When the Legislature passed the California Consumer Privacy Act last year, it touched a match to a tinderbox of concerns about how much of our personal information is outside the protection of federal laws. Now companies of all kinds are lining up to support federal data-privacy rules — so long as those would preempt the CCPA and any similar state privacy laws.

That upsets some privacy advocates and California representatives in Congress, who are threatening to take a hard-and-fast position that the CCPA must be insulated. “California’s law is best,” said Rep. Jackie Speier (D-Hillsborough), “why would we want to preempt it?”

As the first state law to regulate online privacy (it’s set to go into effect in January) and with that law coming from the nation’s most populous state, the CCPA will have widespread impact. But as a model for meeting the challenges of today’s data explosion, it falls short of setting the gold standard. The right federal law can provide broader and stronger protection.

Central to the CCPA are a “right to know” what information businesses collect about you and whether it is shared or sold, and a “right to opt out” from the sale of personal information. These elements increase individual control over personal data, but this exclusive focus on control is squarely in line with legacy laws and regulations that rest on faith in consumers making choices to protect their individual privacy.

Full article below