This past summer, we reported on the July 2021 vote by the Uniform Law Commission (ULC) to approve the Uniform Personal Data Protection Act (UPDPA), a model data privacy bill designed to be promulgated in state legislatures across the United States. Now the District of Columbia becomes the first jurisdiction to have the bill introduced for consideration.

On October 18, 2021, District of Columbia Council Chairman Phil Mendelson introduced B24-0451, also known as the “Uniform Personal Data Protection Act of 2021” to the council. Accompanying the text of the bill is a letter from James C. McKay, Jr., the Chair of the D.C. Uniform Law Commission, outlining why the UPDPA should be adopted. In support of his request to Chairman Mendelson to introduce the bill, McKay describes the UPDPA as a bill that “would provide real protections for consumers’ personal data without imposing onerous, and often impossible, burdens on controllers and processors,” and noting that, if enacted, the law “will encourage the responsible growth of data practices in the District.”

Indeed, it appears that the bill is essentially identical to the version of the UPDPA approved by the ULC. The bill has now been referred to the Committee on the Judiciary and Public Safety. If adopted, the law would apply to any controller or processor that conducts business in Washington, D.C., or produces products or provides services purposefully directed to its residents, and which:

  1. Maintains personal data about more than 50,000 residents of Washington, D.C.;
  2. Earns more than 50% of its gross annual revenue from maintaining personal data;
  3. Is a processor acting on behalf of a controller the processor knows or has reason to know satisfies (1) or (2); or
  4. Maintains personal data, unless it processes the personal data solely using compatible data practices.

Companies operating inside and outside Washington, D.C., should keep a watchful eye on UPDPA legislation and developments. Based on McKay’s letter, it appears that the National Conference of Commissioners on Uniform State Laws is actively advocating for the UPDPA’s adoption, with the belief that “state law should govern areas of the law traditionally governed by state law, such as consumer protection.” The District of Columbia Council bill, which was introduced within a few months of the ULC’s approval of the UPDPA, may also be an indicator that other jurisdictions will have a similar appetite for data privacy legislation within the coming months.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kim Ng Kim Ng

Kim Ng centers her practice on internet and technology issues, with a strong focus on data privacy and information security. She counsels clients on compliance efforts with state, federal, and international privacy laws and regulations, including the California Consumer Privacy Act (CCPA), Communications…

Kim Ng centers her practice on internet and technology issues, with a strong focus on data privacy and information security. She counsels clients on compliance efforts with state, federal, and international privacy laws and regulations, including the California Consumer Privacy Act (CCPA), Communications Decency Act (CDA), and the General Data Protection Regulation (GDPR).