U.S. Congress has had its share of division in recent years as it relates to potential federal privacy legislation. The gap between either side of the aisle doesn't appear to be shrinking as federal lawmakers seek to protect privacy amid the COVID-19.
After Senate Republicans proposed the COVID-19 Consumer Data Protection Act April 30, Democrats from the Senate and House of Representatives offered their response on Thursday with the introduction of the Public Health Emergency Privacy Act. The Democrats' bill aims to provide safeguards for health data during the pandemic and regulate the use of that data with contact tracing technologies.
The bill was unveiled by Sens. Richard Blumenthal, D-Conn., and Mark Warner, D-Va., along with Reps. Anna Eshoo, D-Calif., Jan Schakowsky, D-Ill., and Suzan DelBene, D-Wash.
"Americans are rightly skeptical that their sensitive health data will be kept safe and secure, and as a result, they’re reluctant to participate in contact tracing programs essential to halt the spread of this disease," Blumenthal said in a statement to CNBC. "The Public Health Emergency Privacy Act’s commitment to civil liberties is an investment in our public health."
A common thread between the Republican and Democratic bills is a consent requirement. Both proposals outline a need for companies to obtain explicit consent from users before collecting, processing or transferring their data for any virus-tracking efforts. The bills also include calls for user opt-outs from data collection.
The Democrats' proposal includes provisions for mandatory data deletion following the pandemic to ensure personal data is not misused, mishandled or deployed for further mass surveillance. Additionally, the PHEPA features enforcement by the Federal Trade Commission, a private right of action and a limitation on data disclosures to public entities.
In a blog post, the Future of Privacy Forum identified several key differences between the two bills. PHEPA would govern a broader scope of covered entities to include both public and private organizations, unlike the Republican-led bill, which only includes commercial entities. The Democrat-led proposal also covers a broader scope of data, provides an exemption for research, and robust anti-discrimination protections.
Notably, PHEPA would not preempt stronger existing state laws, unlike the Wicker bill, and provides for a private right of action for individuals.
"Swift passage of this legislation would go a long way towards establishing the trust American consumers need – and which Big Tech has squandered, time and again – for digital contact tracing to be a worthwhile auxiliary to widespread testing and manual contact tracing," Schakowsky said via Twitter.
Public worry and distrust regarding tech companies' potentially aiding efforts to curb the spread of COVID-19 have been steady. In April, the Pew Research Center conducted a survey that showed 60% of 4,000 American respondents believe contact tracing, via location data or other mobile data, will not make a difference in fighting the pandemic. Respondents were split in half on whether they felt any form of tracking conducted by the government or tech companies was acceptable.
"Absent a clear commitment from policymakers to improving our health privacy laws, as this important legislation seeks to accomplish, I fear that creeping privacy violations could become the new status quo in health care and public health," Warner said in a statement. "The credibility – and indeed efficacy – of these technologies depends on public trust."
Photo by Harold Mendoza on Unsplash