COVID-19 Privacy Bills Introduced in U.S. Senate

White and Williams LLP

White and Williams LLP

Two competing bills have been introduced in Congress to protect personal data collected by businesses in response to the COVID-19 crisis. The bills, one introduced by Senate Democrats (The Public Health Emergency Privacy Act), the other by Senate Republicans (The COVID-19 Consumer Data Protection Act of 2020), have several key differences, but share one significant similarity: an explicit opt-in requirement by data subjects for the collection and use of COVID-19-related personal data.

The proposed legislation is in response to an increasing number of software applications, websites, and other digital tools developed for the collection and use of novel coronavirus-related personal data, including possible COVID-19 symptoms. Such data would be used for screening, tracking, and tracing as states and localities emerge from the Great Pause and resume onsite operations and activities. Both bills place an emphasis on protecting the privacy of personal information and would require entities collecting such data to implement “reasonable” data protection measures. Further, by requiring organizations to obtain the explicit consent of data subjects through opt-in processes before the collection and use of such data, each bill would depart significantly from most U.S. data privacy laws, which are based on “opt-out” models. The bills do not define personal information or data; nor do they enumerate on what “reasonable” data protection measures means.

The bills differ in several aspects. The COVID-19 Consumer Data Protection Act of 2020 does not subject employee screening by employers for COVID-19 symptoms to the privacy measures and protections of the bills, including opt-in requirements. The Public Health Emergency Privacy Act places greater emphasis on civil rights and would require a report determining the extent to which any civil rights may be impacted by the collection of novel coronavirus-related personal data. The Democrat bill also would extend collection prohibitions and restrictions to governmental agencies, whereas the Republican bill solely addresses data collection by private organizations. Both bills exclude, as a covered party, public health authorities, which are free to collect the information described in the bill as is necessary and reasonable to protect the public. The bills also exclude healthcare institutions, which already are covered by the Health Insurance Portability and Accountability Act (HIPAA).

We will continue to track the progress of this legislation.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White and Williams LLP | Attorney Advertising

Written by:

White and Williams LLP

White and Williams LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.