Lawmakers in Washington state have advanced a privacy bill that would require companies to obtain people's opt-in consent before drawing on “sensitive” data -- including precise geolocation data, biometric data and information that could reveal people's race, ethnicity, religious beliefs, health conditions, immigration status or sexual orientation -- for ad targeting.
The Washington Privacy Act (SB 5062), introduced by Sen. Reuven Carlyle, would also require companies to allow people to delete data about themselves, and to opt out of the disclosure of non-sensitive data.
“A strong data privacy law enables consumers to correct, delete, opt-out & stop the sale of their data,” Carlyle tweeted Thursday afternoon.
The state senate committee on environment, energy and technology voted 12-1 Thursday to send the measure to the committee on ways and means.
This year marks the third time Carlyle has proposed privacy legislation. A measure he introduced last year failed in March, after lawmakers were unable to agree on whether consumers should be able to sue over violations.
The state Senate's version of last year's failed bill that would have vested enforcement with the attorney general, but the House's version would have also allowed consumers to sue.
The current bill empowers the state attorney general, but not consumers, to sue over violations.
This year's proposed legislation includes several new provisions, including a directive that the state privacy office and attorney general study whether companies should be required to honor browser-based opt-out commands, such as a “do not sell” signal people could transmit via web browsers.
Earlier this month, the watchdog Consumer Reports proposed several revisions to the bill. Among others, the group said the bill should allow consumers to sue over violations.
“Consumers should be able to hold companies accountable in some way for violating their rights -- there should be some form of a private right of action,” the organization wrote in a letter to Carlyle.