Most recent update: January 29
SB 5062's official title is Concerning the management, oversight, and use of data. It's generally referred to as the "Washington Privacy Act," but as Jennifer Lee of ACLU of Washington said in her testimony at the January 14 hearing, it gives the illusion of privacy. Susan Grant of Consumer Federation of America was equally blunt, citing "loopholes and definitional problems that essentially neuter the protections the bill is supposed to provide."
The People's Privacy Act, an altenative to SB 5062, protects people, not corporation. SB 5062 protects corporations, not people. So I call it the "Bad Washington Privacy Act" just to make clear what I think of it.
At SB 5062's hearing in the Senate Environment Energy and Technology (EET) committee, quite a few people other people (including me) opposed it. For example
- Brianna Auffrey of CAIR Washington (pictured in the image above) discussed how SB 5062's continued unconsented data collection and sale puts Muslim and immigrant communities at serious risk of harm.
- Steph Hager, a former Microsoft employee and a parent, and Cheri Kesiecker of Parent Coalition on Student Privacy focused on how SB 5062 wouldn't protect students, who often have no choice about sharing their data.
- Emilie St-Pierre of Future Ada's talked about how SB 5062 won't help people who are victims of the crimes of online harassment, identify theft, and stalking.
- Independent security expert Cynthia Spiess highlighted how SB 5062's opt-out approach harms people with accessibility challenges or limited English skills.
- I talked about loopholes, including Section 102 (2) clauses a b c d e f g h i j k l m, which exempt government agencies, student data, data collected for job applications, financial data, and a whole lot more.
But SB 5062 has a lot of support from tech companies and others who make money exploiting users data. The Washington Technology Industry Association talked about the "strong privacy protections" in the bill. The CEO of a Seattle online gaming company lauded its "very strong privacy protections for consumers." Microsoft described it as "the strongest privacy protections in the US." The Washington Hospitality Association, Washington Retail, Internet Assocation, and Association of Washington Businesses were also largely positive, although asked for it to be weakened further.
Since EET Chair Sen. Reuven Carlyle is the Bad Washigton Privacy Act's primary sponsor, and many EET members are co-sponsors, the bill will probably move ahead. In 2019 and 2020, the Senate passed weak, corporate-friendly bills sponsored by Sen. Carlyle. The House listened to privacy advocates and community groups, and passed a significantly stronger version to protect consumers. Negotiations between the chambers collapsed, leaving Washingtonians' privacy unprotected. Hopefully things wil work out better this year. We shall see.
For more on the Bad Washington Privacy Act, check out the video of last week's hearing and my live-tweeting. If you only have a few minutes, start watching at 59:50 for Brianna Coffrey's testimony, followed by the amazing back-to-back trio of Emilie St-Pierre, Cynthia Spiess, and Susan Grant wrapping up the session. The whole video is worth watching if you have the time. The contrast between the bill's supporters repeatedly talking about the "strong protection" it offers and the bill's critics discussing it's shortcomings is ... stark.
The Senate Bill Report on SB 5062 includes background, detailed description of the bill, and succinct summary of the PRO, CON, and OTHER points from the first hearing. The bill itself is 44 pages long; the initial draft is available here.
Update, January 29:
- the EET Committee issued a "do pass" recommendation in an executive hearing on January 21. Joseph O'Sullivan's European-style data privacy bill returns, as Washington state lawmakers ponder new regulations in the Seattle Times has a good overview. There's also some discussion in A good hearing on Automated Decision Systems, a bad privacy bill advances.
- The illusion of protection and the Bad Washington Privacy Act looks at some of the problems with SB 5062 in more detail.
- Meanwhile, the People's Privacy Act has been introduced in the House! Introducing the People’s Privacy Act: Real Privacy Protections for Everyone, on ACLU of Washington's site, has more.
Originally published as part of The stakes are high: Washington state privacy, facial recognition, and automated decision making legislation 2021, but I realized it should be a separate post.