As is started this blog, I had the intention of helping local businesses and giving them tips on how they can actively improve their online return on investments. That also means I have to deliver the bad news. This might be it. Why? Not because it's making it harder for companies to understand what their users are doing, but because most of these local companies won't even realize that these laws will apply to them - which could result in huge fines.
Let's find out what these new changes are, what they mean and how it could affect you, shall we?
Well, lawmakers in Washington state are pushing for a new privacy law that will attempt to give consumers more control over the information that big tech and data companies collect about them.
This bill, which is proposed by state Sen. Reuven Carlyle, would give consumers the right to see what data is collected about them and find out whether that information is being sold to a third party (which is great). It would require companies to give their users access to correct inaccurate information, delete their personal data, and forfeit their personal information from being used in direct marketing campaigns (even better).
This proposal comes after a year in which scandals and breaches have shed light on how tech companies use consumer data, sparking regulatory scrutiny from state and federal legislators. This year, California became the first state to pass a bill like this. Washington isn't far behind.
“We really tried to have a thoughtful, measured bill that gave consumers protection while also understanding the way e-commerce and online advertising works,” said Washington Chief Privacy Officer Alex Alben.
Alben said companies that already comply with Europe’s General Data Protection Regulation (GDPR), enacted in May 2018, shouldn’t have a hard time complying with the proposed law in Washington.
Here's the problem. Most aren't already complying.
If enacted, the bill would require companies that collect personal data to be transparent with users about the type of information they’re recording, how they use it, and whether it is shared with third parties. If those companies create profiles about their users for ad targeting, they will have to disclose that before personal data is collected “including meaningful information about the logic involved and the significance and envisaged consequences of the profiling.”
Companies that fail to comply with the new rules could face penalties of up to $2,500-$7,500 per violation, enforced by the state attorney general.
“The technology industry has been a tremendous driver of economic growth in Washington state,” the bill says. “We need to ensure that any new privacy laws not only provide Washington residents with strong privacy protections but also enable industry and others to use data to create innovative technologies, products, and solutions.”
In addition to consumer data protections, the bill sets new regulations for facial recognition technology, requiring companies that make the software to get consent from consumers before using it on them. Consumers would need to be conspicuously notified when entering websites and physical spaces where facial recognition is in use. Companies that allow developers to use their facial recognition technology would need to make their APIs public so that third parties could test for accuracy and bias.
The bill also extends facial recognition regulations to the public sector. Government agencies would be prohibited from using the technology in ongoing surveillance of individuals in public spaces without a court order or emergency “involving imminent danger or risk of death or serious physical injury to a person,” according to the bill.
So, like I said - this is a good thing. We just need to make sure we are up to compliance.