A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19.
One of three bills introduced, the Exposure Notification Privacy Act is was formulated with a view to regulating contact tracing apps to secure the privacy of Americans. The other two bills did not make it off the floor. The feeling was that a bipartisan bill will have a greater chance of success.
At present, contact tracing and exposure notification technologies are being designed to try and control the spread of COVID-19. Google and Apple have both developed the technology to support contact tracing using mobile phones and low energy Bluetooth. When a user installs a contact tracing app it will record encounters with other people who have also installed the app. When someone is diagnosed with COVID-19, the encounter data in the app is reviewed so all individuals who may have been infected by that person can be informed.
Contact tracing and exposure notification apps have been implemented in other countries and have helped reduce the spread of COVID-19, but there are privacy risks linked with the apps that the new bill aims to tackle.
The Exposure Notification Privacy Act was brought to the house by Sens. Maria Cantwell (D-Washington) and Bill Cassidy (R-Louisiana) and has been co-sponsored by Amy Klobuchar (D-Minnesota). They are hoping that the bill will give Americans control over their personal data and “will place public health officials in the driving seat of exposure notification development.”
The bill requires the implementation of contact tracing and exposure notification apps to be voluntary and for developers of the apps to put in place measures that allocate consumers strong controls over their personal data. The bill restricts the range of data that the apps can collect and places a time limit on how long personal data can be in use.
In order for the apps to achieve their intended aim, they will need to be installed by large numbers of people. For that to take place, Americans will need to be confident that their privacy is secured and their personal data will not be improperly used.
Senator Cantwell said: “Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19. This bill defends privacy when someone voluntarily joins with others to stop the spread of Covid-19.”
The bill requires exposure notification systems to only permit medically authorized diagnoses to see to it that false reports do not happen. The bill requires personal data gathered through the apps to only be used for the purpose of managing the spread of COVID-19 and personal data is forbidden from being used for commercial purposes. Along with participation being voluntary, the bill will give Americans the right to opt out and have their personal data erased at any point in time.
Strong security controls must be implemented to protect personal data collected through the apps and in the event of a data breach taking place, the bill calls for all affected individuals to be made aware. There will also be strict enforcement measures to ensure consumer rights are secured. Federal and state authorities will be given permission to sanction financial penalties in cases of noncompliance.
Senator Klobuchar said: “As we continue to confront the coronavirus pandemic, Americans should not have to worry about the privacy and security of their personal health data. While contact tracing can play a critical role in helping prevent the spread of the coronavirus, this crucial innovation cannot come at the expense of consumers’ privacy.”