Washington’s My Health My Data Act signed into law
May 1, 2023
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
Washington My Health My Data Act Signed
The Washington State Governor officially signed the My Health My Data Act, which will go into effect March 31, 2024.
The law also requires the extension of certain rights, such as the right to have consumer health data deleted, and includes a private right of action.
Although the My Health My Data Act only applies to “consumer health data”, the definition and application of such term is broad enough to impact many entities that likely have not previously considered themselves to be involved in the processing of health-related data.
For example, the definition includes data identifying social and behavioral interventions, use or purchase of prescribed medications, bodily functions and vital signs, data that identifies a consumer seeking health care services, and health-related inferences derived or extrapolated from non-health data.
Starbucks May Face a Class Action Over Cookie Settings
Class action attorneys have announced an investigation into whether Starbucks continues to use unnecessary cookies to track users on starbucks.com even after users have declined all but “required cookies” through the pop-up presented when visiting the website.
The investigation is requesting information from users in California, Pennsylvania and Florida to determine whether Starbucks broke “certain privacy and wiretapping laws”.
Class action lawsuits under state anti-wiretapping laws, especially the Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA), have been filed with increased frequency since a 3rd-Circuit ruling in 2022 involving a website’s use of third-party tracking software.
In that case, an appellate judge held that liability under WESCA, which prohibits the interception of electronic communication without consent, cannot be avoided by showing that the person making the interception was a direct party to the communication.
Bill C-27 Passes Second House Reading
Federal Bill C-27, which would enact three laws: the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act, has passed two readings in the House of Commons and will now be referred to the House Committee on Industry and Technology for consideration before a third reading. The first reading took place in June 2022.
The CPPA portion of the bill would amend the existing Personal Information Protection and Electronic Documents Act (PIPEDA) with respect to the collection and use of personal information for commercial activities.
The law would require consent except in the event of certain limited activities, such as for security or safety, to provide a product or service, or in the event of legitimate interest, which could not apply if the data is collected to influence the individual’s behavior or decisions or if a reasonable person would not expect the collection.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
The Federal Trade Commission sent warning letters to five...
Delaware HB 154, implementing the Delaware Personal Data Privacy Act,...
How do different U.S. state laws define and protect...
Latest White Papers
The current state of publisher compliance with CCPA, and...
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.