At the beginning of 2020, a Federal privacy law, similar to that of GDPR or PIPEDA, was a faint and distant reality. However, in light of some mobile device and other monitoring being considered because of the COVID-19 pandemic, US Senators Roger Wicker (R-Miss.), chairman of the Senate Committee on Commerce, Science, and Transportation; John Thune (R-S.D.), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet; Jerry Moran (R-Kan.), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security; and Marsha Blackburn (R-Tenn.) announced on Friday, May 1, a bill proposing the enactment of the “COVID-19 Consumer Data Protection Act,” which would apply to American health, geolocation, and proximity information.
This comes as various tech giants rush to develop an opt-in functionality or application that would allow users to trace their whereabouts to determine potential exposure to the deadly virus. The proposed Act aims to heighten protection for Americans’ data by imposing requirements on businesses similar to those seen in the CCPA and GDPR, such as providing notice to consumers at the point of collection regarding how data will be handled, how long it will be maintained, and to whom it may be transferred. Businesses would also need to allow consumers to opt out of the collection, processing, or transfer of applicable data under the Act. Further, businesses regulated by the FTC would be required to obtain affirmative consent from individuals to collect, process, or transfer their personal health, geolocation, or proximity information for purposes of tracking the spread of COVID-19. We also see the concepts of data de-identification, data minimization, data security requirements, which all similarly sound very familiar.
While this proposed legislation applies only to health, proximity, and geolocation data, the burning question becomes whether, if enacted, this Act will pave the path toward Federal US Privacy Legislation.