Senators Introduce Bill to Protect Personal Data Amidst COVID-19

Written by: Richard Sheinis, Esq.

On April 30, 2020, Republican Senators Wicker (MS), Thune (SD), Moran (KS) and Blackburn (TN), announced the introduction of the “COVID-19 Consumer Data Protection Act,” intended to protect health, geolocation and proximity data. These types of personal data are related to contact tracing, the process of identifying persons with whom a person who tested positive for COVID-19 might have been in contact.

Personal information that is already subject to FERPA or HIPAA would not be covered by the Act. The Act would require individuals to expressly consent before an organization could collect, process or transfer the individual’s personal information.  The individual would be able to withdraw their consent at any time.

Organizations covered by the Act would be required to publish a privacy policy that discloses their data transfer, data retention and data security practices. Compliance would be enforced by the FTC under the Unfair and Deceptive Trade Practices Act.

The Act would also preempt state law that is “related to the collection, processing, or transfer of covered data.”  As many of you know, the question of preemption is always a battleground issue whenever federal privacy legislation is proposed.

A big question is whether the immediacy of COVID-19 will pass before the Act even comes up for consideration.