In the late 19th century, Samuel Warren and Louis Brandeis published the \u201cRight to Privacy,\u201d articulating for the first time in the United States a privacy right, defining it as the \u201cright to be let alone.\u201d\nOver the next nearly 130 years, US law on privacy continued to develop through common law torts, constitutional interpretation, the implementation of the Fair Information Practice Principles and the development of federal and state sectoral privacy law. Despite being a global leader on privacy, however, the US never developed a comprehensive federal privacy law to regulate the commercial use of information, or data; instead enacting laws to protect particularly sensitive personal data privacy, such as financial, health and children\u2019s information.\nThe rest of the world, in contrast, began regulating information privacy as a comprehensive national concern. This national-level comprehensive approach corresponded with the enormous growth of the global digital economy, spearheaded by the commercial Internet and unprecedented global connectivity. Suddenly, data, which lacks any intrinsic value, became valuable based on how it could be processed to generate value. Now, data is integral to our national economy, the global economy and trade.\nA recently released issue brief from the Software Information & Industry Association (SIIA) titled \u201cPreemption and Privacy: Primer on Legal and Policy Considerations\u201d makes this point and then discusses two legislative proposals for how to structure a preemption provision in a much needed strong federal privacy law.\nPreemption needed for consumers, industry and for American global leadership\nThe regulation of personal data is a matter of national and global economic concern due to unprecedented global connectivity, the value of cross-border data flows and its implications for digital trade. A federal privacy law will have national economic impact because federal privacy legislation will regulate beyond tech, impacting traditional businesses and small- and medium-sized enterprises (SMEs).\nData has an incontrovertible impact on the national economy, which is why Congress should counteract potential harms to SMEs and the global economy and our national economy by enacting a harmonized data privacy standard for the benefit of our economy, consumers and innovation. Finally, preemption is needed to ensure that the United States can exercise leadership in international privacy, digital trade and technology policy discussions.\nTargeted preemption still allows states flexibility\nThe preemption doctrine is generally used to provide uniform rules for areas of national (and international) import, and it is critical that policymakers consider preemption when drafting legislation, even if they do not concede their support for preemption until a bill is ready for vote. A well-crafted preemption provision can ensure that the federal privacy law provides equal protections for all consumers, irrespective of their state of residence, while leaving intact state laws which regulate personal data (directly or indirectly) that have a uniquely local concern and execute the state police powers.\nSo legislators should identify the types of state laws a federal privacy law should exclude from preemption (including consumer protection laws except to the extent they are enforced to regulate personal data; criminal laws; laws relating to wiretapping, the protection of Social Security numbers, identity protection, or student privacy; and state constitution, contract and tort laws) and the expectation that any preemption provision will retain the federal sectoral model, including some state laws that are permitted by the savings and preemption clauses of those federal sectoral laws.\nThese sectoral laws are the Health Insurance Portability and Accountability Act, (HIPPA), the Family Educational Rights and Privacy Act (FERPA), the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB) Act. Moreover, there are unique concerns that children\u2019s and students\u2019 privacy present, with the Children\u2019s Online Privacy Protection Act\u2019s (COPPA) express preemption provision and the uniquely local concerns surrounding student privacy.\nProposals for how to make preemption work leave states with flexibility\nThere are two legislative proposals on preemption worth considering: the Information Transparency & Personal Data Control Act (H.R. 2013) and the Intel Privacy Bill. These proposals, along with research recently released by the Congressional Research Service, leave significant room for state regulation while harmonizing information privacy generally. Congress could \u00a0further clarify the provisions to ensure the law:\n\nExcludes from preemption all state and local consumer protection laws (except to the extent they regulate personal data collection and processing)\nUnambiguously saves state constitutional, trespass, contract, or tort law except to the degree the law is enforced to govern personal data collection and processing\nProtects state laws banning revenge pornography (unless the federal privacy law includes a provision regulating this at the federal level)\n\nCongress could further consider inserting an expanded savings clause to clarify its intent that the federal privacy law does not supersede the federal sectoral privacy laws, as well as other privacy laws relating to how public entities (such as government agencies) collect and process personal data.\nIt's complicated\u2026\nAs with so much in the privacy debate, preemption is complicated. And while preemption would give the federal government the lead, it does not mean that states would not continue to be important players. They will continue to be able to legislate in areas particular to their jurisdictions and current federal sectoral laws. Moreover, there is a growing consensus that state Attorneys-General will, together with FTC, enforce a federal privacy law, which would open up a new area of significant state action in the privacy space.