California Privacy Protection Agency Releases Letter Opposing the SECURE Data Act

April 27, 2026

SACRAMENTO, CA — Today, the California Privacy Protection Agency (CalPrivacy) sent a letter to the House Energy and Commerce Committee opposing H.R. 8413, the SECURE Data Act.  

The SECURE Data Act is federal privacy legislation that seeks to wipe out state privacy laws — including the California Consumer Privacy Act (CCPA) and the California Delete Act — and set a low national ceiling on privacy rights. The letter urges Congress to follow the precedent of numerous other federal privacy laws and set a floor of protections that allows states to adopt stronger protections.  

The SECURE ACT has a broad preemption provision that seeks to cancel many existing rights under the CCPA and Delete Act, as well as similar rights in other states. For example, 40 million Californians would no longer be able to use the consumer-friendly Delete Request and Opt-out Platform (DROP) to request that all registered data brokers delete their personal information.  

Similarly, it would become harder for people to exercise their privacy rights, as businesses would no longer be required to honor opt-out preference signals (OOPS). This would impact more than 100 million Americans who live in states like California that require businesses to comply with OOPS. Additionally, businesses would no longer be required to restrict their collection and use of personal information to purposes that meet consumers’ reasonable expectations.  

“A strong federal privacy law is worth pursuing, but it should not strip away rights that tens of millions of people already depend on,” said Tom Kemp, Executive Director of CalPrivacy. “The SECURE Act would set privacy rights back and make it much harder for consumers to exercise them in this AI-driven world where personal data is being collected at unprecedented scale.”  

States have led on privacy for decades. California, for example, passed the nation’s first data breach notification law in 2002 and the first broad consumer privacy law, the CCPA, in 2018. Since then, more than 20 other states have passed their own privacy laws. Unfortunately, the SECURE Data Act seeks to eliminate states’ ability to develop solutions to the privacy challenges their residents face.  

“At a time when technology is moving faster than ever, limiting states’ ability to protect consumers beyond the federal minimum would dismantle longstanding safeguards for Californians,” said Maureen Mahoney, CalPrivacy’s Deputy Director of Policy & Legislation. “This bill will block essential flexibility and innovation.” 

About Us

The California Privacy Protection Agency (CalPrivacy) is committed to promoting the education and awareness of consumers’ privacy rights and businesses’ responsibilities under the California Consumer Privacy Act, Delete Act, and Opt Me Out Act.

Consumers can visit Privacy.ca.gov to access helpful and up-to-date information and tips on how to exercise their rights, protect their personal information, and learn about the Delete Request and Opt-out Platform (DROP). In addition, CalPrivacy’s website provides important information about Board Meetings, announcements, and the rulemaking process.