Washington State Privacy Bill Threatens Further Balkanized Regulation

A “GDPR-style” online privacy bill has been introduced in the Washington Legislature. The “Washington Privacy Act,” (“WPA”, SB5376), was introduced last week by Senator Reuven Carlyle, who has been very active on technology issues.

While we support the objectives of the bill, we have very serious concerns about the likely negative impact it would have for both companies and consumers. ANA and our fellow marketing associations sent a letter today to Senator Carlyle describing those concerns.

We strongly believe that any privacy legislation should distinguish pseudonymized data from individually identifiable information and the WPA fails to adequately do so. By treating innocuous, pseudonymized marketing data in the same way as data that could identify an individual, the bill would actually force companies to collect more personal data about consumers so they could effectuate consumer rights such as the right of access, correction or portability.

The processing of pseudonymized data, which fuels the online economy and does not identify a specific consumer, should be subject to a mechanism such as the Digital Advertising Alliance (DAA) program, which provides consumers with notice and choice over the use of such information.

The WPA is the latest effort by a state legislature to impose new regulations on a global marketplace, leading to an increasingly seriously fragmented internet environment for both consumers and businesses. This is going to be highly disruptive to the national and international digital marketplace. We continue to support a strong national standard to protect consumer privacy and urge Congress to act to harmonize privacy protections across the marketplace.