To Pre-empt or Not To Pre-empt: Is That Really the Question?

Susan Grant, Vice President, Public Policy
National Consumers League

To Pre-empt or Not To Pre-empt: Is That Really the Question? [pdf]

The usual argument advanced by business for federal pre-emption of state consumer privacy law is that state regulation is too burdensome in a marketplace that now extends beyond state and even national borders. Complying with fifty different state laws would be too expensive and difficult.[1] That sounds like a reasonable argument. But are these objections valid, and what are the motivations behind them? Shouldn't the focus of the discussion be on determining what works best to protect consumer privacy?

Often when businesses argue for state pre-emption, they also assert that there really isn't any need for state or federal law at all, because the market polices itself. Every now and then, a scandal of sufficient proportion, such as the recent financial shenanigans engaged in by some corporations, illustrates the feebleness of that argument and shines a bright light on what happens when efforts to weaken existing consumer protections and resist tougher regulation succeed.

Stories about stock manipulation, tainted foods, and other problems in the marketplace also reveal that federal agencies charged with protecting the public are ill-equipped and underfunded. To supplement federal capabilities, it is critical that state laws and enforcement ensure that consumers are treated fairly and protected from harm.

Businesses engaged in interstate commerce already comply with an array of state consumer laws and regulations. States have historically exercised an interest in protecting consumer and individual rights.[2] States have long regulated insurance, charitable solicitations, multilevel marketing, weights and measures, advertising, securities, and other interstate activities. Business practices that are fairly well regulated on both the state and federal level, such as telemarketing, appear to be thriving.[3] Advances in technology enable businesses to operate more efficiently and to comply with applicable laws more easily. Telemarketers can, for example, use services that electronically screen their lead lists against the do-not-call criteria that vary widely among the more than twenty states that have enacted such calling restrictions.[4]

Because they are closer to the people, state governments are usually the first to act when it becomes clear that new consumer protections are needed or existing laws are being violated. For example, the states responded to the growing public demand for privacy protection from unwanted sales calls long before the federal government finally acted.

The courts have upheld legislation in the state of Washington regulating unsolicited email.[5] Minnesota's Attorney General brought several legal actions to protect the privacy of consumers in that state.[6] California created an Office of Privacy Protection within the state Department of Consumer Affairs[7] and enacted a variety of privacy protection laws, among them legislation concerning the truncation of consumers' credit card numbers and the display of social security numbers.[8]

It is precisely this activity at the state level that has spurred some in the business community to assert that any federal privacy legislation should pre-empt the states. They would prefer a weak federal law with only one overworked and understaffed cop to stronger requirements enforced by fifty. They claim that state regulators are mainly concerned with getting publicity for themselves. But all government officials understandably want to get credit for the work they do for the public good, and it is also important to inform consumers when they may be eligible for relief or compensation. There is no reason to question the sincerity of those officials when they hold press conferences to announce lawsuits or settlements.

Consumer protection is a responsibility best shared by state and federal government. Effective self-regulatory programs and the activities of nonprofit watchdog groups can also play an important part in protecting consumer privacy. Businesses that follow the highest standards of conduct are unlikely to run afoul of action by regulators at any level of government. Federal privacy legislation that sets high standards would go a long way to protecting consumers' personal information, but states must retain the power to act to address gaps left by federal privacy law, or circumstances which they believe require stronger protection.

For example, while federal laws only require credit bureaus to provide consumers with free reports in narrow circumstances, such as when consumers are declined for credit on the basis of information in the report or have fallen victim to fraud[9], some states give consumers the right to request free reports once a year so they can better monitor them for accuracy.[10] California has recently enacted legislation to bar social security numbers as identification numbers and for other uses that needlessly expose them to those who have no valid reason to see them. This action will have the practical effect of changing business practices nationwide � and that's a good thing.

Optimally, states must act as partners with the federal government in protecting consumers' privacy. The Telemarketing Consumer Fraud and Abuse Prevention Act[11], which does not pre-empt state telemarketing laws and also gives states the authority to enforce the federal law, serves as a successful model of this state/federal partnership. In creating a national do-not-call registry, the Federal Trade Commission is not proposing to pre-empt the states, but rather to work with their own do-not-call lists. While such a partnership is an unpopular idea with some businesses that worry about the possibility that one attorney general could obtain a court order that would govern a company's conduct in every state, an action brought by a federal agency would lead to the same result. So what is the point of their objection? No valid argument is to be made for reducing the potential for both strong privacy protection requirements and of enforcement action to back them up.

If we want to promote electronic commerce and other forms of trade in the increasingly global marketplace, we must get serious about privacy protection. Instead of spending time and energy fighting off the states and trying to block meaningful federal legislation, businesses should focus on getting their own privacy practices and policies in order and support strong federal privacy protection. That will protect their self-interests in terms of avoiding litigation, encourage consumer confidence, and improve the long-term prospects for economic growth.

Notes

[1] See Comments of the Direct Marketing Association, Inc. and the U.S. Chamber of Commerce on the Telemarketing Rulemaking, FTC File. No. R411001, April 15, 2002, p 24. http://www.ftc.gov/os/comments/dncpapercomments/04/dma.pdf>, also testimony of Paul Misener, Amazon.com, before the Senate Committee on Commerce, Science & Transportation on the Online Personal Privacy Act, April 25, 2002, pg 2, 21 http://commerce.senate.gov/hearings/042502misener.pdf.pdf.

[2] The states have a long history of regulating against unfair business practices and protecting citizens' rights. Cedar Rapids Cellular Telephone v. Miller,__ F.3d__, 2002 U.S. App. LEXIS 2373 (8th Cir. 2002).

[3] See DMA/U.S. Chamber of Commerce Comments, p 5, It is expected that consumer telemarketing will grow by 8.0% per year to an expected $402.8 billion in 2006.

[4] One such service is Gryphon Networks, http://www.gryphonnetworks.com/.

[5] http://www.wa.gov/ago/releases/rel_spam_060701.html.

[6] http://www.ag.state.mn.us/consumer/privacy/privacy_law.htm.

[7] http://www.privacy.ca.gov/.

[8] http://www.privacy.ca.gov/laws.htm>.

[9] 15 U.S.C. § 1681j (Section 112).

[10] See for example, Vermont statute 9 V.S.A. § 2480c.

[11] 15 U.S.C. 6101-6108.