Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Senators to introduce COVID-19 contact tracing privacy legislation

Lawmakers on Thursday announced new legislation aimed at protecting consumer privacy from contact tracing apps. Credit: Martin Falbisoner

Last updated

A group of Republican senators on Thursday said that they intend to introduce a bill that would regulate how consumer data is used to fight the spread of COVID-19, including by Apple and Google's exposure notification system.

The COVID-19 Consumer Data Protection Act would "provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data" during the coronavirus pandemic, Sens. Roger Wicker (MS), John Thune (SD), Jerry Moran (KS) and Marsha Blackburn (TN) said in a joint statement.

Though not specifically named, it's likely that the legislation would apply to the contact tracing framework that Apple and Google announced in April.

Specifically, companies would be required to obtain consumer consent before using data to track the spread of coronavirus and allow users to opt out at any time. It also compels companies to let users know how their data is being used, how long it might be stored, and with whom it might be shared. Additionally, companies would be required to delete or anonymize information after it's no longer needed.

Most of those requirements are already baked into the Apple-Google API. The tech giants' system relies on anonymized data stored in a decentralized manner, and both companies are requiring that app developers offer contact tracing on a strictly opt-in basis. Apple and Google have also pledged to dismantle the system after it's no longer needed.

Since the idea originated at Apple in March, the Cupertino tech giant worked with its in-house cryptographers to ensure that the system would protect consumer privacy and security at every level.

Some of those protections have caused Apple and Google to clash with other governments, like the U.K., that are opting for a system that stores information in a centralized database. France and Germany have also floated a centralized system, though Germany has since changed its stance and backed Apple and Google's methodology.

But some privacy advocates, like Sara Collins, policy counsel at watchdog group Public Knowledge, are raising their own concerns about the bill. Collins said that the legislation gives no new resources, enforcement powers or rule-making authority to the Federal Trade Commission, The Verge reports.

She claims it also preempts much stronger Federal Communications Commission privacy protections on mobile carriers, and also preempts states from "adopting or enforcing any stricter privacy protections in the absence of strong federal protections at the FTC."

She called the legislation "deregulation disguised as consumer protection" and says that it provides "little protection for Americans' privacy during the COVID-19 epidemic."

Apple and Google released beta versions of their exposure notification APIs to developers this week ahead of a wide launch in mid-May.



14 Comments

Beats 4 Years · 3073 comments

Just cancel the damn thing. I know Apple had good intentions but greed is making it over-complicated.

seanismorris 8 Years · 1624 comments

Beats said:
Just cancel the damn thing. I know Apple had good intentions but greed is making it over-complicated.

Nope.  Full speed ahead.

This is basically legislation written by Apple/Google.  If Congress attempted to do it themselves it would be much much worse...  after the umpteenth committee and two epidemics later, they’ll have decided Apple had the best approach.

foregoneconclusion 12 Years · 2857 comments

"Deregulation disguised as consumer protection"...that definitely sounds like the GOP.

jdw 18 Years · 1457 comments

First of all, I applaud AppleInsider for allowing Liberty to reign in the comments section under this article.  Comments are too often locked down under any article deemed "political."  There's always a risk debate will ensure and become heated.  But liberty is always worth taking that risk.

Next, as a registered Republican and libertarian-leaning conservative, I cannot help but laugh at this.  The GOP is the party that all too often cries foul when Apple has protected consumers from government calls for encryption back doors -- actions by Big Brother that actually would weaken protections for the average citizen (actions, I myself am strongly against).  And here they are now touting government oversight of Apple, saying they seek to protect consumers.  Sorry, but any government involvement would likely result in something detrimental to consumer protection and privacy, not strengthen or benefit it.  The problem with most elected representatives is that they tend to only think about creating some new law or regulation when in fact the best thing they could do would be to do less.  

Less intervention.  It does a people good.

StrangeDays 8 Years · 12986 comments

Beats said:
Just cancel the damn thing. I know Apple had good intentions but greed is making it over-complicated.

Wut?