WASHINGTON – U.S. Sens. Roger Wicker, R-Miss., chairman of the Senate Committee on Commerce, Science, and Transportation, John Thune, R-S.D, chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, Deb Fischer, R-Neb., chairman of the Subcommittee on Transportation and Safety, Jerry Moran, R-Kan., chairman of the Subcommittee on Manufacturing, Trade, and Consumer Protection, and Marsha Blackburn, R-Tenn., today introduced the COVID-19 Consumer Data Protection Act. The legislation would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, device, geolocation, and proximity data. The bill would also hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.
“As the coronavirus continues to take a heavy toll on our economy and American life, government officials and health-care professionals have rightly turned to data to help fight this global pandemic,” said Wicker. “This data has great potential to help us contain the virus and limit future outbreaks, but we need to ensure that individuals’ personal information is safe from misuse. I am pleased to join Senators Thune, Fischer, Moran, and Blackburn in introducing legislation to address this critical issue.”
“While the severity of the COVID-19 health crisis cannot be overstated, individual privacy, even during times of crisis, remains critically important,” said Thune. “This bill strikes the right balance between innovation – allowing technology companies to continue their work toward developing platforms that could trace the virus and help flatten the curve and stop the spread – and maintaining privacy protections for U.S. citizens.”
“During the COVID-19 pandemic, many tech companies are using data to track the spread and help keep Americans healthy,” said Fischer. “I helped introduce this legislation which will allow companies to continue innovating while providing Americans with more transparency and safeguards for how their personal data are managed.”
“While many businesses have taken steps to develop technological solutions to tracking, containing and ending the COVID-19 pandemic, Congress must address potentially harmful practices that could stem from these innovations.” said Moran. “This legislation will address specific consumer privacy violations resulting from COVID-19, and I encourage my colleagues to support this bill so that we can better protect people’s personally identifiable information during this pandemic.”
“In the age of social distancing, we are leaning on technology more than ever to stay connected and obtain information,” said Blackburn. “It is paramount that as tech companies utilize data to track the spread of COVID-19, Americans’ privacy and security are not put at risk. Health and location data can reveal sensitive and personal information, and these companies must be transparent with their users.”
The COVID-19 Consumer Data Protection Act would:
- Require companies under the jurisdiction of the Federal Trade Commission to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, device, geolocation, or proximity information for the purposes of tracking the spread of COVID-19.
- Direct companies to disclose to consumers at the point of collection how their data will be handled, to whom it will be transferred, and how long it will be retained.
- Establish clear definitions about what constitutes aggregate and de-identified data to ensure companies adopt certain technical and legal safeguards to protect consumer data from being re-identified.
- Require companies to allow individuals to opt out of the collection, processing, or transfer of their personal health, geolocation, or proximity information.
- Direct companies to provide transparency reports to the public describing their data collection activities related to COVID-19.
- Establish data minimization and data security requirements for any personally identifiable information collected by a covered entity.
- Require companies to delete or de-identify all personally identifiable information when it is no longer being used for the COVID-19 public health emergency.
- Authorize state attorneys general to enforce the Act.
Click here to read the bill.