August 25, 2019

August 23, 2019

Subscribe to Latest Legal News and Analysis

Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) and is expressly modeledaround the European General Data Privacy Regulation (GDPR) that went into effect last May. Despite borrowing heavily from these current regimes, the Washington Act is adding its own twists on privacy standards.

Washington residents would have the right to request that a company delete personal data maintained about them under a test that draws directly from the GDPR. Washington’s law defines “consumers” as natural persons who are Washington residents like California, but narrows that definition to include only people acting outside of the commercial and employment context. This exclusion for “commercial” activities is new in Washington, and it is not clear yet how this will be interpreted. Washington’s law would apply to companies that process personal data of over 100,000 Washington residents.

As proposed, the Washington law provides no private right of action, and leaves enforcement to the state Attorney General. The Washington Privacy Act will likely see many changes before its proposed effective date of July 31, 2021. But it is not the only state moving forward with such a comprehensive scheme. Other state legislatures like New York are working on sweeping legislation to address companies’ privacy practices.

Putting it Into Practice: This bill seems to be gaining traction and suggests that California may not be the only state with a new privacy regime in 2020.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Alyssa Shauer, Sheppard Mullin Law Firm, Century City, Cybersecurity and Litigation Attorney

Alyssa M. Shauer is an associate in the Business Trial Practice Group in the firm's Century City office. Ms. Shauer is a Certified Information Privacy Professional (CIPP/US) and a member of Sheppard Mullin’s Privacy Team.

Prior to joining Sheppard Mullin, Ms. Shauer externed in the chambers of the Honorable Margaret M. Morrow, Central District of California. She served as a Managing Editor of the UCLA Law Review and as Vice President of the Cyber Crimes Symposium and Competition on the Moot Court Honors Board. Prior to law school, Ms. Shauer...