The lobbyist representing Big Tech was adamant: lawmakers should pass the controversialWashington Privacy Act, a state-level attempt to deal with the perpetual failure of the US federal government to issue digital privacy rules that would protect American consumers from having their personal information collected, sold, and shared against their will by tech companies.
Samantha Kersul, representing the lobbying groupTechNet, testified that in contrast to the ongoing inaction in the nations capital, The Washington Privacy Act is the most well-worked and well-negotiated privacy bill in the country.She urged a yes vote.
That was last month. As this month began, Kersul was again in front of Washington sate lawmakers, this time reading from a very different script. Her group, TechNet, has powerful membersthat include Google, Apple, Amazon, Zoom, eBay, Lyft, and many other large digital firms, and she was now urging opposition to the Washington Privacy Act, warning that a yes vote would mean opening the floodgates for class-action liabilities.
Between the March and April hearings, the Washington Privacy Act was revised by a Democratic house committee chair to include a limited right for consumers to take tech platforms to court for privacy violations. In policy and legal circles, this is known as granting consumers a private right of action, and its a red line for tech lobbyists who have now turned en masse against Washington states proposal.
Even Microsoft, which has pushed this bill for years, appears to be reconsidering. Last month, a company representativetestifiedin support of the measure, telling lawmakers the bill stood to become the strongest privacy law in the United States. But at last weeks hearing the Microsoft representative was absent from testimony in support of the bill while a lobbyist for the Internet Association, whosemembersinclude Microsoft, told lawmakers her association now strongly opposes the Washington Privacy Act.
This abrupt turn now puts Big Tech on the same side as many digital privacy advocates, whove long wanted this particular privacy bill scrapped (because, in their opinion, its full of industry-friendly loopholes). These advocates also scoff at the limited private right of action thats recently been added to the measure. They point out it would only allow individuals harmed by privacy violations to seek court injunctions againstfutureprivacy-violating behavior, not punitive damages for the violations that led them to court in the first place.
The newfound agreement that Washingtons privacy bill must be stopped has not, in fact, stopped the bill, which is on its third consecutive year of trying to make its way into law. The measure was voted out of the House Appropriations Committee on April 1 over the protestations of lobbyists on both sides, with all 19 of the committees Democrats voting yes and all 13 of the committees Republicans voting no.
Democrat Drew Hansen, whos responsible for inserting the limited private right of action and other new provisions into the bill, calls his new creation reasonable and touts support for his revisions fromConsumer Reportsand Common Sense Media. But Rep. Hansen also made clear at the April 1 hearing that he expects there is likely to be further refinement of this proposal as it heads toward a vote of the full house sometime in the next two weeks.
A lot continues to hinge on whether this bill fails or succeeds. With only two other statesCalifornia and Virginiahaving passed comprehensive digital privacy laws, Washingtons bill could signal whether Americas debate over digital data will head in a more consumer-friendly direction (like Californias 2018 law) or a more industry-friendly direction (like Virginias 2021 measure).
It could also set up a contrast with a long-stalled federal law proposed by Washington states own U.S. Senator, Maria Cantwell. Her law would give American consumers a private right of action against tech giants that includes the opportunity to win punitive damages. The latest version of another privacy bill from U.S. Rep. Susan DelBene of Washington state does not include a provision for a private right of action.
When it comes to the Washington Privacy Act, groups such as TechNet hope the Washington State Attorney General will be the only person granted a right to sue tech companies for digital privacy violations. Groups such as the ACLU, in contrast, want consumers to have a robust private right of action that allows for class-action suits aiming to make tech giants pay amounts proportionate to their offenses. In addition, these groups argue that calls for enforcement only by the AG ring hollow given that funding in the current bill wouldnt give the AGs office enough resources to meaningfully pursue violations.
Bill Block, of the ACLU, testified that the current bill would only fully fund one attorney in the AGs office and that the bills allocations assume only three AG investigations into digital privacy issues each yearwith none of those investigations proceeding to prosecutions. That is grossly inadequate to address the scope of the problem, Block testified on April 1. Countries in Europe under theGDPRwho have populations less than the state of Washington spend 15 times as much and still find it insufficient.
Jonathan Pincus, a technologist and entrepreneur with Indivisible Plus Washington, urged lawmakers on April 1: Dont give the legislatures endorsement to allowing predatory and exploitative behavior with no real consequences.
A date for a vote of the full house has not yet been set.