Washington State Fails to Advance Game-Changing Privacy Law

As the home to tech behemoths Amazon and Microsoft, the people of Washington understand better than most the current issues with emerging technologies and the need for online privacy protections. Though privacy is a constitutional right in Washington state, consumers currently don’t have the tools to exercise it. That’s why Washingtonians and privacy advocates in Olympia were so hopeful about the promise of the Washington Privacy Act, a bill that could have fixed that and provided Washingtonians with some of the best digital rights protections in the United States.

Unfortunately, efforts to pass the bill failed as tech industry lobbyists fought against the measure at the 11th hour. Consumers have made it clear that they want control over the tracking and sale of their data — especially as behavioral advertising has become increasingly invasive. Consumer behavior is tracked relentlessly, from within apps, to location data, and even search history and search terms. Recent research from Consumer Reports revealed that health-related apps such as period trackers share information not only about how often you menstruate, but whether you’re trying to have a baby, and even how often you have sex. That information could find its way to third parties, and could be further sold or otherwise disseminated in ways that could mean getting charged more for life insurance or even face job discrimination.

The Washington Privacy Act would have guaranteed consumers the right to access, correct, delete and stop the sale of their personal information — and extended security protections over that data as well. Companies would have been required to get your permission before collecting and sharing particularly sensitive information, such as biometric or genetic data, geolocation information, and information on your physical or mental health.

The bill was certainly not perfect — it relied on consumers to exercise opt-out rights and did little to limit first-party data collection and use. Additionally, there is still work that needs to be done to prevent companies from exploiting loopholes in the law. Take California for example: Even though policymakers passed the historic California Consumer Privacy Act that helped advance the digital rights of Californians, the response from companies has been truly disappointing, and work remains to ensure they are complying with the spirit of the law.

State regulators across the country should also reference the playbook companies deployed after Europe’s General Data Protection Regulation went into effect. Because the new rule in California lacked meaningful enforcement, companies operating in Europe have successfully avoided compliance, and regulators have struggled to hold them accountable.

Lawmakers in Olympia should continue to work to address the shortcomings with the bill and create a more effective one in 2021. New York and other states looking to pass a privacy bill this year can learn from the experiences of their colleagues in Washington, California and Nevada, and craft clear, thoughtful privacy legislation, with appropriate enforcement provisions, that meaningfully reins in abusive data practices. In the absence of a federal privacy law, the states have a critical void to fill to ensure that Americans receive the privacy protections they deserve.

Maureen Mahoney is a policy analyst focused on consumer tech and privacy at Consumer Reports.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult