{"id":17628,"date":"2020-02-04T09:10:03","date_gmt":"2020-02-04T17:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11363\/"},"modified":"2020-02-04T09:10:03","modified_gmt":"2020-02-04T17:10:03","slug":"news-11363","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11363\/","title":{"rendered":"Washington Privacy Act welcomed by corporate and nonprofit actors"},"content":{"rendered":"

Credit to Author: David Ruiz| Date: Tue, 04 Feb 2020 16:35:25 +0000<\/strong><\/p>\n

The steady parade of US data privacy legislation<\/a> continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. <\/p>\n

The bill, called the Washington Privacy Act<\/a>, also improves upon its earlier 2019 version, providing stronger safeguards on the use of facial recognition technology. According to some analysts, when compared to its coastal neighbor\u2019s data privacy law\u2014the California Consumer Privacy Act, which went into effect this year\u2014the Washington Privacy Act excels. <\/p>\n

Future of Privacy Forum CEO Jules Polonetsky called the bill \u201cthe most comprehensive state privacy legislation proposed to date.\u201d <\/p>\n

\u201cIt includes provisions on data minimization, purpose limitations, privacy risk assessments, anti-discrimination requirements, and limits on automated profiling that other state laws do not,\u201d Polonetsky said<\/a>. <\/p>\n

Introduced on January 20 by state Senator Reuven Carlyle, the Washington Privacy Act would create new responsibilities for companies that handle consumer data, including the implementation of data protection processes and the development and posting of privacy policies. <\/p>\n

Already, the bill has gained warm reception from corporate and nonprofit actors. Washington-based tech giant Microsoft said it was encouraged<\/a>, and Consumer Reports welcomed the thrust of the bill, while urging for even more improvements<\/a>. <\/p>\n

\u201cThis new draft is definitely a step in the right direction toward protecting Washington residents\u2019 personal data,\u201d said Consumer Reports Director of Consumer Privacy and Technology Policy Justin Brookman. \u201cWe do hope to see further improvements to get rid of inadvertent loopholes that remain in the text.\u201d<\/p>\n

What the Washington Privacy Act would do<\/strong><\/h3>\n

Like the many US data privacy bills introduced in the past 18 months, the Washington Privacy Act approaches the problem of lacking data privacy with two prongs\u2014better rights for consumers, tighter restrictions for companies. <\/p>\n

On the consumer side, the Washington Privacy Act would grant several new rights to Washington residents, including the rights to access, correct, delete, and port their data. Further, consumers would receive the right to \u201copt out\u201d of having their personal data used in multiple, potentially invasive ways. Consumers could say no to having their data sold and to having their data used for \u201ctargeted advertising\u201d\u2014the somewhat inescapable practice that results in advertisements for a pair of shoes, a fetching sweater, or an 4K TV following users around from device to device.\u00a0 <\/p>\n

Consumers could exercise their rights with simple requests to the companies that handle their data. According to the bill, these requests would require a response within 45 days. If a company cannot meet that deadline, it can file for an extension, but it is required to notify the consumer about the extension and about why it could not meet the deadline. <\/p>\n

Further, unfulfilled requests are not a dead end for consumers\u2014companies must also offer an appeals process to the consumers whose requests they deny or do not fulfil. Requests must also be responded to free of charge, up to two times a year per consumer.<\/p>\n

Perhaps one of the most welcome provisions in the bill is its anti-discrimination rules. Companies cannot, the bill says, treat consumers differently because of their choices to exert their data privacy rights. On the surface, that makes dangerous ideas like \u201cpay-for-privacy\u201d schemes<\/a> much harder to enact. <\/p>\n

Concerning new business regulations, the Washington Privacy Act separates the types of companies it applies to into two categories: \u201ccontrollers\u201d and \u201cprocessors.\u201d The two terms, borrowed from the European Union\u2019s General Data Protection Regulation (GDPR)<\/a>, have simple meanings. \u201cControllers\u201d are the types of entities that actually make the decisions about how consumer data is collected, shared, or used. So, a small business with just one employee who decides to sell data to third parties? That\u2019s a controller. A big company that decides to collect data to send targeted ads? That\u2019s a controller, too. <\/p>\n

Processors, on the other hand, are akin to contractors and subcontractors that perform services for controllers. So, a payment processor that simply processes e-commerce transactions and nothing more? That\u2019s a processor. <\/p>\n

The Washington Privacy Act\u2019s new rules focus predominantly on \u201ccontrollers\u201d\u2014the Facebooks, Amazons, Twitters, Googles, Airbnbs, and Oracles of the world. <\/p>\n

Controllers would have to post privacy policies that are \u201creasonably accessible, clear, and meaningful,\u201d and would include the following information: <\/p>\n