AG Bonta, nationwide officials urge Congress to reject proposed privacy bill
A coalition led by California Attorney General Rob Bonta urged Congress to reject a proposed federal data privacy bill, arguing it would undermine states’ ability to protect the privacy of their citizens.
In a letter to Congressional leaders on Tuesday, the coalition — including 18 attorneys general and state agencies — voiced strong opposition to H.R. 8413, the Securing and Establishing Consumer Uniform Rights and Enforcement over Data, or SECURE Data Act.
The group argued that the bill’s “minimal” privacy protections could quickly become outdated as technology rapidly evolves and, more significantly, that it would override stronger state laws already in place.
“Federal action to protect Americans’ privacy is essential, but not at the expense of the strong state laws that already protect Californians,” Bonta said in a statement on Tuesday. “As tech and data collection practices rapidly innovate, it is essential states keep our ability to respond just as rapidly to protect our residents from emerging privacy threats.”
The bill, sponsored by U.S. Rep. John Joyce, R-Penn., was introduced in the House Committee on Energy and Commerce on April 21. The committee held a hearing on the measure on Wednesday, but did not vote on it.
The privacy battle
Under the 2018 California Consumer Privacy Act, or CCPA consumers have the right to know what personal information businesses collect from them and how that information is used and shared. They also have the right to opt-out of data collection and request the deletion of their information, with few exceptions.
Similar comprehensive privacy laws have been enacted by 19 other states, according to the coalition.
In the Tuesday letter, the coalition said the SECURE Data Act would not require businesses to honor consumer opt-out requests — a protection mandated by 12 state privacy laws. Instead, it only directs the U.S. Secretary of Commerce to study universal opt-out methods over a period of three years without requiring businesses to comply with them.
The bill also falls short on limiting how businesses collect, use, share and retain consumer information, the group said. As it is currently proposed, the bill would only limit data collection to “what is adequate, relevant and reasonably necessary.”
The coalition said those loose limitations would further incentivize businesses to pack privacy policies with “any-and-all possible uses” of consumer data, which it said increases the risk of data breaches and misuse.
Officials also argued that the bill’s narrow definitions of “sensitive data” and expanded exemptions would weaken existing state privacy protections — including protections for minors. As drafted, some health-related and biometric information currently protected could fall outside the bill’s privacy safeguards, Bonta and elected officials wrote.
“The SECURE Data Act would wipe out these meaningful protections,” a spokesperson for the Attorney General’s Office wrote in a statement.
The coalition also criticized a provision that would allow companies to charge consumers for exercising their privacy rights under specific circumstances, creating what the coalition argued are “perverse incentives for data collection and privacy compliance” and imposing “unjust barriers” for consumers seeking to assert their data protection rights.
“The act moves privacy rights in the wrong direction, leaving consumers worse off and with fewer protections,” the coalition wrote in the letter.
California’s ongoing consumer data conflicts
Bonta’s opposition to the bill is not the first consumer privacy battle to hit California in recent years, as consumer-data concerns proliferate with rapid technological advancement.
California Senate Bill SB 690, introduced in the legislature last year, seeks to amend the 1967 California Invasion of Privacy Act, or CIPA, which prohibits the monitoring, interception, and recording of private communications without explicit all-party consent.
Citing “frivolous lawsuits” that have targeted small businesses for collecting certain data through website operation and Google advertising, the bill aims to exempt businesses from criminal or civil penalties when gathering consumer data for “commercial business purpose.”
Under the current law, plaintiffs can receive up to $5,000 for each violation of the CIPA.
Opponents to the bill, however, argued that it would allow companies to collect sensitive data and sell it to third-parties without limitations. An analysis prepared for the Assembly Public Safety Committee also concluded that the CCPA would not suffice to protect consumers’ data if the CIPA were eliminated, according to previous Bee reporting.
This story was originally published June 5, 2026 at 4:30 AM with the headline "AG Bonta, nationwide officials urge Congress to reject proposed privacy bill."
