data privacyKeypoint: The Washington House of Representatives passed an amended version of the WPA containing a private right of action.

On Friday, March 6, the Washington House of Representatives passed an amended version of the Washington Privacy Act (WPA) (SB 6281). Among other changes, the House WPA contains a private right of action that would allow state residents to sue data controllers for technical violations of the bill’s provisions. The House WPA now moves back to the Senate for further consideration. Lawmakers have until Thursday, March 12, to resolve the differences between the House and Senate WPA versions.

Background

As discussed in our prior post, the WPA passed the state Senate almost unanimously on February 14. The WPA then moved to the House, where the House Innovation, Technology & Economic Development (ITED) Committee passed an amended version on February 28.

The ITED Committee’s most significant amendment was the addition of a private right of action. The ITED Committee also passed amendments to the WPA’s facial recognition provisions. (A discussion of all of the amendments is available here.) During the last two legislative sessions, these two provisions – enforcement and facial recognition – have been the primary obstacles to passage of the WPA and may once again result in the defeat of the bill.

Amendments & Passage in the House

On March 6, the House passed a further amended version of the ITED Committee’s WPA. The vote of 56 to 41 (with one abstention) was not along strict party lines; however, Democrat lawmakers represented most of the support with only a handful of lawmakers having crossed party lines. This stands in stark contrast to the bipartisan bill passed in the Senate earlier this year.

While on the House floor, lawmakers offered numerous amendments, most of which were not adopted.

However, one amendment that was adopted struck all of the facial recognition provisions from the House bill. That amendment occurred shortly after the House separately passed Senate Bill 6280, which also deals with the use of facial recognition technology. As with the WPA, because different versions of Senate Bill 6280 have now passed both chambers, they would need to be reconciled to pass. The Senate, however, quickly reacted by refusing to concur in the House amendments and asking the House to recede them.

The House also adopted two other amendments to the WPA. First, it adopted an amendment specifying that photographs or other visual depictions of a person cannot be considered “pseudonymous data.” Second, it tweaked the definition of “deidentified data.”

What Happens Next?

While we are by no means experts in the Washington state legislative process, the Washington Legislative Support Services has produced a great tutorial on this process.

The amended WPA will go back to the Senate for further consideration. The Senate can (i) pass or reject the WPA as amended, (ii) ask the House to recede its amendments, or (iii) request a conference committee. The conference committee process would involve members of both chambers meeting to try to resolve the differences between the WPA as amended by the House and the version originally passed by the Senate. If the conference committee reached a compromise, both chambers would have to adopt the conference committee report for the WPA to pass.

If the WPA passes the legislature, it goes to the Governor. The Governor would then have 20 days to either sign the bill, veto it, or veto specific sections. The Governor could also do nothing, in which event, the bill would become law.

Whether the Senate and House can reach a compromise, of course, remains uncertain. Bloomberg Law recently reported that Senator Reuven Carlyle, who introduced and championed the bill in the Senate, suggested that a compromise position could be to allow for the private right of action but with a higher legal threshold.

What is certain is that we will know the fate of the WPA soon as the legislature closes on Thursday, March 12. Interested readers should click here to stay up-to-date on all of the developments.

Print:
EmailTweetLikeLinkedIn
Photo of David Stauss David Stauss

David is leader of Husch Blackwell’s national privacy and cybersecurity practice group. He routinely counsels clients on responding to data breaches, complying with privacy laws such as GDPR and the California Consumer Privacy Act, and complying with information security statutes. He also…

David is leader of Husch Blackwell’s national privacy and cybersecurity practice group. He routinely counsels clients on responding to data breaches, complying with privacy laws such as GDPR and the California Consumer Privacy Act, and complying with information security statutes. He also represents clients in data security-related litigation. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Photo of Malia Rogers Malia Rogers

Clients of all sizes – from innovative startups to Fortune 500 corporations – value Malia’s counsel on a broad range of privacy and cybersecurity issues, including incident response in times of emergency. She advises clients on privacy compliance planning, which encompasses cybersecurity measures…

Clients of all sizes – from innovative startups to Fortune 500 corporations – value Malia’s counsel on a broad range of privacy and cybersecurity issues, including incident response in times of emergency. She advises clients on privacy compliance planning, which encompasses cybersecurity measures as well as drafting breach response and action plans.

Photo of Megan Herr Megan Herr

Whether clients are forming, growing or governing businesses, Megan assists in the corporate deals and transactions necessary to move forward. A corporate attorney, Megan focuses her practice on helping clients of all sizes – from emerging startups to international corporations – establish, grow…

Whether clients are forming, growing or governing businesses, Megan assists in the corporate deals and transactions necessary to move forward. A corporate attorney, Megan focuses her practice on helping clients of all sizes – from emerging startups to international corporations – establish, grow and protect business.