For the second year in a row, the Washington Privacy Act (WPA) failed to pass this March. This act would have provided Washington residents with the right to access, correct, or delete their personal data, as well as the right to data portability and to opt-out of certain forms of data processing, such as targeted advertising. Moreover, data controllers would have had several obligations, including, among others, the need to provide privacy notices, adhere to purpose specification and data minimization, and implement administrative, physical, and technical security measures.
Why Did the Washington Privacy Act Fail?
Lawmakers couldn’t agree on who would enforce the WPA. The Senate version of the law would have given sole enforcement authority to the state Attorney General. In the next legislative phase, the House made some key amendments, including giving consumers the ability to enforce the violations of the WPA in court through a private right of action.
Senate lawmakers took issue with the private right of action. Specifically, they were concerned that a private right of action would lead to numerous class-action lawsuits and “gotcha lawsuits.” As a result, the WPA failed to pass.
What Did Pass?
The Washington State Legislature did pass SB 6280 to regulate the use of facial recognition services by state and local government agencies. The bill aims to ensure that government agencies will use facial recognition services in a way that benefits society and to prohibit uses that threaten democratic freedoms and undermine civil liberties. In particular, it requires a government agency to file a notice of intent to use a facial recognition service and to provide an “accountability report” subject to public review, as well as to train those who will use the service, to test the service for accuracy, and to allow meaningful human review for decisions made by a service that produces legal effects for an individual, among other requirements. The law also establishes a facial recognition task force composed of representatives from various segments of society, such as government, law enforcement, businesses that create such technology, and consumer protection organizations. The task force will provide recommendations concerning potential abuses and threats posed by facial recognition technologies, while also addressing how to promote the technology so that everyone can utilize its benefits.
To learn how OneTrust can take your privacy program to the next level, request a demo today.