The Washington State Legislature Senate Environment, Energy & Technology Committee held a public hearing on a new version of the Washington Privacy Act Wednesday. It was the first public hearing of 2020 for Senate Bill 6281, after a previous version of the proposal failed to pass in both the state's House and Senate last year.
More than 20 representatives of the technology, retail, land title, banking and public safety industries, as well as consumer advocates, testified. Some said the proposed legislation could and should serve as a national model, while others raised concerns regarding the bill's granting exclusive enforcement authority to the Washington attorney general, a lack of private right of action for consumers and the preemption of local laws. Several speakers also argued against regulations on commercial uses of facial recognition within the proposed legislation.
“The federal government is unlikely to meaningfully address data privacy anytime soon, and we also believe the (California Consumer Privacy Act) is inadequate to serve as a model for the nation,” Washington Technology Industry Association CEO Michael Schutzler said. “Further, we believe that if Washington state does not act, the CCPA will become the national de facto standard, causing harm to the job and economic engine that helps power our state (gross domestic product).”
WaPA would give Washington residents the right to access, correct or delete data collected on them by commercial entities, as well as the right to opt out of certain forms of data processing. The bill’s sponsor, State Sen. Reuven Carlyle, D-Wash., said in this newest version of the bill that “rights of the consumer are very clear, very direct.” The “policy goal,” he said, is “to take the best of the two global standards” — the EU General Data Protection Regulation and CCPA — and “customize it to Washington state in a responsible way.”
If passed, the legislation would go into effect July 31, 2021.
TechNet Washington and Northwest Executive Director Samantha Kersul and Microsoft Senior Director of Public Policy Ryan Harkins voiced support for the consumer protections within the proposed legislation and said it is significantly improved over last year's language. The proposal builds upon the GDPR and CCPA, Harkins said, and would “empower Washington consumers to take control over their data by providing them with rights that largely don’t exist in law today.”
University of Washington School of Law student Cameron Cantrell and American Civil Liberties Union of Washington Technology & Liberty Project Advocate Jennifer Lee opposed the proposed regulations on commercial uses of facial recognition. Lee said the proposal does not contain “meaningful restrictions” of what she described as “racially biased and inaccurate” technology. The ACLU, she said, suggests a moratorium on facial-recognition technology until a “community-driven conversation” is held on its potential use.
Both Lee and Washington University School of Law student and researcher Jevan Hutson said they oppose the lack of a private right of action for consumers, adding the legislation would preempt local jurisdictions from passing stronger data privacy and facial recognition laws. As cities across the U.S. move toward “bans, moratoriums or other stringent limitations” on facial-recognition technology, Hutson said cities in Washington should be empowered “to pursue additional safeguards.” And the proposal’s lack of a private right of action “puts the bill out of lock step with a variety of consumer privacy advocates as well as congressional democrats,” he said, arguing a mechanism for consumers to address noncompliance should be added or the legislation should devote “significantly more resources” to the attorney general’s office.
Consumer Protection Division Assistant Attorney General Andrea Alegrett called for a private right of action to be included in the bill alongside enforcement. Consumers should have a way to enforce their rights, she said, without having to rely on other entities, and the attorney general's office reviews whether a company is engaging in practices that violate the law, rather than representing individuals. “Without the private right of action, it becomes even more imperative that we have clear statutory language that helps enforce against bad actors and bad practices in this area,” she said.
The Association of Washington Business opposes a private right of action, Government Affairs Director Robert Battles said, understanding this will mean additional costs to support enforcement by the attorney general. Consumer Reports' Justin Brookman said strong enforcement will be needed and the attorney general will need the proper resources to make it happen. He cited companies “doggedly” resisting regulation under the GDPR and CCPA.
Representatives of the Washington land title and hospitality industries urged the committee to amend language on business entities that would be required to comply with the legislation. The current proposal applies to entities that control or process data of at least 100,000 consumers, which Washington Hospitality Association Director of State Government Affairs Julia Gorton said could impact many small businesses in the industry. Bill Ronhaar of the Washington Land Title Association agreed, saying it could present an “unduly complicated or burdensome” impact and suggesting a time limitation of one calendar year.
The committee is next scheduled to discuss SB 6281 in an executive session Jan. 23.
Approved
Comments
If you want to comment on this post, you need to login.