Last updated: April 21
There’s less a week left in the Washington state legislative session. A few months ago, the Bad Washington Privacy Act (SB 5062) seemed like it was sure to pass. Sen. Reuven Carlyle’s weak, industry-backed bill had sailed through the Senate 48-1 – and House Civil Rights and Judiciary Committee Chair Drew Hansen had refused to give a hearing to Rep. Shelley Kloba’s People’s Privacy Act (HB 1433).
But now, the Bad Washington Privacy Act is on the ropes, with its supporters’ claims of “consensus” revealed as an illusion.
- House committees advanced Rep. Hansen’s version of SB 5062 on straight party-line votes.
Microsoft’s Ryan Harkins advocates for the Bad Washington Privacy Act: “Consent is important, but …” None of that’s a problem from big tech’s perspective. They think the Sen. Carlye’s “Classic” version of the Bad Washington Privacy Act is just fine. It doesn’t make them get consent before exploiting people’s data, it doesn’t let people sue them if they break the law, it’s got all kinds of loopholes and exemptions that neuter enforcement. What’s not to like?
And even though big tech opposes Rep. Hansen’s version, which has some minor improvements such as a very limited private right of action that allows people to sue for injunctive relief (but no damages), that’s probably just posturing for negotiation purposes. Last year, they were willing to settle for a limited private right of action in the final negotiations. As I said in the Appropriations hearing, they’ll probably wind up describing the Hansen version as a “reasonable compromise” – especially if additional amendments to weaken it further.
Because what big tech really really doesn’t like is the Kloba amendents – or the even stronger People’s Privacy Act. Both of these make tech companies get consent before exploiting people’s data. Both of these have much stronger enforcement.
So for the third year in a row big tech and Sen. Carlyle are demanding that legislators let them exploit our data and leaves Washingtonians unprotected. The House said no in 2019 and 2020, but the message clearly hasn’t been received.
This is actually a good reason that the House should pass the Kloba amendments overwhelmingly. It’s a good way to respond to big tech’s insistence that legislators sell out their constituents by saying NO much more loudly – and it also says YES to meaningful privacy protections and holding big tech accountable.
The case for the Kloba amendments
Emilie St. Pierre of Future Ada: “Opt-out doesn’t protect survivors” And there are other even better reasons to pass the Kloba amendmets. Start with the policy case. As 40+ Tech Equity Coalition organizations and allies write
Unlike other versions of SB 5062, Rep. Kloba’s striking amendment has a fully opt-in approach, contains a strong enforcement mechanism with a private right of action including a right to recover damages, allows local jurisdictions to pass stronger laws, and removes some loopholes. Although this amendment can still be improved, it is a big step forward and in line with HB 1433, the People’s Privacy Act, and addresses the four key changes we have recommended be made to SB 5062.
During the hearings and in written comments, experts from groups like Consumer Federation of America, La Resistencia, CAIR Washington, Future Ada, InterIm CDA, EFF, and ACLU of Washington have gone into detail on all of these. On opt-in, for eample, the current bill’s weaker opt-out framework fails to protect immigrants, survivors of stalking, harassment, and domestic violence, and disabled people using screenreader technology.
And as well as being good policy, these are popular positions! Opt-in – making companies should have to get informed consent before they collect, share, or sell your data – typically polls over 80%. Most Washingtonians think they should be able to sue companies who break the law and (if they win) get compensated for the harms that have been done.
And from House legislators’ perspective, a bipartisan attempt to pass good legislation is a much better outcome for both parties than just giving up now. Even if the Senate once again refuses to negotiate, the House passing strong privacy protections would be a significant legislative success that builds even more momentum for the discussions next session.
“Perfect is the enemy of good”
But if the Senate once again refuses to negotiate, then the House has to choose between passing the Bad Washington Privacy Act and nothing. After not getting their way in 2019 and 2020, tech lobbyists take advantage of this by warning legislatures they’ll be seen as legislative failures if they don’t pass something this year. One of their favorite talking points in aid of this is “perfect is the enemy of good”.
But the Bad Washington Privacy Act isn’t good. It’s bad.
Don’t take my word for it. Listen to groups like One America, La Resistencia, CAIR Washington, Future Ada, InterIm CDA, MAPS-AMEN (American Muslim Empowerment Network), Japanese American Citizens League Seattle Chapter, Black Lives Matter – Seattle King County, Puget Sound Sage, the John T. Williams Organizing Committee, Urban League of Metropolitan Seattle, Eastside for All, Real Change, and ACLU of Washington. True, there are also some groups who once the non-profit exemption got added decided that the Bad Washington Privacy Act was good enough. But none of them are looking at it from the perspective of people who are immigrants, people of color, or Muslims.
The Bad Washington Privacy Act is bad – and a bad bill is worse than no bill. So in reality standing up to big tech for a third year in a row will be actually a huge legislative success.
Why is a bad bill worse than no bill? One big reason is that passing the Bad Washington Privacy Act gives the legislature’s endorsement to allowing predatory and exploitative behavior with no real consequences – and lends credence to big tech’s over-inflated claims for how much protection the bill gives people.
