The California Privacy Protection Agency Opposes Federal Legislation That Would Weaken State Privacy Protections

Federal data privacy law should not preempt strong state privacy laws

June 3, 2026

SACRAMENTO, CA — The California Privacy Protection Agency (CalPrivacy) yesterday joined a coalition of 18 Attorneys General and state agencies in opposing the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act), a proposed federal data privacy bill. The SECURE Act would result in California’s privacy laws being largely replaced with weaker protections and would hamper the ability of California to adequately protect the privacy of its citizens. In the letter, the coalition calls on Congress to reject the SECURE Data Act, and to respect additional privacy protections states already grant their residents or would provide in future state-level legislation.

“A strong federal privacy law is worth pursuing, but it should not strip away rights that tens of millions of people already depend on,” said Tom Kemp, Executive Director of CalPrivacy. “The SECURE Act would set privacy rights back and make it much harder for consumers to exercise them in this AI-driven world where personal data is being collected at unprecedented scale.”

Comprehensive state privacy laws, such as the California Consumer Privacy Act, have set minimum data privacy standards, including heightened protections for minors and sensitive consumer data, limits on how data may be used and retained, and the ability for consumers to easily stop the sale of their data via universal opt-out preference signals. The SECURE Data Act would wipe out many of these meaningful protections, making it harder for consumers to exercise their rights, give businesses more discretion on how to use and retain their data, and significantly limit enforcement remedies.

For example, the SECURE Data Act could impact California’s popular Delete Request and Opt-out Platform (DROP), a groundbreaking tool that enables consumers to quickly delete personal information from data brokers. More than 300,000 Californians have signed up for the free tool since its launch just five months ago.

In the letter, the coalition argues that the bill moves privacy rights in the wrong direction, leaving consumers worse off and with fewer protections. Any federal privacy framework must leave room for states to legislate responsively to changes in technology and data collection practices, as states are better equipped to address the unique needs of their citizens and quickly adjust to the challenges presented by technological innovation.

In April, CalPrivacy submitted a separate letter opposing the bill.

In sending the letter, CalPrivacy joins the Attorneys General of California, Connecticut, Delaware, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Hampshire, New Jersey, New York, Oregon, Vermont, Virginia, and Washington, as well as the Hawai’i Department of Commerce and Consumer Affairs.

About Us

The California Privacy Protection Agency (CalPrivacy) is committed to promoting the education and awareness of consumers’ privacy rights and businesses’ responsibilities under the California Consumer Privacy Act, Delete Act, and Opt Me Out Act.

Consumers can visit Privacy.ca.gov to access helpful and up-to-date information and tips on how to exercise their rights, protect their personal information, and learn about the Delete Request and Opt-out Platform (DROP). In addition, CalPrivacy’s website provides important information about Board Meetings, announcements, and the rulemaking process.