United States of America: California Privacy Protection Agency issued letter opposing Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act)

On 27 April 2026, the California Privacy Protection Agency issued a letter to the United States House Committee on Energy and Commerce opposing the Bill on Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act), which would pre-empt comprehensive state privacy laws affecting over 100 million Americans across multiple jurisdictions. It was stated that the proposed federal legislation would significantly weaken existing consumer protections by eliminating requirements for businesses to honour opt-out preference signals, removing California's pioneering data broker deletion tool (DROP) that has already processed 280,000 deletion requests. It was stated that it would also substantially reduce data broker disclosure requirements regarding sensitive data collection and sharing with foreign actors, permitting deceptive dark patterns in consent mechanisms, capping consumer privacy requests to two per year, and weakening data minimisation obligations to apply only to collection rather than use and sharing. It was further stated that it would establish weaker purpose limitation standards that ignore consumer expectations, imposing no limits on data retention, narrowing the definition of sensitive personal information to exclude Social Security numbers and genetic data, and constraining enforcement authority solely to the Federal Trade Commission and state Attorneys General rather than dedicated privacy agencies. The Privacy Protection Agency emphasised that federal privacy legislation should establish baseline protections while preserving states' authority to adopt stronger laws, and urged the Committee to reject the bill.