A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.
Proposed by U.S. Senators Maria Cantwell (D-WA), ranking member of the Senate Committee on Commerce, Science and Transportation, and Bill Cassidy (R-LA), and sponsored by U.S. Senator Amy Klobuchar (D-MN), the legislation seeks to both protect consumer privacy and promote public health.
Automated exposure notification services (including websites, online services and applications, mobile apps and platforms) are set to be released in the coming weeks to help track the spread of the COVID-19 virus and deliver notifications to individuals who might have been exposed.
The Exposure Notification Privacy Act makes participation in these exposure notification systems voluntary, based on affirmative, express consent, and also provides consumers with increased control over their data. It also allows individuals to withdraw at any time and to have their data deleted per request, and limits the types of data that can be collected to that which is necessary for the purpose of the system. Commercial use of this data is prohibited.
Furthermore, the bill makes it “unlawful to discriminate against, or otherwise make unavailable to an individual, any place of public accommodation based on data collected or processed through an automated exposure notification service.”
The legislation requires public health officials to be involved in the deployment of exposure notification systems and prohibits services that are not operated by or in collaboration with a public health authority. It also requires that only medically-authorized diagnoses be submitted.
The bill seeks to create strong cybersecurity and breach notification safeguards, empowers federal and state authorities (the Federal Trade Commission and State Attorneys General) to pursue violators and allows the FTC to pursue civil penalties for first-time violations.
“Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19,” Senator Cantwell said.