<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

Will The Third Time Be The Charm For Washington State’s Data Privacy Law?

photo of Seattle

On September 9, 2020 Washington State Senator Reuven Carlyle  announced on Twitter that an updated draft of the  Washington Privacy Act (“WPA”) had been released for public review and feedback, suggesting that the WPA will be up for consideration in the state’s 2021 legislative session. This will be Washington’s third attempt to pass a comprehensive privacy law (the legislature twice failed to pass similar legislation in the prior two years). 


Third time’s a charm?

This version of the WPA draft bill is similar in nature to the second attempt, which failed earlier in 2020. In addition to the draft bill, the Washington legislature has posted a summary of the bill’s provisions, and companies should take note of the following potential implications, should the bill be passed:

  • In light of COVID-19, the bill introduces specific protections for the handling of personal data collected from consumers in Washington during public health emergencies. These protections include notice and affirmative consent requirements for activities such as contact tracing
  • The draft bill introduces a private right of action that applies to Part 3 of the WPA, which is the section covering the rights and protections to be granted by the public sector during public health emergencies. Note that the second version of the WPA failed in large part due to squabbling over whether to include a private right of action, so this narrow provision may be an attempt to compromise
  • Consumers will be granted rights regarding their personal data that are similar to those enumerated in  Europe’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). Among these are rights to correction, deletion, and opt-out of certain personal data processing
  • The WPA defines the “sale” of personal data as the exchange of such data to a third party for valuable consideration, which is generally consistent with how “sales” are defined under the CCPA. However, the WPA and CCPA include different exceptions to the general definition of “sales,” which may result different outcomes on how “sales” would be handled under each of the two laws


Do I Have To Do Anything Now?

Not yet. The Washington State Legislature convenes next on January 11, 2021, at which time the WPA will be debated and either be passed or fail for a third time. Should the bill be passed, companies within WPA’s scope will need to update their compliance protocols to mitigate their risk of noncompliance.


How Can Clym Help?

Clym provides a cost-effective, scalable and flexible platform to help comply with CCPA, GDPR, and other laws as they continue to change. If and when Washington passes this data privacy law, we’ll be ready to help your company get compliant.  Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.