For the second year in a row, data privacy legislation has failed in Washington state.

SB 6281, the Washington Privacy Act, would have given Washington residents the right to access, correct or delete data collected on them by commercial entities, as well as the right to opt out of certain forms of data processing. But on Thursday, lawmakers failed to reconcile differences around enforcement, VentureBeat reports.

A version of the bill that passed through the Senate with a 46-1 vote in February would have granted enforcement authority to the state attorney general. The House made several amendments, including giving consumers the ability to enforce the law in court through a private right of action, passing its version in March with a 56-41 vote.

“Following two historic, near-unanimous votes on proposals in the Senate this year and last, I’m deeply disappointed that we weren’t able to reach consensus with our colleagues in the House,” sponsor Sen. Reuven Carlyle, D-Wash., said in a statement, adding he continues to believe strong attorney general enforcement is “the most responsible policy and a more effective model than the House proposal to allow direct individual legal action against companies.”

Carlyle cosponsored a version of the bill last year that also failed to pass in both the House and Senate.   

“In today’s era, consumer data privacy is the soul of economic, social and consumer value, and it goes to the core of our treasured constitutional rights and interests,” Carlyle said. “With the federal government’s inability to move forward, state-level action is more important than ever, and I’ve long believed that Washington is the right place and this is the right time to craft comprehensive state-level legislation.”

In hearings before the Senate Environment, Energy and Technology Committee and the House Innovation, Technology and Economic Development Committee earlier this year, consumer advocates called for a private right of action, which Consumer Protection Division Assistant Attorney General Andrea Alegrett said her office also supported. “We firmly believe that when consumers are given affirmative rights, they are entitled to exercise those rights without having to rely on another entity to do so. Absent a private right of action there will be violation of consumers’ privacy that go unaddressed,” Alegrett testified before the House committee.

But in an op-ed for The Seattle Times, Hintze Law Partner Mike Hintze, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, argued a private right of action would lead to “gotcha lawsuits.” The Seattle Times editorial board agreed saying it would allow private parties to enforce the law, “potentially creating a flood of litigation.”  

In response to WaPA’s failure Thursday, Rep. Norma Smith, R-Clinton, the ranking Republican on the House Innovation, Technology and Economic Development Committee, said the Senate’s version of the bill “purported to be comprehensive consumer data privacy,” but was “corporate-centric.” The amendments passed by the House “provided a framework on which we could build meaningful data privacy for Washingtonians,” she said. “Unfortunately, the Senate wanted both big loopholes and weak enforcement … We can — and must — do better.”

By continuing to work with consumers and industry representatives, Smith said she believes “a better bill can be brought forward in 2021 that will truly empower consumers in a big data economy.”  

The House and Senate did pass SB 6280, which creates regulations for public and private use of facial-recognition technology. VentureBeat reports the bill requires facial recognition training and bias testing, mandates local and state government agencies disclose use of the technology, and creates a task force to consider recommendations and discrimination against vulnerable communities.

Photo by chuttersnap on Unsplash