As the US maybe gets serious about coronavirus-tracking apps, Congress wakes up to the privacy risks

Just what will happen to all that tasty location and contact data?

18 Reg comments Got Tips?

A bi-partisan group of US senators are preparing a new bill that would ensure privacy protections in coronavirus tracking apps, as legislative interest grows in what contact-tracing will entail.

The “Exposure Notification Privacy Act” is designed to make sure that the vast quantities of data that are expected to be generated from millions of people downloading and using tracing apps as a way of limited exposure to the coronavirus does not find its way into commercial databases.

Sponsors of the bill include Democratic Senators Maria Cantell (WA) and Amy Klobuchar (MN) and Republican Bill Cassidy (LA). While the full text of the bill has not been published yet, the senators’ offices have detailed its broad strokes.

A mobile phone collecting a woman's profile information

Privacy activists prep legal challenge against UK plan to keep coronavirus contact-tracing data for two decades

READ MORE

The use of any such app would be voluntary and require an opt-in for any data gathered, that commercial use of the data produced by any app would be prohibited, users can delete their data, and any contact-tracing apps would only accept an authorized diagnosis of coronavirus.

Although Apple and Google have worked together on a privacy-respecting set of APIs that would allow people to self-report a positive test for COVID-19, apps that build on top of the framework may take a different approach.

There is also the fact that many tech companies have become expert at taking whatever databases they can get hold of and find ways to tie them to their existing information sources. One of the more valuable data points for such firms is location - as it allows them to give advertisers the ability to target people precisely and geographically. As such, a vast database of people’s daily movements would potentially be extremely valuable.

Healthcare history

“The important thing we wanted to get done... is make sure the privacy protections are in place,” Cantwell told The Washington Post.

Cantwell also noted that she would be wary of using any tracing app before regulations over how the data can be used are in place. “We’re all irritated our browser history might be sold a thousand times over. But when it’s your healthcare history, it’s a whole new realm.”

The bill is not the only one being pushed in Congress at the moment focussed on protecting citizens in their use of such apps.

The Public Health Emergency Privacy Act [PDF] - also bi-partisan - was introduced in the House last month and would require companies to limit the collection of health data to only what is necessary for public health purposes, as well as mandate that any such data was deleted within 60 days of the end of a public health emergency.

Last month Senate Republicans announced The COVID-19 Consumer Data Protection Act which would also require an opt-in for data gathering and would require the data to be anonymized but would not restrict data usage by commercial companies. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020