements Subject to possible amendment in CA legislature before it takes effect January 2020

4 CCPA Private Right of Action
“Any consumer whose nonencrypted or nonredacted personal information is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action for any of the following: (A) To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater. (B) Injunctive or declaratory relief. (C) Any other relief the court deems proper.” Consumer must give prior notice to defendant and state AG No ban on class actions

5 Responses to CCPA:

6 Proposed federal privacy legislation & civil claims for individuals
Draft federal bill by Intel Intel has long supported federal privacy legislation – the pro-privacy side of the business community Swire comments on 13 legal issues raised by federal preemption of state privacy law On Intel site Next week scheduled for publication by IAPP Theme: preemption is technically very complex as well as politically controversial

7 Scope of Preemption is Key
The bill would preempt “any civil provisions of the law of any State” that “are primarily focused on the reduction of privacy risk through the regulation of personal data collection and processing activities.” Sweeping preemption compared to previous federal privacy statutes Many did not preempt: e.g., ECPA allows State two-party consent laws CAN-SPAM preemption only for laws that “expressly regulate the use of electronic mail to send commercial messages.”

8 Exceptions to Retain Some State Laws
“Nothing in this Act shall be construed to preempt the applicability of State constitutional, trespass, contract, data breach notification or tort law.” No clear mechanism to decide which laws qualify for these Could provide FTC a role, similar to OCC and EPA? State cybersecurity laws preempted (?) Multiple possible exceptions, where state law could still apply: Does have HIPAA exception, applying to covered entities Would apparently preempt many other state medical privacy laws Would preempt existing state financial privacy & other laws

9 Individual rights enforced by State AG’s
This panel focuses on individuals’ rights to file civil actions New law retains some other remedies Intel bill: will not be “construed to limit the enforcement of any State consumer protection law by the attorney general of the State.” That retains state laws specifically for state AG enforcement But, would apparently preempt the numerous other state consumer protection agencies – who sues is key

10 To Recap (before a final point)
CCPA would expand individual civil actions for data breach & AG actions for newly defined privacy violations Could be precedent for the sort of 50-state legislation we have seen for data breach In reaction, industry & Administration push for federal privacy legislation to stop individual civil actions Defining scope of preemption will need detailed analysis by privacy experts/professors One other key legal item …

11 Standing in Federal & State Law
Federal limits on standing under Art. III Spokeo requirement of concrete injury Limits on Congress’ ability to define what counts as harm or injury N.D. Ill. decision Dec. 29 for Google Voice On SJ, Court found no concrete injury from collection/processing of biometric data, in violation of state law Held: no standing No federal court enforcement of statutory damages to individual/class under state biometric law

12 State Courts May Grant Standing
Contrast: Tabata v. Charleston Area Med. Ctr., 759 S.E.2d 459 (2014) W.Va. Supreme Court held that plaintiffs had standing even though discovery revealed that no class member – including the named plaintiffs – had suffered any property damage or economic losses Federal preemption may therefore limit scope of cognizable harm/injury provided by state law Civil remedy focus may thus shift to states where no requirement of concrete injury for standing A reason to support state laws, rather than federal, for privacy supporters

13 Conclusion Remedies may expand:
CCPA may herald new wave of state privacy laws, with at least some individual or state AG remedies Remedies may contract: Federal privacy law proposals all have preemption Technically complex topic Under current jurisprudence may have constitutional Article III limits on enforcement of some privacy rights in federal court In short, scope of civil privacy remedies are becoming a very timely issue

Download ppt "Individual Rights and Federal Preemption of State Privacy Laws"

Similar presentations

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Business Law and the Regulation of Business Chapter 1: Introduction to Law By Richard A. Mann & Barry S. Roberts.

Business Law and the Regulation of Business Chapter 1: Introduction to Law By Richard A. Mann & Barry S. Roberts.
Remedies Against Govt Defendants – Some Basics 11 th amendment bars suits against the State, unless Lawsuit is against state officer in their official.

Remedies Against Govt Defendants – Some Basics 11 th amendment bars suits against the State, unless Lawsuit is against state officer in their official.
Laws and Their Ethical Foundation Chp 1 Section 1-2

Laws and Their Ethical Foundation Chp 1 Section 1-2
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Suing the Federal Government. 2 History Traditional Sovereign Immunity US Constitution No Money shall be drawn from the Treasury, but in Consequence.

Suing the Federal Government. 2 History Traditional Sovereign Immunity US Constitution "No Money shall be drawn from the Treasury, but in Consequence.
1 Judicial Review Under NEPA Bob Malmsheimer April 1, 2006.

1 Judicial Review Under NEPA Bob Malmsheimer April 1, 2006.
Types of Laws GOALS Lesson 1-2

Types of Laws GOALS Lesson 1-2
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2011 South-Western | Cengage Learning GOALS LESSON 1.1 LAW, JUSTICE, AND ETHICS Recognize the difference between law and justice Apply ethics to personal.

© 2011 South-Western | Cengage Learning GOALS LESSON 1.1 LAW, JUSTICE, AND ETHICS Recognize the difference between law and justice Apply ethics to personal.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Chapter 4 Classification of the Law. 2 Substantive and Procedural Law o Substantive Law o Defines our legal rights and duties o e.g. we have a duty to.

Chapter 4 Classification of the Law. 2 Substantive and Procedural Law o Substantive Law o Defines our legal rights and duties o e.g. we have a duty to.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
CHAPTER 1 Legal Foundations Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.

CHAPTER 1 Legal Foundations Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.
Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 1 The Nature and Sources of Law Twomey Jennings Anderson’s Business.

Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 1 The Nature and Sources of Law Twomey Jennings Anderson’s Business.
Types of Law II OBE-118, Section 3 Fall 2004 John McKinsey Today we finish developing a good understanding of the three-dimensional spider web known as.

Types of Law II OBE-118, Section 3 Fall 2004 John McKinsey Today we finish developing a good understanding of the three-dimensional spider web known as.
Chapter 5 Torts and Civil Law.

Chapter 5 Torts and Civil Law.
Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA 02110 617.310.6065 617.310.6001 (fax)

Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA (fax)
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Similar presentations

Ads by Google