Now that COVID-19 lockdowns are slowly starting to lift in the US, a group of senators want to set privacy expectations for the contact tracing apps that could help keep the virus in check. Senators Marsha Blackburn, Jerry Moran, John Thune and Roger Wicker plan to introduce (via iMore) a bill, the COVID-19 Consumer Data Protection Act, that would set requirements for data collection and transparency. The measure would start by requiring “affirmative express consent” for transferring health, location and proximity data, along with an opt out for those who aren’t comfortable. There would also be clear definitions of aggregated and de-identified data, and entities would need to both meet data security requirements and scrub any personally identifiable info after the pandemic is over.
The transparency measures would include disclosures for how data would be handled, where it’s going and how long it will be kept. Companies would have to provide transparency reports for their data collection as well.
This would theoretically prevent Apple, Google and government agencies from collecting more data than they should, or funnelling it into the hands of marketers and others who might abuse it.
However, privacy advocates are concerned it doesn’t do enough and might even worsen consumer safeguards. Public Knowledge Policy Counsel Sara Collins claimed that the bill only covers contact tracing data, not other health or location info, and could still let companies determine who was infected. The bill also “gratuitously preempts” the FCC’s stronger privacy measures for carriers, Collins said, and doesn’t give the FTC the resources or authority to take action. On top of this, the bill could force states to adopt federal rules even if they want to implement stronger approaches.
There’s no guarantee the Act will become law, at least as-is. Provided the Republican-backed bill passes in the Senate, a counterpart bill still has to go through the Democrat-led House. There could be significant disagreements over key points, especially if Democrats share Collins’ belief that it’s really a deregulatory measure in disguise. Nonetheless, this shows how the privacy implications of COVID-19 tracking apps have become hot issues no matter what your political leanings might be.