Federal Privacy Bill to Focus on COVID-19

Bradley Arant Boult Cummings LLP

Bradley Arant Boult Cummings LLP

This is the fourth alert in a series of Bradley installments on privacy and cybersecurity developments arising from the COVID-19 pandemic. Click to read the first, second, and third installments.

Four United States senators announced Thursday that they would soon introduce the COVID-19 Consumer Data Protection Act. The act aims to protect consumers whose data is used to fight the pandemic. The senators have not yet released a final version of the bill, so for now we rely on the April 30 press release from Sens. Wicker (R-Miss.), Thune (R.-S.D.), Moran (R-Kan.), and Blackburn (R-Tenn.). According to the release, the legislation would:

  • Require companies under the jurisdiction of the Federal Trade Commission to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, geolocation, or proximity information for the purposes of tracking the spread of COVID-19.
  • Direct companies to disclose to consumers at the point of collection how their data will be handled, to whom it will be transferred, and how long it will be retained.
  • Establish clear definitions about what constitutes aggregate and de-identified data to ensure companies adopt certain technical and legal safeguards to protect consumer data from being re-identified.
  • Require companies to allow individuals to opt out of the collection, processing, or transfer of their personal health, geolocation, or proximity information.
  • Direct companies to provide transparency reports to the public describing their data collection activities related to COVID-19.
  • Establish data minimization and data security requirements for any personally identifiable information collected by a covered entity.
  • Require companies to delete or de-identify all personally identifiable information when it is no longer being used for the COVID-19 public health emergency.
  • Authorize state attorneys general to enforce the act.

Health, geolocation, and proximity data are the bill’s focus. Similar to other bills — such as the CCPA — the backbone of the protections will be the notice-and-consent provisions.

It remains to be seen whether the act will expressly preempt state privacy laws. The scope of any preemption would likely be controversial and may require resolution in the courts. The senators also have not yet indicated whether the act will create for consumers a private right of action — private-right-of-action clauses have been controversial in privacy laws at both the state and federal level.

Stay tuned for updates as we learn more about this federal privacy bill.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bradley Arant Boult Cummings LLP | Attorney Advertising

Written by:

Bradley Arant Boult Cummings LLP

Bradley Arant Boult Cummings LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.