Oct 102018

California and Preemption

Alan Charles Raul and Christopher Fonzone
, , , ,

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy.  Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates.  First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year.  Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States.  As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts. 

With respect to net neutrality, the Department of Justice (DOJ) has already made its view known.  On the day the bill California enacted Senate Bill 822, DOJ filed a complaint and motion arguing that, pursuant to the Supremacy Clause and federal statutes, the FCC “sets uniform, national policies governing interstate communications, and contrary states laws” like California’s “are preempted.”  In its filing, DOJ emphasized that:

In the Telecommunications Act of 1996, Congress comprehensively reformed and amended the Communications Act of 1934 to “promote competition and reduce regulation” so as to “secure lower prices and higher quality services for American telecommunications consumers” and to “encourage the rapid deployment of new telecommunications technologies.”  As amended, the Communications Act distinguishes between lightly regulated “information services” and more heavily regulated “telecommunications services.”  It further established that “[i]t is the policy of the United States” to “preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services”—including any “information service”—“unfettered by Federal or State regulation.”

Memorandum of Law in Support of DOJ’s Motion for Preliminary Injunction 3-4 (citations omitted).  DOJ further noted that the FCC’s 2018 order sought to return to this “light-touch, market-based framework” and explicitly preempted “any state or local measures that would effectively impose rules or requirements that [the FCC] ha[d] repealed or decided to refrain from imposing in this order or that would impose more stringent requirements for any aspect of broadband service that [it] address[ed] in this order.”  Id. at 8.  DOJ thus argued that California, by imposing net neutrality rules that the FCC repealed in its 2018 order, acted contrary to this clear preemptive statement, such that the court should enjoin Senate Bill 822.

The Department of Justice has taken no similar action with respect to the CCPA.  Nonetheless, a number of industry groups – such as the Internet Association and the Chamber of Commerce – have expressed a fear that California may serve as a bellwether with respect to privacy legislation (as it did with data breach notification laws), leading to a patchwork of conflicting obligations.  These groups have thus called for the federal government to put in place, e.g., a “national privacy framework” that is “consistent throughout all states, preempting state consumer privacy and data security laws” (the Internet Association) and/or “a federal privacy framework that preempts state law on matters concerning data privacy in order to provide certainty and consistency to consumers and businesses alike” (the U.S. Chamber of Commerce).

Of course, the DOJ’s recent filing and the call for federal privacy legislation are just the first steps in what promises to be an intricate dance between federal and state lawmakers as they try to get a handle on how to regulate the data economy.  California has yet to respond to the DOJ’s lawsuit and we are at the very early stages of thinking about preemptive federal privacy legislation.

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Christopher Fonzone

cfonzone@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

U.S. Employers Need to Reconsider Use of Confidentiality and Nondisparagement Provisions in Light of New NLRB Decision

Employers frequently seek to include confidentiality and nondisparagement provisions in severance agreements provided to departing employees. Last week, the U.S. National Labor Relations Board (NLRB or Board) significantly altered the legal landscape governing such provisions, making it much more difficult for unionized and nonunionized employers alike to use them for nonsupervisory employees without running afoul of the National Labor Relations Act (NLRA). The decision is likely to be appealed, and we will issue updates as they become appropriate. In the interim, however, it is critically important for employers to understand the implications of the decision (see below) and to adjust their use of these provisions to limit their risk.

Illinois Supreme Court Clarifies Accrual for Illinois Biometric Privacy Act Claims

For the second time in two weeks, the Illinois Supreme Court clarified the scope of the Illinois Biometric Privacy Act (BIPA) — this time in Cothron v. White Castle. The court, in a 4–3 decision, held that BIPA claims accrue each time biometric data is collected or transmitted, and not just the first time.1