<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Washington State Privacy Act: Is the 3rd Time the Charm?

Updated April 12, 2021 at 11:30am: Sunday night's House session ended without a vote on the Washington Privacy Act. The House proposed twenty-five amendments to the bill that weren't debated prior to the end of the session, not allowing for a vote. At this time, it is unclear if the bill will still be under consideration. We will update as we learn more. 

The state of Washington has made alterations to the proposed consumer privacy act, SB 5062, in the hopes that it can be the latest privacy legislation to pass. Previous attempts to pass the Washington Privacy Act have been halted due to disagreement on the limited private right of action. In an effort to compromise, adjustments have been made to that portion of the bipartisan bill.

All Posts

Round Three of Proposed Modifications to the CCPA

The California Consumer Privacy Act (CCPA) proposed updates continue to roll in as the third set of proposed modifications released by the California Department of Justice were submitted for comment through October 28, 2020. According to Michael Hellbusch of Rutan & Tucker, the latest modifications are a big deal for a lot of businesses and their websites. However, the biggest news is that the AG proposed these modifications at all especially being so close to the November 2020 election.

Modification to Section 999.306 – Offline Notice of Opt-Out

Hellbusch says, “the proposed modifications add an offline notice requirement when a business that collects personal information in the course of interacting with a consumer offline. The offline opt-out notice is required even if the business only sells the personal information it collects online via cookies or otherwise.” 

Businesses, especially those in brick-and-mortar settings, should not assume that they do not need to provide offline notices just because the only personal information they sell is collected or sold online.  In other words, if the business sells personal information, the opt-out notice must be provided at all points of collection of personal information, both online and offline. 

Modifications to Section 999.315 – Easier Methods to Opt-Out

“The modifications to this section are clearly intended to prevent dark patterns or convoluted opt-out processes,” said Hellbusch. As the proposed updates would require a business’s method for submitting requests to opt-out be easy for consumers to execute along with minimal steps to opt-out, such as the following:

  • The process for submitting a request to opt-out shall not require more steps than the business’s process for a consumer to opt-in to the sale of personal information, after previously opting out
  • A business must not use confusing language in the opt-out process
  • A business shall not require consumers to click through or listen to reasons why they should not submit a request to opt-out prior to confirming their request
  • The business’s process shall not require the consumer to provide personal information that is not necessary when submitting a request to opt-out
  • Lastly, upon clicking the “Do not sell my personal information” link, a business must not require the consumer to search or scroll through the text of a privacy policy or similar document, or webpage to locate the mechanism for submitting an opt-out request

Modifications to Section 999.626 – Authorized Agent

The modifications to the authorized agent section reinforce the need to deal with authorized agents. It also clarifies that all agents must have written proof of permission from the consumer to submit the request. In addition, businesses may require the consumer to directly verify their own identity with the business and/or directly confirm with the business that they provided the agent permission to submit the request.

Regardless of these new modifications, Truyo’s Privacy Rights platform already includes the ability to provide a link in signage or in paper form to accommodate offline opt-outs along with the workflow to process authorized agents.

Conflicting Timeline

The California Privacy Rights Act, also known as Proposition 24, is currently on the ballot in California on November 3, 2020, which will amend any CCPA regulations including these proposed modifications. The timeline associated with the proposed modifications conflicts with the CPRA and comes at an odd time, considering CPRA is likely to pass in less than a month’s time.

Although, businesses will have more considerations to keep in mind in devising a pass/no pass strategy when it comes to the CCPA vs. CPRA. We will keep you informed as new updates arise in the new set of modifications.

Monique Becenti
About Monique Becenti
Monique Becenti is the Product Marketing Manager at Truyo. She has deep technical knowledge in technology with an emphasis on data privacy.
Recent Posts

Washington State Privacy Act: Is the 3rd Time the Charm?

Updated April 12, 2021 at 11:30am: Sunday night's House session ended without a vote on the Washington Privacy Act. The House proposed twenty-five ame...

Alaska Governor Proposes Privacy Act Bill

Alaska has become the next state to move toward protecting consumer privacy at a state level. Governor Mike Dunleavy (R) introduced Senate Bill 116 an...

Virginia Has Passed a Privacy Act

Gov. Northam has signed the Virginia Consumer Data Protection Act into law. One of the things 2020 should have prepared us for is the unexpected, and ...

Apple iOS 14.3 New Privacy Features

It looks like 2021 is going to be a big year for consumer privacy awareness. Apple recently announced its current release iOS 14.3 will introduce a ne...