Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature Posted on April 17, 2019
The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) and is expressly modeled around the European General Data Privacy Regulation (GDPR) that went into effect last May. Despite borrowing heavily from these current regimes, the Washington Act is adding its own twists on privacy standards.
Washington residents would have the right to request that a company delete personal data maintained about them under a test that draws directly from the GDPR. Washington’s law defines “consumers” as natural persons who are Washington residents like California, but narrows that definition to include only people acting outside of the commercial and employment context. This exclusion for “commercial” activities is new in Washington, and it is not clear yet how this will be interpreted. Washington’s law would apply to companies that process personal data of over 100,000 Washington residents.
As proposed, the Washington law provides no private right of action, and leaves enforcement to the state Attorney General. The Washington Privacy Act will likely see many changes before its proposed effective date of July 31, 2021. But it is not the only state moving forward with such a comprehensive scheme. Other state legislatures like New York are working on sweeping legislation to address companies’ privacy practices.
PUTTING IT INTO PRACTICE: This bill seems to be gaining traction and suggests that California may not be the only state with a new privacy regime in 2020.
FTC Looks Back at 2018
Posted on April 10, 2019
As we enter into the second quarter of the year, the FTC has released its annual report on privacy and data security, and the steps it took in those areas over the course of 2018. The report includes summaries of its actions against companies for alleged violations of the FTC Act, CAN-SPAM, and COPPA, among others. The total cases brought by the FTC in the privacy area by the end of 2018 numbered 75 (with an additional 130 spam and spyware cases), and 65 in the data security and identity theft realm.
In its release summarizing the report, the FTC highlighted some of its key cases, and also its work in issuing reports on privacy and data security and holding events on these topics. Reports included security updates by mobile phone manufacturers, and hearings on big data, artificial intelligence, and predictive analytics.
PUTTING IT INTO PRACTICE: This report demonstrates the FTC’s active role in enforcing privacy and data security, something that it is continuing in 2019.
     15 Eye on Privacy 2019 Year in Review