Alexander Vitruk and Andreas Kaltsounis of BakerHostetler write:
Washington’s groundbreaking “My Health My Data Act” (HB 1155) (the Act) was signed into law on April 27, 2023. This Act imposes new requirements on the processing and sale of consumer health data by organizations with a nexus to Washington state, as our earlier blog posts explain. In this blog post, we examine the private right of action available under the Act, including how it interacts with the state’s Consumer Protection Act and the risk of class actions.
The Private Right of Action’s Extensive Scope
The Act provides for a private right of action in Section 11 by establishing that a violation of the Act is an unfair or deceptive act under the Washington Consumer Protection Act (CPA). It is one of the most far-reaching private rights of action of any state privacy law, for several reasons:
Read more at DataCounsel.