Washington’s Privacy Act among flurry of state privacy bills

By Ginger Armbruster, Chief Privacy Officer

Today is International Data Privacy Day, a holiday meant to raise awareness and promote privacy and data protection best practices. To mark the occasion, Seattle Information Technology’s Privacy Office offers an overview of a few proposed privacy laws in the state of Washington that could impact us in Seattle. 

In addition to reintroduced federal legislation (State Sen. Maria
Cantwell’s Consumer
Online Privacy Rights Act -COPRA
was reintroduced late last year), state
lawmakers are considering several privacy bills. It will be very interesting to
see what comes of them. Here’s a recap of a few of the privacy-related bills
lawmakers are considering this session:

The Washington
Privacy Act (WPA – SB 6281)
seeks to offer similar consumer data
protections to the California Consumer Protection Act (CCPA) that went into
effect on Jan. 1, 2020. The law would require companies to provide information
about how data is collected and used, and give consumers the ability to correct
inaccurate information and delete data under specific circumstances. The law
would apply to businesses that control or process personal data of 100,000 consumers
or more. Businesses that collect more than 50 percent of their revenue from the
sale of personal data and process or control personal data of more than 25,000 consumers
are also subject to the regulations.

The Use
of Facial Recognition Services Bill (SB 6280)
would put stringent
limitations on use, public comment, periodic testing and extensive reporting
for any government agency seeking to use facial technology. This law would have
implications for use beyond police investigation from mobile device
authentication to a variety of smart city sensor technologies.

The Remedies
for Misuse of Biometric Data Bill (HB 2363)
establishes as a fundamental
human right, the personal ownership of biometric identifying data such as
fingerprints and other markers and requires a task force made up of primarily
civil libertarians and privacy advocates to present findings and
recommendations to relevant legislative committees about legal remedies for
data misuse violations. Passage of this may set precedent for governance of
sensitive personal data in the future.

Since the state’s legislative session opened two weeks ago, lawmakers have brought a renewed focus on consumer privacy through the introduction of 10 privacy-related bills across the House and Senate. The Privacy Office is closely tracking the bills.