Washington Privacy Act

Subscribe to Washington Privacy Act

Keypoint: The Washington Privacy Act is back.

The Washington state legislature will once again consider consumer data privacy legislation when it convenes on January 11, 2021. On January 5, 2021, Senators Reuven Carlyle and Joe Nguyen pre-filed the 2021 version of the Washington Privacy Act (WPA) (Senate Bill 5062). The WPA is scheduled for a public hearing in the Senate Committee on Environment, Energy & Technology on January 14, 2021, which committee is chaired by Senator Carlyle.

In the past two years, versions of the WPA passed the Washington Senate without issue. However, in 2019, the bill failed in the Assembly. In 2020, the Assembly passed an amended version of the bill but the two chambers were unable to reach a compromise. Ultimately, both years, the WPA failed because the two chambers could not reach a compromise on the bill’s enforcement provisions.

The 2021 WPA is divided into four parts. Part 1 concerns the processing of personal data by the private sector. Parts 2 and 3, which are new to the WPA, concern the processing of personal data for public health emergencies, including contact tracing. Those parts were written in response to the COVID-19 pandemic. Part 4 contains miscellaneous provisions such as effective dates.

The below discussion focuses on Parts 1 and 4.


Continue Reading 2021 Washington Privacy Act Released

Keypoint: For the second year in a row, the Washington Privacy Act has failed to become law.

Yesterday afternoon, on the final day of the Washington legislative session, Senator Reuven Carlyle issued a statement announcing the failure of the Senate and House to reach a compromise on the Washington Privacy Act (WPA) (SB 6281). Senator Carlyle’s statement identified one insurmountable obstacle – enforcement.


Continue Reading Washington Privacy Act Fails

Keypoint: With just two days to go before the close of the Washington legislature, a conference committee will try to resolve conflicts between the House and Senate versions of the WPA.

As we previously reported, on Friday, March 6, the Washington House passed an amended version of the Washington Privacy Act (WPA) that included a private right of action. The bill then moved back to the Senate where, on Monday, March 9, the Senate refused to concur in the amendments and asked the House to recede from them. Predictably, the House refused.

However, the House requested that the Senate agree to a conference committee, which request the Senate quickly granted. The House and Senate thereafter appointed three members each to participate in the conference committee.


Continue Reading Washington Privacy Act Update: WPA Moves to Conference Committee

data privacyKeypoint: The Washington House of Representatives passed an amended version of the WPA containing a private right of action.

On Friday, March 6, the Washington House of Representatives passed an amended version of the Washington Privacy Act (WPA) (SB 6281). Among other changes, the House WPA contains a private right of action that would allow state residents to sue data controllers for technical violations of the bill’s provisions. The House WPA now moves back to the Senate for further consideration. Lawmakers have until Thursday, March 12, to resolve the differences between the House and Senate WPA versions.


Continue Reading Washington Privacy Act Update: Amended Bill Passes House

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The WPA version that passed out of the House committee contains a private right of action along with other changes strengthening the WPA’s privacy provisions.

On Friday, February 28, the Washington House Innovation, Technology & Economic Development Committee (ITED) voted to pass a strengthened version of the Washington Privacy Act (WPA) out of committee. As discussed in our prior post, on February 14, the Washington Senate voted overwhelmingly to pass the WPA. Yet, after moving to the House, the WPA encountered substantial resistance from privacy advocates. At a public hearing on February 21, privacy advocates argued against the WPA’s lack of a private right of action, facial recognition provisions, and preemption of local laws, among other things.
Continue Reading Washington Privacy Act Update: Private Right of Action Added in House

As it did last year, the Washington state senate has overwhelmingly passed comprehensive consumer privacy legislation. The legislation, entitled the Washington Privacy Act (WPA), passed the state senate on February 14, 2020, by a vote of 46-1. The legislation will now move to the state house of representatives where it failed last year. A copy

data privacyKeypoint: Washington lawmakers will be filing the 2020 version of the Washington Privacy Act on Monday, January 13, 2020.

Those who follow privacy law will remember that last year Washington state came close to becoming the second state (after California) to enact consumer privacy legislation. That legislation – called the Washington Privacy Act (WPA) – overwhelmingly passed the state senate but failed in the house, in part, based on disagreements as to how the statute would be enforced and its facial recognition provisions. (See our prior post here.) The bill’s proponents; however, vowed to push the legislation again in 2020.

On Friday, January 10, 2020, the Washington Senate Democratic Caucus publicly released the 2020 version of the WPA. The release came in advance of the opening of the Washington legislature on Monday, January 13, 2020. The bill’s sponsors also will be holding a press conference on January 13, 2020, to discuss the bill.

Below is our analysis of the 2020 version of the WPA.


Continue Reading 2020 Washington Privacy Act Released

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law

A surprise legislative storm ripped through Olympia, Washington last week, and the proposed Washington Privacy Act (SB-5376) took the brunt of the damage. The bill sailed through the Democrat-controlled Washington State Senate on a vote of 46-1, but encountered surprise headwinds in the Democrat-controlled State House.  The House failed to vote on the bill before the April 17th deadline for taking action on non-budget legislation.

Continue Reading Washington Privacy Act Runs Aground – a harsh lesson in the risks of excluding stakeholders

data privacyIn our prior blog post, we discussed how the Washington Privacy Act (WPA) had passed the state’s senate and would be taken up by the state’s House of Representatives. On March 22, 2019, the House Innovation, Technology & Economic Development Committee held a public hearing on the legislation. A recording of the almost two-hour