As tech companies roll out Covid-19 symptom checkers, contact tracing tools, and employee screening systems, legislators are grappling with an important question — what can they do with all of that health data? Democratic and Republican lawmakers introduced two competing privacy bills that attempt to build on existing regulations.
A group of Democrats shared proposed legislation last week that would regulate what data companies can collect during the pandemic, and requires them to delete it once the crisis ends. This includes health data and location data that might be pulled in by contact-tracing apps. For example, Apple and Google are building a contact-tracing system that would use proximity data collected by Bluetooth sensors, while Care19 is developing an app that uses location data for contact tracing.
Under the Public Health Emergency Privacy Act, sponsored by Senators Mark Warner (D-Virginia) and Richard Blumenthal (D-Connecticut), companies are limited to collecting data for public health purposes. They are barred from using health data for advertising, or to block access to employment, finance, housing or insurance.
The legislation also includes some key civil rights protections, such as prohibiting residents’ right to vote from being conditioned on the use of contact-tracing apps.
“Communications technology has obviously played an enormously important role for Americans in coping with and navigating the new reality of COVID-19 and new technology will certainly play an important role in helping to track and combat the spread of this virus. Unfortunately, our health privacy laws have not kept pace with the privacy expectations Americans have come to expect for their sensitive health data,” Warner said in a news release. “Absent a clear commitment from policymakers to improving our health privacy laws, as this important legislation seeks to accomplish, I fear that creeping privacy violations could become the new status quo in health care and public health. The credibility – and indeed efficacy – of these technologies depends on public trust.”
Earlier this month, a group of Republican senators proposed their own privacy bill, the Covid-19 Consumer Data Protection Act. It has some similarities with the Democrats’ bill, including that it encompasses both health and location data, and includes requirements that allow people to opt out of their personal data being collected. It also requires that companies delete or de-identify any data after the pandemic ends.
However, the bill does allow companies to retain aggregated or deidentified data. It also carves out an exemption for employee screening data. Companies are allowed to conduct temperature checks and conduct diagnostic testing for Covid-19 according to guidance released by the Equal Employment Opportunity Commission in March.
The bill is sponsored by Senators Roger Wicker (R-Mississippi), John Thune (R-South Dakota), Jerry Moran (R-Kansas), Masha Blackburne (R-Tennessee) and Deb Fischer (R-Nebraska).
Photo Credit: wigglestick, Getty Images