WASHINGTON — The House Financial Services Committee has approved a
The bill passed in a 26-21 vote, with some notable critics on the Democratic side of the aisle expressing concerns that it would set a ceiling, rather than a floor, on data privacy legislation across different states.
"The bill includes a broad preemption of state laws," said Rep. Maxine Waters of California, the ranking Democrat on the committee. "Republicans often like to tout the importance of empowering states to make decisions and to be the laboratory for innovation, but when Wall Street or payday lenders come knocking, Republicans are quick to preempt any state law that provides greater protections for their constituents."
McHenry said that the bill would provide a consistent standard, lowering confusion for consumers and giving companies that hold consumer data a more straightforward set of rules to follow rather than a patchwork of state laws.
"There should be consistency across the country," McHenry said. "If a family moves from, say, California to Texas, it doesn't make sense for the guardrails around their personal financial data to change. A national standard will provide certainty to both consumers and the entities that handle their data."
Some banking industry trade groups say that the state preemption would be helpful.
The American Bankers Association said that it supports the "meaningful preemption provision," but that the group is concerned with "certain provisions that would create new opt-out rights." The trade groups said they would "strongly oppose" any provision that would change any opt-out provision to an "opt-in regime," whereby consumers would have to actively approve the use of their financial data, rather than simply having the option to pull it back.
The Bank Policy Institute called the legislation "a step in the right direction," and said that any bill around this issue should help even the playing field between banks and nonbank financial services players.
"Although banks have been held to robust privacy standards for decades, many nonbank firms that handle customers' sensitive financial data have not," the group said in a statement. "Any revamp of financial privacy law should ensure all financial services providers are required to keep customers' data safe."
A group of consumer advocates, meanwhile, also took issue with the state preemption provision. In a news release from the National Consumer Law Center — which was joined by U.S. Public Research Interest Group, Consumer Action and Public Citizen, among others — said the measure that would preempt state laws could also nullify state privacy law regarding other kinds of data, including medical debt that might show up on a consumer's credit report. Maine and Texas, for example, have these laws, and Colorado and North Carolina have introduced these bills.
"This bill largely fails to offer new meaningful protections for consumers," said Ruth Susswein, Consumer Action's director of consumer protection. "Instead it would substitute a weaker framework, roll back stronger state laws, and leave consumers worse off than they are now."
Along with the data privacy bill, the committee advanced a number of bipartisan pieces of legislation to the full House. One includes the