A Digital Privacy Bill Dies in Washington
What does it mean that last night, for the third year in a row, lawmakers in Washington State closed out their legislative session without passing a bill to give their constituents basic online privacy rights?
At first blush, the repeat failure might sound like a dereliction of duty.
Nearly 90 percent of Americans say they want more control over their online data, according to a survey conducted last fall. Close to two thirds of Americans, according to that same survey, believe they should get to decide whether or not companies like Amazon, Facebook, and Google are allowed to collect information about them in the first place.
There’s no federal digital privacy law in this country, so the so-called Washington Privacy Act would have given people in one U.S. state a measure of the control they seek. It stood to become “the strongest privacy law in the United States,” according to a representative of Microsoft who testified at a hearing on the bill in March. The measure had earlier sailed out of the state senate on a nearly unanimous vote and, for a time, lobbyists for Big Tech were cheering for its swift approval in the state house, too.
So what happened?
Consumer advocacy groups, as in years past, raised alarms. They said this industry-backed proposal was not actually that great. They said it was stuffed with “loopholes and exemptions,” and they warned it could set a dangerous precedent. For example, the bill still required people to “opt out” of certain types of data collection, meaning the default would remain that companies could go ahead and collect the data. Many digital privacy advocates say the default should instead be zero data collection, with a universal “opt in” system allowing people to make an affirmative choice before companies can harvest their personal information, re-sell it, and use it to target them with ads.
In the version of the Washington Privacy Act that flew out of the state senate, the bill also denied people the right to sue companies that violate their digital privacy rights. Staving off any “private right of action” that allows people to take tech giants to court is a major goal of tech lobbyists, who say they’re just trying to prevent a ruinous wave of frivolous lawsuits. In response, advocates like Jennifer Lee of the ACLU’s Technology and Liberty project ask: “If you can’t enforce your rights, are they actually meaningful?”
The resulting battle this year at the Washington State capitol represented just one front in a long-smoldering, nationwide war over the future of online privacy rights. It was a notable front, given that Washington State, the birthplace of Microsoft and Amazon, has become a major tech hub brimming with Facebook and Google workers and an array of startups. If serious progress on this thorny issue could be made in a state where tech workers and their bosses have serious clout, wouldn’t that be something?
But as an investigation by The Markup recently noted, Washington State, for all its uniqueness, is in the big picture just one more U.S. state where tech giants have been financing a massive lobbying push that promotes “watered-down ‘privacy’ legislation.” More stringent privacy efforts—like the failed People’s Privacy Act in Washington State—have been opposed or successfully snuffed out by the industry.
When Democrat Drew Hansen, chair of the house Civil Rights & Judiciary Committee, decided to make changes to the senate’s version of the Washington Privacy Act that included adding a very limited private right of action, he was essentially asking the question of the moment: Would lobbyists representing Big Tech keep on cheering for “the strongest privacy law in the United States” if someone made it even stronger?
The answer was no. The same lobbyists who’d been heartily blowing wind into the sails of the Washington Privacy Act now swung hard against it, urging its defeat and warning that its passage would mean “opening the floodgates for class-action liabilities.”
In a liberal, tech-centric state like Washington, any bill that’s opposed by both Big Tech and the ACLU has a very narrow road to travel. It may well find that it has no road left at all, which appears to be what happened this year to the Washington Privacy Act.
Now all that’s left is positioning for the next fight.
“For years, privacy, consumer rights, racial justice, and civil rights advocates have continuously called for meaningful privacy regulations that empower people to control their information,” said Lee of the ACLU. Washington’s Privacy Act, she continued, “did not meet bare minimum standards to protect people’s privacy and would have legitimized a status quo that protects big tech companies, and not people… We are looking forward to working over the interim with lawmakers, those who have engaged diligently, and those who have expressed interest in learning more, to push forward strong privacy protections in the next legislative session.”
The prime sponsor of the Washington Privacy Act for the last three years, Democratic State Senator Reuven Carlyle, tweeted that he’s looking ahead to next year’s session, too. Carlyle also made an effort to cast Big Tech’s nationwide push for bills mimicking the failed Washington Privacy Act as a compliment (a very different take than The Markup’s). And Carlyle cast “uncompromising” Democrats in the state house as the reason Washingtonians still, to this day, have “no privacy rights.”
That’s one perspective. Another is that in our interconnected world, an issue like digital privacy is never going to be fully addressed without a nationwide law. What if a Washingtonian travels to Oregon? What if a company based in Silicon Valley tries to argue that some aspects of its services can’t actually be reached by Washington lawmakers?
In the final analysis, it is Congress that has left Washingtonians with “no privacy rights”—and Oregonians, and New Yorkers, and Floridians, and Texans.
“I would be delighted if Congress were to pass a strong, nationwide, pro-consumer privacy statute,” Rep. Hansen said. He made clear that he thinks any nationwide law should include some private right of action for consumers. (As a long-stalled proposal by Washington Senator Maria Cantwell does.) But Rep. Hansen also expressed the pessimism that many have come to feel after years of inaction in DC.
“I think it’s going to be very difficult,” he said.
Some of the stories I’ve been reading this week:
• A “global tipping point” for tech has arrived — So says The New York Times, writing: “Never before have so many countries, including China, moved with such vigor at the same time to limit the power of a single industry.”
• Social media censorship in India — Amid a brutal surge of pandemic deaths, the government has ordered Facebook, Twitter, and Instagram to remove some posts that criticize how officials have handled the crisis. So far, the companies are complying.
• A new Apple feature to limit tracking — The Washington Post explains why you should tap “Ask App not to Track.”
• Internal Facebook report says the platform was used to foment the Capitol insurrection — “Facebook failed to stop a highly influential movement from using its platform to delegitimize the election, encourage violence, and help incite the Capitol riot,” Buzzfeed reports.
• Steve Bannon, giving me Rudy Giuliani flashbacks —
Questions? Tips? Comments? firstname.lastname@example.org