California and Preemption
As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy. Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates. First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year. Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States. As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.
With respect to net neutrality, the Department of Justice (DOJ) has already made its view known. On the day the bill California enacted Senate Bill 822, DOJ filed a complaint and motion arguing that, pursuant to the Supremacy Clause and federal statutes, the FCC “sets uniform, national policies governing interstate communications, and contrary states laws” like California’s “are preempted.” In its filing, DOJ emphasized that:
In the Telecommunications Act of 1996, Congress comprehensively reformed and amended the Communications Act of 1934 to “promote competition and reduce regulation” so as to “secure lower prices and higher quality services for American telecommunications consumers” and to “encourage the rapid deployment of new telecommunications technologies.” As amended, the Communications Act distinguishes between lightly regulated “information services” and more heavily regulated “telecommunications services.” It further established that “[i]t is the policy of the United States” to “preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services”—including any “information service”—“unfettered by Federal or State regulation.”
Memorandum of Law in Support of DOJ’s Motion for Preliminary Injunction 3-4 (citations omitted). DOJ further noted that the FCC’s 2018 order sought to return to this “light-touch, market-based framework” and explicitly preempted “any state or local measures that would effectively impose rules or requirements that [the FCC] ha[d] repealed or decided to refrain from imposing in this order or that would impose more stringent requirements for any aspect of broadband service that [it] address[ed] in this order.” Id. at 8. DOJ thus argued that California, by imposing net neutrality rules that the FCC repealed in its 2018 order, acted contrary to this clear preemptive statement, such that the court should enjoin Senate Bill 822.
The Department of Justice has taken no similar action with respect to the CCPA. Nonetheless, a number of industry groups – such as the Internet Association and the Chamber of Commerce – have expressed a fear that California may serve as a bellwether with respect to privacy legislation (as it did with data breach notification laws), leading to a patchwork of conflicting obligations. These groups have thus called for the federal government to put in place, e.g., a “national privacy framework” that is “consistent throughout all states, preempting state consumer privacy and data security laws” (the Internet Association) and/or “a federal privacy framework that preempts state law on matters concerning data privacy in order to provide certainty and consistency to consumers and businesses alike” (the U.S. Chamber of Commerce).
Of course, the DOJ’s recent filing and the call for federal privacy legislation are just the first steps in what promises to be an intricate dance between federal and state lawmakers as they try to get a handle on how to regulate the data economy. California has yet to respond to the DOJ’s lawsuit and we are at the very early stages of thinking about preemptive federal privacy legislation.