Find Posts By Topic

Washington’s Privacy Act among flurry of state privacy bills

By Ginger Armbruster, Chief Privacy Officer

Today is International Data Privacy Day, a holiday meant to raise awareness and promote privacy and data protection best practices. To mark the occasion, Seattle Information Technology’s Privacy Office offers an overview of a few proposed privacy laws in the state of Washington that could impact us in Seattle. 

In addition to reintroduced federal legislation (State Sen. Maria Cantwell’s Consumer Online Privacy Rights Act -COPRA was reintroduced late last year), state lawmakers are considering several privacy bills. It will be very interesting to see what comes of them. Here’s a recap of a few of the privacy-related bills lawmakers are considering this session:

The Washington Privacy Act (WPA – SB 6281) seeks to offer similar consumer data protections to the California Consumer Protection Act (CCPA) that went into effect on Jan. 1, 2020. The law would require companies to provide information about how data is collected and used, and give consumers the ability to correct inaccurate information and delete data under specific circumstances. The law would apply to businesses that control or process personal data of 100,000 consumers or more. Businesses that collect more than 50 percent of their revenue from the sale of personal data and process or control personal data of more than 25,000 consumers are also subject to the regulations.

The Use of Facial Recognition Services Bill (SB 6280) would put stringent limitations on use, public comment, periodic testing and extensive reporting for any government agency seeking to use facial technology. This law would have implications for use beyond police investigation from mobile device authentication to a variety of smart city sensor technologies.

The Remedies for Misuse of Biometric Data Bill (HB 2363) establishes as a fundamental human right, the personal ownership of biometric identifying data such as fingerprints and other markers and requires a task force made up of primarily civil libertarians and privacy advocates to present findings and recommendations to relevant legislative committees about legal remedies for data misuse violations. Passage of this may set precedent for governance of sensitive personal data in the future.

Since the state’s legislative session opened two weeks ago, lawmakers have brought a renewed focus on consumer privacy through the introduction of 10 privacy-related bills across the House and Senate. The Privacy Office is closely tracking the bills.