Congressional legislators and privacy advocates are urging Congress to get off the dime and enact a national consumer privacy law to guard against surveillance overreach as governments and tech businesses compile geolocation data to slow the spread of the coronavirus (COVID-19).
Even if lawmakers were to feel the wind behind their backs to construct a national consumer privacy law, they will be playing catch up. To help track the movement of citizens, a number of governments are using, or considering using, big data analysis and artificial intelligence technology to collect data on peoples’ contacts to encircle the virus as best as can be done at this point.
While Covid-19 has made such activities a necessity now, that data collection has raised questions on consumers’ privacy rights and how the federal government intends to handle the information once the national emergency ends or at the least ebbs. In the U.S., federal, state and local governments through the Centers for Disease Control and Prevention are already receiving geolocation metadata from mobile advertising aggregators and companies to understand people’s movements during pandemic, according to recent reports. Google is also contributing a huge storehouse of data to similar initiatives.
Despite the importance of tracing individuals’ movements to establish possible Covid-19 infections, the potential exists to compromise individuals’ civil liberties and perhaps their safety, legislators said. For example, last week, White House senior advisor Jared Kushner asked health groups to compile a system to track why patients ask for care, Politico reported.
“The collection of consumer location data to track the coronavirus, although well intentioned and possibly necessary at this time, further underscores the need for uniform, national privacy legislation,” said Roger Wicker (R-MS), who chairs the Senate Commerce, Science and Transportation Committee, in an opening statement at a “paper hearing” on big data and the coronavirus. (via The Hill).
Through a series of questions and answers (to comply with Covid-19 meeting restrictions) the committee said it is examining “recent uses of aggregate and anonymized consumer data to identify potential hotspots of Covid-19 transmission and to help accelerate the development of treatments.” And, it is also looking at “how consumers’ privacy rights are being protected and what the U.S. government plans to do with Covid-19 related data collected at the end of this national emergency,” officials said.
Sen. Maria Cantwell (D-WA), the ranking member of the committee, urged Congress to define a framework to protect privacy rights. “We must guard against vaguely defined and non-transparent government initiatives with our personal data,” she said. “Because rights and data surrendered temporarily during an emergency can become very difficult to get back.” (via The Hill).
Last summer, the Trump White House called on Congress to revive the National Security Agency’s (NSA) controversial dragnet to collect phone and text data on millions of Americans, despite the agency’s earlier recommendation to abandon the law. No national consumer privacy law shields individuals from businesses capturing their personal data. California’s Consumer Privacy Act (CCPA), which became effective on January 1, 2020, provides a template for a uniform, federal code but legislators have yet to model it.
"The United States does not have a comprehensive privacy law to protect Americans’ personal information,” Michelle Richardson, the director of the Center for Democracy and Technology’s Privacy and Data Project, wrote in her opening statement. “This has led to the explosion of risky and exploitive data-driven behaviors in the vast unregulated space in between. It has reduced public trust in technology companies, and as a result, may discourage people from using legitimate services or waste precious time and resources on untested products.”
The CCPA, which resembles the European Union’s General Data Protection Regulation, gives the state’s 40 million residents the right to require a business to disclose the types of personal information it collects on the consumer, where that information is collected and whether it’s being sold or shared, and to opt out of the whole thing.
Some 25 governments worldwide have enacted surveillance measures to combat Covid-19, according to a OneZero report. The list includes Argentina, Australia, Austria, Belgium, Brazil, China, Dubai, Ecuador, Germany, Hong Kong, India, Indonesia, Iran, Israel, Italy, Kenya, Norway, Pakistan, Poland, Russia, Singapore, South Africa, South Korea, Switzerland, Taiwan, Thailand, United Kingdom and the United States.