10 Dec Another Attempt at Federal Privacy Legislation
Written by: Richard Sheinis, Esq.
In yet another attempt to pass federal privacy legislation, on November 26, U.S. Senator Maria Cantwell, D-Wash., introduced the Consumer Online Privacy Rights Act (“COPRA”). COPRA would apply to information that identifies or is reasonably linked to an individual residing in the U.S. or a consumer device. COPRA would generally exclude most non-profits, certain financial institutions and telecommunications and common carrier activities. Many small businesses would also be excluded, as well as entities that are subject to other federal privacy laws such as the Gramm-Leach-Bliley Act, HIPAA, FCRA, and FERPA.
While most of these provisions have come to be recognized as the basis of any privacy legislation, two aspects of COPRA are sure to draw vigorous debate. COPRA provides for a private right of action, and a very limited pre-emption of state laws. COPRA would preempt state laws that directly conflict with it, but it would not preempt state laws that create separate and more stricter requirements.
In the current political climate, however, where Congress seems to be occupied with doing everything other than considering legislation, don’t expect anything to happen soon.