Federal Trade Commissioner Christine Wilson said that federal privacy laws should preempt state privacy laws that have been unworkable for businesses. While Congress considers drafting a federal online privacy law, all five commissioners have supported new rulemaking and enforcement authority. 

At an American Enterprise Institute event in Washington, Wilson pointed to California’s new privacy law and growing efforts in Washington, New York, and other states as evidence of the need to limit the trend of all states passing individual privacy laws. Patchwork state law is “very unworkable for the industry,” Wilson claimed. 

Companies such as tech groups agree, as it would be more consistent to have consumers, companies, and the government taking a consistent approach to protecting information. 

Wilson and FTC chairman Joe Simons want Congress to delegate more power to the FTC to make rules and impose fines for first offenses in a federal privacy law.   

In a letter to House Energy and Commerce Chairman Frank Pallone (D-N.J.), Simons urged that the FTC needs “additional tools and resources to better protect consumers’ privacy.” More specifically, Simons would like the agency to be able to “obtain civil penalties for violations, conduct rulemaking under [the] Administrative Procedure Act, and exercise jurisdiction[] over common carriers and non-profits.” Simons noted that currently, the FTC has limited rulemaking authority under existing federal privacy laws such as the Children’s Online Privacy Protection Act (“COPPA”) and the Fair Credit Reporting Act (“FCRA”). 

Privacy advocates argue against federal preemption that does not leave some privacy enforcement powers to the states. Sen. Richard Blumenthal (D-Conn.), who is working on a bipartisan privacy bill, does not want to weaken state privacy laws at the expense of a national standard. 

Peter Winn, Director of the Office of Privacy and Civil Liberties and Acting Chief Privacy and Civil Liberties Officer of the Justice Department, attended the American Enterprise Institute event. Winn said that federal agencies are important users of consumer information, and a federal privacy law must recognize or preserve access to data for legitimate law enforcement or national security activities. 

Winn said that companies should have access to consumer information as long as they can appropriately secure and protect data. Further, lawmakers should balance “reasonable” consumer privacy preferences with “other legitimate uses of information.” Finally, Winn shares the same concerns from small businesses and some lawmakers that broad privacy laws would be too costly and difficult to comply with.