Washington state lawmakers fail to reach agreement on data privacy protections | KNKX

Washington state lawmakers fail to reach agreement on data privacy protections

Apr 22, 2019

What was advertised as the nation’s strongest would-be data privacy law has dissolved in the Washington state Legislature after lawmakers failed to reach a consensus over some key provisions.  

From its inception, the measure was mired in disagreements over whether people actually stood to gain more control over their online information.

Supporters say the benefits would have been on par with strong guidelines that have passed in Europe and California: finding out what data a company has, how they’re using it, asking for it to be deleted, and being able to enforce the request if a company misuses your information.

Privacy advocates, meanwhile, argue the impacts would have actually been far smaller due to exemptions companies could exploit to avoid enforcement.

Now the effort is dead by almost all measures, after it missed a key deadline in the House.

Lawmakers could still revive the proposal if it’s deemed necessary to pass a budget, but they say that would be unlikely given how far apart stakeholders stand on issues such as facial recognition.

Technology companies such as Microsoft and Amazon say that, when wielded properly, facial recognition offers a groundbreaking approach to data collection that would make life easier for consumers while also promoting innovation.

Meanwhile, privacy advocates warn that without guidelines, facial recognition could exacerbate racial disparities in law enforcement given that the technology has been shown to discriminate based on skin color. They also point to China and the policing of its Muslim minority as an example of how bias surveillance could be used to chill free speech.

Businesses that want to use facial recognition for security would have had to put up a sign alerting customers of its use under the Senate measure, which passed the chamber several votes shy of unanimous.

A bipartisan group of lawmakers in the House pushed for stronger guidelines on facial regulation and permissions people would have to give in order for companies to collect their data. They were unable to reach consensus in time for a committee deadline earlier this month.

“Facial recognition offers huge opportunities,” said Rep. Zack Hudgins, D-Tukwila. “But if we regulate it wrong, we can bake bias and discrimination into the law, and we didn’t want to do that.”

Days later, the measure was revived in a severely limited form — an unusual procedural move meant to keep the debate alive. A series of last-minute negotiations were then organized through Gov. Jay Inslee's office.

Many were disturbed by what they saw as a lack of transparency in the resulting meetings: companies such as Amazon, Microsoft and Comcast were invited to help lawmakers draft a compromise, while stakeholders from communities of color and consumer protection groups were excluded.

“There was far greater representation from the businesses who would benefit,” Rep. Norma Smith, R-Whidbey Island, said. “That’s wrong. It’s unjust, and we can do this better.”

The ACLU of Washington signed a letter alongside a handful of consumer privacy groups criticizing lawmakers for vesting too much control in the tech companies that stand to benefit from weak data protections.  

Amazon declined to comment for this story. Comcast and Microsoft did not respond to a request for comment.  

Talks ultimately fizzled without a compromise in sight, and it became apparent that the measure would once again miss another crucial deadline last Wednesday.

Sen. Reuven Carlyle, D-Seattle, said he was disappointed that fellow lawmakers let “perfect be the enemy of the good” when it came to passing data privacy protections.

“Consumers have a fundamental right to a strong voice, and I think it is a failure of us not to take a big step forward,” said Carlyle, who sponsored the measure.

Now, lawmakers say they will resume stakeholder meetings after the legislative session. That includes analyzing data privacy laws in California and the European Union, and deciding how best to strike a balance between consumer privacy and business innovation.