‘COVID-19 Consumer Data Protection Act’ on the Cards as Senators Announce Proposed Legislation

by | May 6, 2020

Last week a group of four four Republican Senators revealed that they are proposing federal privacy legislation that will establish rules in relation to the collation and use of personal information during the Coronavirus pandemic.

The group, which includes Roger Wicker, Chairman of the US Senate Committee on Commerce, Science & Transportation, issued a press release detailing the aims of the COVID-19 Consumer Data Protection Act (the “Act”). They include:

  • Companies will be obliged to respect the Federal Trade Commission’s (FTC) jurisdiction to obtain affirmative express consent from individuals to gather, process, or transfer their personal health, geolocation, or proximity information in relation to addressing the spread of COVID-19.
  • Obligate businesses to share with consumers, at the point of collection, exactly how their data will be managed, to whom it will be distributed, and how long it will be held.
  • Set out clear definitions of “aggregate” and “de-identified” data to see to it that companies implement specific technical and legal safeguards to protect consumer data from being re-identified.
  • Direct firms to permit individuals to opt out of the collection, processing, or sharing of their personal health, geolocation, or proximity data.
  • Direct companies to make available transparency reports describing their data collection activities linked to COVID-19.
  • Create data minimization and data security requirements for any personally identifiable information collected by a covered group or company.
  • Require companies to erase or de-identify all personally identifiable information when it is no longer required in relation to the COVID-19 public health emergency.
  • Give state attorneys general the power to enforce the Act.

On his Twitter page, Senator Wicker said: “Data has great potential to help us contain the virus and limit future outbreaks, but we need to ensure that individuals’ personal information is safe from misuse. I will be introducing legislation to address this critical issue.”

This moves comes following a relaxation in the policing of the Health Insurance Portability and Accountability Act during the current pandemic, but also at a time when the Californian State Attorney General revealed that there will be no delay in the application of sanctions in relation to breaches the Californian Consumers Privacy Act after the July 1. 

The Senators’ announcement highlights the eagerness of legislators to do all in their power to safeguard  individuals’ privacy rights during this pandemic and should act as a warning light, to all companies, that they need to ensure they are completely compliant with all relevant legislation – be it CCPA, HIPAA, GDPR or another data privacy act – during this time.

The press release said that the Act “would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data.”  You can read the full press release here.



Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy