Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization 

On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.”  Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to eliminate perceived loopholes and clarify bill provisions.

This post highlights recurring issues from the public hearing.

Public Hearing Testimony

  • Enforcement: SB 5062 currently extends exclusive enforcement authority to the Attorney General with no private right of action.  Additionally, the bill provides a 30-day right-to-cure provision.
    • Private Right of Action. The Attorney General’s office supported introducing a private right of action.
    • Right to Cure. The Attorney General’s office suggested a sunset date on the right-to-cure.
  • Coverage: Currently, SB 5062 applies to legal entities that conduct business in Washington or produce products or services that are targeted to residents of Washington, and satisfy one or more specified thresholds.
    • Exemptions. The bill implements a delayed effective date for nonprofit corporations, with such entities covered under the act after 5 years.  Participants raised concerns about costs and burdens associated with compliance for public charities.
    • Contact Tracing Information. Participants stated that the bill should not include a provision regulating the processing of “technology-assisted contact tracing information.”  The bill sponsor acknowledged at the outset that inclusion of such regulation would enhance public confidence.  Participants recommended that this provision be removed and passed in separate legislation.
  • Other topics: The bill provides for a number of rights, including opt-out rights for the processing of personal data for enumerated purposes including targeted advertising, the sale of personal data, and profiling.  The bill also regulates a controller’s offering of programs, such as loyalty and rewards programs.
    • Opt-in/Opt-out Rights. Although several participants praised the bill, there was some opposition to the opt-out model contemplated by it.
    • Brand Loyalty Programs. Some participants addressed the inclusion of language regarding brand loyalty programs in SB 5062 and suggested redrafting to support hospitality industry recovery.
    • Defined Terms. Participants stated that the definition of “targeted advertising,” and “consumer,” among other terms, were unworkable or unclear.

Next Steps

SB 5062 is scheduled for consideration during an executive session in the Washington Senate Committee on Environment, Energy & Technology later this month.  Stay tuned for further updates.

A link to track the status of SB 5062 and related documents is available here.

 

Print:
EmailTweetLikeLinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.