The Washington State Senate has voted 46 to 1 in favor of the Washington Privacy Act, sending it to the Washington House of Representatives for consideration. Like the European Union's General Data Protection Regulation, the data privacy bill requires companies to disclose what personal data they are collecting, what they are doing with that data and with whom they are sharing it, including processing and consent requirements. The WPA also recognizes a controller and processor scheme, as GDPR does, according to Lucy Tyson, an intellectual property associate at law firm Bracewell. WPA is closer in similarity to GDPR than is the California Consumer Privacy Act of 2018, which is set to go into effect Jan. 1, 2020. "Portions of [WPA] appear to be copied and pasted from the same language that GDPR used," Tyson said. If enacted, WPA would go into effect July 31, 2021.
Since the start of the year, CCPA-like bills have been introduced in the Hawaii, Massachusetts, New Mexico, Rhode Island and Maryland legislatures, according to Bracewell. Conversation around a federal data privacy law also has begun—last week, several big tech companies spoke before a U.S. Senate Judiciary Committee hearing entitled GDPR & CCPA: Opt-ins, Consumer Control and the Impact on Competition and Innovation—but no concrete steps have been taken, Tyson said.