A controversial cybersecurity bill that drew heavy criticism from privacy advocates may have been put on the backburner last week, but some observers fear that the issue may return later in the year.

The Cybersecurity Information Sharing Act (CISA) failed a procedural vote in the Senate, 40 to 56, despite bipartisan support and a heavy push by Republican leaders. It encourages organizations to monitor their networks and share “cyberthreat indicators” — which could include users’ personal data — with the intelligence community.

Sen. Mitch McConnell (R-Ky.) had tried adding CISA as an amendment to the 2016 National Defense Authorization Act (NDAA), which President Obama has vowed to veto over an unrelated budget issue that deals with Afghanistan funding. That move angered many Democrats, including some CISA supporters. Democratic leaders called it “a pure political ploy that does nothing to advance America’s national security.”

But despite its defeat last week McConnell can bring CISA up for a vote again soon, though observers say that likely won’t happen until the fall.

"McConnell can place it on the calendar at any time for another vote, since it's passed out of the Intelligence Committee," said Mark Jaycox of the Electronic Frontier Foundation. "Some people have said that it won't be back until after summer recess. Practically, it's whenever McConnell thinks he has the vote or thinks he has the votes for the bill plus any amendments."

The debate came two weeks after Congress voted to limit the National Security Agency’s ability to hold data on Americans and one week after the Office of Personnel Management announced a massive data breach that CISA’s supporters say underscores the urgency of passing cybersecurity legislation.

“The American people deserve the privacy protections included in this legislation,” Sen. Richard Burr (R-N.C.) said in a statement. “Those entrusted with personal information, from banks to telecommunications companies, know those protections are included and offered their support in an effort to combat the threats against this country.”

Advocates for the legislation said it was necessary in the wake of major data breaches at Sony, Anthem Health Care and a host of other companies. However, critics say it places more personal information in government hands and raises profound concerns over privacy.

The CISA wouldn’t require organizations to give information on cybersecurity threats directly to the federal government. Instead, it would set up a common system for information sharing and grant immunity from privacy laws when organizations make available information that includes their users’ personal data.

For many privacy advocates, the CISA would be a serious blow. According to Jaycox, it could open the door to retributive hacking by government and private companies, allow service providers to perform surveillance on their users and place more personal data on Americans in government hands.

“The bills grant essentially near blanket immunity for companies to monitor information systems, which includes software or computers, as well as immunity for sharing any information … The bill skirts current privacy law and grants blanket immunity to current privacy law as well as current hacking laws,” he said.