For the fourth year in a row, our state Legislature is once again attempting to create a new law to protect our privacy. However, the latest version would fundamentally impair the functioning of online apps and tools as we know them today.
It is sad that our state, which emerged as an early leader in crafting meaningful and useful regulations to protect our privacy, is still fiddling around with fringe definitions and processes while Europe and other U.S. states have enacted comprehensive legislation.
Indeed, this year’s House Bill 1850 is piling a collection of poorly defined restrictions that hinder your ability to use the internet — but accomplish little to protect your privacy. In some ways, the bill makes it harder to achieve its own stated privacy goals. There are some intriguing concepts in the bill around the creation of the Washington State Consumer Privacy Commission, but it fails to build on work already done on this model and creates confusion rather than clear accountability.
Proponents would have you believe there are no privacy policies in place. Not true. The Europeans created a global standard for privacy protection with implementation of the General Data Protection Regulation (GDPR). Every American is receiving benefits from privacy policies imposed by GDPR. California subsequently imposed a new law, based in large part on GDPR, and after some revisions, we now have the California Privacy Rights Act (CPRA) as the de facto U.S. nationwide standard. Every Washingtonian already has benefits that stem from the privacy policies in the GDPR and the CPRA statutes. Companies large and small implement privacy policies to comply with these standards in any location, including our state.
There is bitter irony in all this. Washington’s state Senate, under the leadership of state Sen. Reuven Carlyle, spent several years crafting and refining new legislation that would improve upon GDPR and CPRA. Last year, the Senate passed The Washington Privacy Act (Senate Bill 5062) with a near-unanimous vote of 48 in favor and one opposed. This proposal reflected years of consensus negotiations with a complex set of stakeholders, and it would have been the country’s strongest privacy bill. However, in the House, it was at first rejected summarily, then suffered uninformed markups and ultimately died.
In fact, the Washington Privacy Act was so strong that it was used as the baseline for laws that are now in place in Virginia and Colorado and under consideration in Alaska, Indiana, Massachusetts, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, and Vermont. You read that right. The Washington Privacy Act, which has not passed the House in our own state, is the foundation for law in 12 other states.
The argument that Washingtonians are in the privacy wilderness is specious and designed to scare you. We are already receiving the benefit of thousands of companies large and small who are complying with GDPR and CPRA. We should have passed Senate Bill 5062 and begun to focus on investing into a strong startup ecosystem and workforce development plan so that our state stops bleeding talent, jobs and investment to other states.
Call your legislators and ask them to stop looking backward. Pass Senate Bill 5062 so we can restore Washington’s position as a leader on this important issue.