The Washington Privacy Act is a privacy or data protection law drafted by the Senate Ways & Means of the 66th Legislature of the State of Washington (originally sponsored by Senators Carlyle, Palumbo, Wellman, Mullet, Pedersen, Billig, Hunt, Liias, Rolfes, Saldaña, Hasegawa, and Keiser).
What is the Washington Privacy Act?
The Washington Privacy Act is a law:
- relating to the management and oversight of personal data;
- amending RCW 43.105.369;
- adding a new section to chapter 9.73 RCW;
- adding a new chapter to Title 19 RCW;
- creating new sections;
- prescribing penalties; and
- providing an effective date.
The WPA will grant consumers various rights regarding their personal data, including the right to access, portability, correction, deletion, and to restrict or object to the processing of their data in certain circumstances.
The Washington Privacy Act commencement date
It is still a Bill and has not yet been enacted.
Finding out more
Who must comply with the WPA?
Currently, the WPA will apply to controllers that are either located in Washington or provide products or services to residents of Washington. The controller must either:
- control or process personal data of 100 000 consumers or more; or
- derive over 50 percent of gross revenue from the sale of personal data; and
processes or controls personal data of twenty-five thousand consumers or more.
The relationship between the WPA and other Data Protection Regulation
The WPA and the CCPA differ significantly. The WPA is the first legislation of its kind to consider privacy in the context of facial recognition. Both the CCPA and WPA find inspiration in EU legislation but they are relatively weaker. The compliance obligations listed above is another example. The WPA only has two threshold requirements whereas the CCPA has three. That being said, the WPA’s definition of personal data is significantly wider than that of the CCPA.