Washington was close to becoming the next state with a comprehensive privacy law designed to enhance consumers’ privacy rights, but the bill recently failed to pass the state House of Representatives.
The Washington Privacy Act (SB 5376) was introduced in the Washington State Senate in January after California enacted the landmark Consumer Privacy Act (“CCPA”) and the implementation of the European Union’s General Data Protection Regulation (“GDPR”). The Washington bill more closely relied on the GDPR by developing tools designed to protect how personal information is used and shared. Washington residents would have had the right to access personal data that companies have about them and to correct and/or delete such data.
Certain privacy advocates opposed the bill, stating that the Senate bill “fails to give consumers any meaningful control of their data despite being termed a data privacy bill that melds GDPR and CCPA principles.” But in March 2019, the State Senate almost unanimously approved the Act.
The bill then moved to the House of Representatives, where it was stalled. The House version contained significant deviations from the Senate version, including providing for a private right of action and expanding the definition of a “covered entity.” The House failed to approve the bill by April 17, the last day of the legislative session that lawmakers were allowed to consider non-budget related matters.
Representatives are now looking forward to 2020 to renew the legislation. We will continue to monitor the progression of the Washington Privacy Act and other related data privacy state statutes.