‘COVID-19 Consumer Data Protection Act’ on the Cards as Senators Announce Proposed Legislation

'COVID-19 Consumer Data Protection Act' on the Cards as Senators Announce Proposed Legislation
Senator Roger Wicker, Chairman of the U.S. Senate Committee on Commerce, Science & Transportation

Last week a group of four four Republican Senators revealed that they are proposing federal privacy legislation that will establish rules in relation to the collation and use of personal information during the Coronavirus pandemic.

The group, which includes Roger Wicker, Chairman of the US Senate Committee on Commerce, Science & Transportation, issued a press release detailing the aims of the COVID-19 Consumer Data Protection Act (the “Act”). They include:

  • Companies will be obliged to respect the Federal Trade Commission’s (FTC) jurisdiction to obtain affirmative express consent from individuals to gather, process, or transfer their personal health, geolocation, or proximity information in relation to addressing the spread of COVID-19.
  • Obligate businesses to share with consumers, at the point of collection, exactly how their data will be managed, to whom it will be distributed, and how long it will be held.
  • Set out clear definitions of “aggregate” and “de-identified” data to see to it that companies implement specific technical and legal safeguards to protect consumer data from being re-identified.
  • Direct firms to permit individuals to opt out of the collection, processing, or sharing of their personal health, geolocation, or proximity data.
  • Direct companies to make available transparency reports describing their data collection activities linked to COVID-19.
  • Create data minimization and data security requirements for any personally identifiable information collected by a covered group or company.
  • Require companies to erase or de-identify all personally identifiable information when it is no longer required in relation to the COVID-19 public health emergency.
  • Give state attorneys general the power to enforce the Act.

On his Twitter page, Senator Wicker said: “Data has great potential to help us contain the virus and limit future outbreaks, but we need to ensure that individuals’ personal information is safe from misuse. I will be introducing legislation to address this critical issue.”

This moves comes following a relaxation in the policing of the Health Insurance Portability and Accountability Act during the current pandemic, but also at a time when the Californian State Attorney General revealed that there will be no delay in the application of sanctions in relation to breaches the Californian Consumers Privacy Act after the July 1. 

The Senators’ announcement highlights the eagerness of legislators to do all in their power to safeguard  individuals’ privacy rights during this pandemic and should act as a warning light, to all companies, that they need to ensure they are completely compliant with all relevant legislation – be it CCPA, HIPAA, GDPR or another data privacy act – during this time.

The press release said that the Act “would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data.”  You can read the full press release here.