October 28, 2020

Volume X, Number 302

Advertisement

October 28, 2020

Subscribe to Latest Legal News and Analysis

October 27, 2020

Subscribe to Latest Legal News and Analysis

October 26, 2020

Subscribe to Latest Legal News and Analysis

Senate to Introduce “COVID-19 Consumer Data Protection Act”

On April 30, 2020, four Republican Senators[1],including the Chairman of the U.S. Senate Committee on Commerce, Science & Transportation, announced that they intend to introduce federal privacy legislation to regulate the collection and use of personal information in connection with the Coronavirus pandemic.  According to the Senators’ press release, the COVID-19 Consumer Data Protection Act (the “Act”) would:

  • Require companies subject to the Federal Trade Commission’s jurisdiction to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, geolocation, or proximity information for the purposes of tracking the spread of COVID-19.

  • Direct companies to disclose to consumers at the point of collection how their data will be handled, to whom it will be transferred, and how long it will be retained.

  • Establish clear definitions of “aggregate” and “de-identified” data to ensure companies adopt certain technical and legal safeguards to protect consumer data from being re-identified.

  • Require companies to allow individuals to opt out of the collection, processing, or transfer of their personal health, geolocation, or proximity information.

  • Direct companies to publish transparency reports describing their data collection activities related to COVID-19.

  • Establish data minimization and data security requirements for any personally identifiable information collected by a covered entity.

  • Require companies to delete or de-identify all personally identifiable information when it is no longer being used for the COVID-19 public health emergency.

  • Authorize state attorneys general to enforce the Act.

According to the press release, the Act “would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data.”  Nonetheless, the bill reportedly contains a provision that will pre-empt provisions of state privacy laws that are more prescriptive than the federal protections.

The Senators’ announcement seems to signal an increased interest among federal legislators in protecting individuals’ privacy rights during this pandemic.  As mentioned in our earlier article, tracking the spread of COVID-19 will likely impact individuals’ privacy rights.  Any legislation should carefully balance the collective interest in battling the pandemic with individuals’ privacy rights in order to build consumer trust in the use of sensitive health and location data and voluntary take-up of contact tracing apps.

We will provide further analysis of the substance of the Act shortly.

[1] US Sens. John Thune (R-S.D), Roger Wicker (R-Miss.), Jerry Moran (R-Kan.), and Marsha Blackburn (R-Tenn.).

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 127
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Glenn Brown Data Privacy & Cybersecurity Attorney Squire Patton Boggs Atlanta., GA
Of Counsel

A senior member of our Data Privacy & Cybersecurity Practice Group, Glenn Brown provides business-oriented advice to clients in numerous industries on data privacy and regulatory compliance matters, including regulatory investigations and examinations. He has experience driving privacy and compliance priorities within organizations and providing strategic counsel regarding privacy, compliance and risk to support the growth and success of the business.

Glenn also has deep experience advising clients regarding compliance with many of the US...

678-272-3235
Lydia de la Torre Data Privacy & Cybersecurity Attorney Squire Patton Boggs Palo Alto, CA
Of Counsel

Lydia de la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other state’s privacy and cyber laws, US financial privacy laws, and marketing and advertising compliance, as well as information security. She also represents clients in investigations with an eye toward helping them avoid litigation.

Lydia’s work in-house and with organizations has run the gamut, from pre-IPO start-ups to mature Fortune 500 companies, in a...

650-843-3227
Shalin Sood, Squire Patton Boggs Law Firm, Washington DC, Cybersecurity Law Attorney
Associate

Shalin “Shawn” Sood is an associate in the Data Privacy & Cybersecurity Practice. Shawn advises clients on a variety of issues, including cybersecurity best practices and risk assessments, incident response programs and cybersecurity compliance. He also assists clients on compliance with the EU General Data Protection Regulation (GDPR) and establishing robust and thorough data privacy programs. He also has experience in representing international businesses in compliance and investigations from federal and state governments.

202-457-6183
Advertisement
Advertisement