Washington state fails to pass consumer privacy act, again

The bill proposed by Sen. Reuven Carlyle for a second year found passage in both houses, which ultimately failed to agree on the issue of enforcement.
Washington state capitol building
Washington state capitol building (Getty Images)

For the second straight year, the Washington state legislature has failed to approve privacy legislation that would give the state’s residents some of the strongest protections in the country. Although lawmakers in both houses of the state legislature passed versions of state Sen. Reuven Carlyle’s bill to protect consumers’ personal information, they failed to agree on key provisions, particularly whether the law’s enforcement should be left to the state attorney general’s office or individuals.

The Senate version of the legislation would have held Washington State Attorney General Bob Ferguson’s office solely responsible for enforcing violations of the bill, which sought to inform residents of which companies held their data and granted rights for the removal or transfer of that information. But the House version would have given individuals the right to sue companies for violations under the Washington Consumer Protection Act.

But lawmakers were unable to reach a deal before the state’s legislative session ended Thursday.

“Following two historic, near-unanimous votes on proposals in the Senate this year and last, I’m deeply disappointed that we weren’t able to reach consensus with our colleagues in the House,” Carlyle said in a written statement. “The impasse remains a question of enforcement. As a tech entrepreneur who has worked in multiple startup companies, and in the absence of any compelling data suggesting otherwise, I continue to believe that strong attorney general enforcement to identify patterns of abuse among companies and industries is the most responsible policy and a more effective model than the House proposal to allow direct individual legal action against companies.”


Ferguson himself told StateScoop earlier this week that his office could not have enforced the Senate version of the bill.

The issue of data privacy is a growing concern nationally. A handful of other states, including New York, Connecticut, Florida, Hawaii and others, have pursued legislation in recent months that borrows heavily from the landmark privacy acts passed by California and the European Union.

Carlyle’s bill, which he said went further to extend consumer protections than even California’s law, was developed in collaboration with the local technology industry and also included provisions governing the use of facial-recognition systems and targeted advertisements.

“We as individuals have a fundamental right to know how our data is being used,” Carlyle said at a press conference unveiling the legislation. “We have a right to access that data, we have a right to correct that data if it’s inaccurate. We should have a right to delete that data and we should have a right to portability, to transfer that data among providers. And finally, we should have the right to opt out from targeted ads and from the sale of data and from profiling.”

This story was updated to clarify Ferguson’s statement.

Colin Wood

Written by Colin Wood

Colin Wood is the editor in chief of StateScoop and EdScoop. He's reported on government information technology policy for more than a decade, on topics including cybersecurity, IT governance and public safety.

Latest Podcasts