Security Experts:

Connect with us

Hi, what are you looking for?



New Bill Regulates COVID-19 Exposure Notification Services

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

Proposed by U.S. Senators Maria Cantwell (D-WA), ranking member of the Senate Committee on Commerce, Science and Transportation, and Bill Cassidy (R-LA), and sponsored by U.S. Senator Amy Klobuchar (D-MN), the legislation seeks to both protect consumer privacy and promote public health.

Automated exposure notification services (including websites, online services and applications, mobile apps and platforms) are set to be released in the coming weeks to help track the spread of the COVID-19 virus and deliver notifications to individuals who might have been exposed.

The Exposure Notification Privacy Act makes participation in these exposure notification systems voluntary, based on affirmative, express consent, and also provides consumers with increased control over their data. It also allows individuals to withdraw at any time and to have their data deleted per request, and limits the types of data that can be collected to that which is necessary for the purpose of the system. Commercial use of this data is prohibited.

Furthermore, the bill makes it “unlawful to discriminate against, or otherwise make unavailable to an individual, any place of public accommodation based on data collected or processed through an automated exposure notification service.”

The legislation requires public health officials to be involved in the deployment of exposure notification systems and prohibits services that are not operated by or in collaboration with a public health authority. It also requires that only medically-authorized diagnoses be submitted.

The bill seeks to create strong cybersecurity and breach notification safeguards, empowers federal and state authorities (the Federal Trade Commission and State Attorneys General) to pursue violators and allows the FTC to pursue civil penalties for first-time violations.

“Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19,” Senator Cantwell said.

Related: Surveillance Bill Vote Scrapped After Opposition From Trump, DoJ

Related: Bipartisan Bill Aims to Reform NSA Surveillance of Americans

Related: Proposed Bill Seeks to Protect Researchers Disclosing Classified Government Backdoors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...