In their Senate testimony, tech lobbyists were very candid that one of their goals in passing a privacy law is to reassure people that their data is safe so that they’ll share more. But people’s data won’t actually be safe if the Bad Washington Privacy Act passes. So if legislators pass this bill, they’re encouraging people to think they’re safer than they are – and share more data, putting themselves even more risk.
Another important reason a bad bill is worse than no bill is that once something is passed, it’s very hard to change it. Last year’s legislation on governmental use of facial recognition is an excellent example of this. Since then, the landscape has shifted significantly. Cities including Boston, New Orleans, and Portland have joined San Francisco in banning governmental use. Vermont became the first state to ban it. There’s potential federal legislation, with bipartisan support.
But when this year’s session rolled around, Sen. Carlyle refused to hold a hearing on Sen. Bob Hasegawa’s facial recognition moratorium bill, telling Geekwire he did not feel a need to re-engage in that issue at this time:
“The legislation that we passed last year created a framework for how the public sector and the private sector can utilize facial recognition technology in responsible ways,” he said. “I feel like we made a material and meaningful policy step forward.”
Something similar’s very likely to happen if the legislature passes a bad privacy bill this year. After doing so much work, why not wait to see how it works out before changing it? The illusion of protection today will become a further barrier to real protection tomorrow.
The stakes are high!
But then again, big tech’s influence is strong here. So really, anything can happen.
There’s a lot of other critical legislation still to be resolved as well, and it’s hard to know how much time and energy legislators have to work on the privacy bill. On the one hand that makes it less likely that anything will happen … on the other hand, this is exactly the kind of situation where big tech could try to sneak something through.
Whatever happens this year, the dynamics will be very different when the battle continues in next year’s legislative session. As we’ve been fighting the bad bill, we’ve also gotten a chance to do more advocacy for the good features of the People’s Privacy Act.
The People’s Privacy Act protects people, not corporations, and has bi-partisan sponsorship as well as broad support from immigrant rights, civil rights, civil liberties, consumer, and grassroots activism groups. It’s a much better starting point for next year’s discussion than the Bad Washington Privacy Act was this year.
Another way the dynamics will hopefully be different next year would be if Senate Democrats will wake up and smell the coffee. Sen. Carlyle’s approach hasn’t worked in the past and so is not likely to work in the future. They really should put somebody else in charge next year.
And whatever happens in Washington has ramifications in other states as well as with federal legislation. If the Bad Washington Privacy Act passes here, it will reinforce the strategy Todd Feathers discusses in Big Tech Is Pushing States to Pass Privacy Laws, and Yes, You Should Be Suspicious – and be a shot in the arm for Rep. DelBene’s very similar bad federal legislation. But if big tech’s plans once again get derailed here in Microsoft’s and Amazon’s home state … that could cause some broader hiccups as well.
So the stakes are high as Washington’s short legislative session wraps up. Stay tuned for more!
And, when you get a moment, please tell your legislators not to sell us out to big tech! Ask them to SUPPORT the Kloba amendments – and OPPOSE the Bad Washington Privacy Act if the amendments don’t pass.
UPDATE, after the session
It went down to the wire, and final “negotiations” reportedly included Sen. Carlyle holding another bill hostage unless members caved and passed the Bad Washington Privacy Act. But at the end of the day, enough progressive House Democrats opposed the bill that there weren’t quite enough votes to get it past united Republican opposition, and the legislature adjourned “sine die” without taking any action on the Bad Washington Privacy Act.
It’s another huge win for grassroots activism. As Indivisible Plus Washington says in The Bad Washington Privacy Act has been defeated!
This is the third year in a row that the House has rejected tech lobbyists’ attempt to push through a weak, industry-backed “privacy” bill. Thanks to all the legislators involved….
And thanks as well to everybody who got involved with the activism. Every phone call, email, and meeting helped make a difference.
At the start of the session everybody thought the Bad Washington Privacy Act was almost certain to pass, and after the Senate 48–1 vote it seemed like a done deal. But once again the Tech Equity Coalition took the lead, and lots of us joined in to help with creative and persistent activism. Now, we’ve now got a huge amount of momentum, and a great opportunity to build on this win to get something strong passed in 2022. Not only that, we’re likely to influence the debate in other states and nationally as well.
UPDATE, after the 2022 session
It’s time for Washington to pass strong privacy legislation!, Feb 14 💘 Update, The situation is … fluid, and It ain’t over till it’s over tell the story of the 2022 session. The new Foundational Data Privacy Act, sponsored by Representatives Slatter and Berg, got off to a promising start, tech lobbying kicked into overdrive, and there were once again missed deadines and shenanigans. By the time it got HB 1850 got out of Appropriations it had been butchered and turned into a “compromise” vehicle to pass … SB 5062, the Bad Washington Privacy Act! Sen. Carlyle had announced that he’d be retiring after the session but his last try at the apple ended the same way the previous ones did. The session adjourned “sine die”, and the Bad Washington Privacy Act was 0-for-4.
