ACLU Fears ‘Zombie’ After Washington State Privacy Bill Declared ‘Dead for Now'
Washington state legislators failed to agree on a privacy bill, House sponsor Rep. Zack Hudgins (D) said Tuesday. Legislators seemed to run out of time to move the much-debated measure after the House Appropriations Committee didn’t act Monday on SB-5376 “after 12 hours of work on a large agenda,” Hudgins said in an email update. "In legislative language, we would describe the bill as 'dead for now.'"
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Senate sponsor Sen. Reuven Carlyle (D) disagreed the matter is settled. An American Civil Liberties Union official who opposes the bill said he's not ready to declare victory. Meanwhile, a California bill proposing changes to the California Consumer Privacy Act (CCPA) was set to have appeared later Tuesday at a Senate Judiciary Committee hearing.
Carlyle sees a "pathway forward" through "fierce negotiations," the senator told us Tuesday. The bill is "getting a bit beat up in the grinding of the sausage-making process" but can still "make its way out the other end," he said.
The Washington privacy bill ran up against a legislative deadline to get to the Rules Committee for further consideration, but the Appropriations panel doesn’t have another hearing planned on the bill that passed the Senate but was heavily amended in the House, said Hudgins, chairman of the House Innovation, Technology and Economic Development Committee: “For those opposed to the bill …. this may be good news.”
Hudgins allowed a slim chance for revival. Appropriations could call another meeting or House leadership could “act and move the bill to the next step,” though that would require bipartisan agreement, he said. The committee referred us to its website, which showed no meetings.
“It is obviously a difficult policy to find a balance, especially with so many changes and the importance of each word change,” Hudgins said. Privacy advocates raised concerns about the bill that they said gave too much power to corporations. Microsoft and other tech companies supported the version that passed the Senate but bristled at some House changes (see 1902280050). The bill narrowly passed the Hudgins committee last week after House lawmakers adopted edits (see 1904030035).
“Things can be revived,” warned ACLU-Washington Technology and Liberty Project Director Shankar Narayan. “We call them zombie bills.” While not common for legislative leaders to bring bills back from the dead, it sometimes happens for bills like this that carry big political stakes and where there has been much lobbying, he said. The session doesn’t end until April 28, and a possible special session to finish the budget is another chance, he said.
Opposition from both sides may have overwhelmed Washington legislators, Narayan said. ACLU thought the Hudgins committee made “small steps in the right direction” to improve the bill after it passed the Senate but “didn’t fix the fundamental flaws” presuming businesses know better than the consumer, nor did it change language that would bless facial surveillance without adequate protections, he said. Microsoft and other supporters of the Senate-passed bills didn’t like House amendments they claimed presented compliance challenges, Narayan said. The company and the Internet Association didn’t comment now.
“Great news if true” the bill is dead, said Consumers Union Director-Privacy and Technology Policy Justin Brookman. Washington’s bill was “much weaker” than the EU general data protection regulation or CCPA, letting “companies engage in convoluted risk assessments to decide whether their own interests outweighed your privacy risks,” he emailed. “It was entirely up to the companies to decide whether they wanted to honor consumer demands to restrict secondary data collection, usage, or sharing. This put way too much power in the hands of companies, and would have set a terrible precedent for other jurisdictions considering enacting their own privacy laws.”