Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization 

On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.”  Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to eliminate perceived loopholes and clarify bill provisions.

This post highlights recurring issues from the public hearing.

Public Hearing Testimony

  • Enforcement: SB 5062 currently extends exclusive enforcement authority to the Attorney General with no private right of action.  Additionally, the bill provides a 30-day right-to-cure provision.
    • Private Right of Action. The Attorney General’s office supported introducing a private right of action.
    • Right to Cure. The Attorney General’s office suggested a sunset date on the right-to-cure.
  • Coverage: Currently, SB 5062 applies to legal entities that conduct business in Washington or produce products or services that are targeted to residents of Washington, and satisfy one or more specified thresholds.
    • Exemptions. The bill implements a delayed effective date for nonprofit corporations, with such entities covered under the act after 5 years.  Participants raised concerns about costs and burdens associated with compliance for public charities.
    • Contact Tracing Information. Participants stated that the bill should not include a provision regulating the processing of “technology-assisted contact tracing information.”  The bill sponsor acknowledged at the outset that inclusion of such regulation would enhance public confidence.  Participants recommended that this provision be removed and passed in separate legislation.
  • Other topics: The bill provides for a number of rights, including opt-out rights for the processing of personal data for enumerated purposes including targeted advertising, the sale of personal data, and profiling.  The bill also regulates a controller’s offering of programs, such as loyalty and rewards programs.
    • Opt-in/Opt-out Rights. Although several participants praised the bill, there was some opposition to the opt-out model contemplated by it.
    • Brand Loyalty Programs. Some participants addressed the inclusion of language regarding brand loyalty programs in SB 5062 and suggested redrafting to support hospitality industry recovery.
    • Defined Terms. Participants stated that the definition of “targeted advertising,” and “consumer,” among other terms, were unworkable or unclear.

Next Steps

SB 5062 is scheduled for consideration during an executive session in the Washington Senate Committee on Environment, Energy & Technology later this month.  Stay tuned for further updates.

A link to track the status of SB 5062 and related documents is available here.

 

Tags: Washington Privacy Act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less