We have signed on to two letters urging Washington legislators to reject the Protecting Consumer Data Act, as it is far too weak to adequately safeguard Washingtonian’s private information.
While people around the country are demanding stronger privacy protections—such as those in Europe’s General Data Protection Regulation and California’s Consumer Privacy Act—Washington’s Protecting Consumer Data Act would instead entrench paper thin protections based largely upon assessments and voluntary decisions made by the very companies the law is seeking to regulate.
Our objections to this Act (full letter of opposition) are primarily based on the fact that:
- many of the provisions are based upon assessments of risk and compelling business reasons to collect information in the face of that risk—compelling business reason is left undefined, and it is left up to the company to decide whether or not a practice is risky—rendering protections essentially voluntary
- a focus on risk ignores the incentive of businesses to underplay risk and overstate the potential wealth in data troves
- the bill lacks strong enforcement mechanisms, lacking the funding mechanisms included in the California Consumer Privacy Act, and also providing businesses a right to cure which would prevent the Attorney General from taking enforcement action if the company, after being notified, complies with the law within 30 days
- amendments made to the bill on February 14th further weaken the bill, by narrowing the scope of personal information and broadening the exemptions for the use of data for advertising purposes
The Washington Protecting Consumer Data Act is bad policy and should be rejected. We are proud to stand for strong privacy protections alongside other eminent consumer protection organizations like Consumer Reports, Common Sense Media and Electronic Frontier Foundation. If you live in Washington, call your legislators and urge them reject these inadequate protections.