Senators to introduce COVID-19 contact tracing privacy legislation
A group of Republican senators on Thursday said that they intend to introduce a bill that would regulate how consumer data is used to fight the spread of COVID-19, including by Apple and Google's exposure notification system.
Lawmakers on Thursday announced new legislation aimed at protecting consumer privacy from contact tracing apps. Credit: Martin Falbisoner
The COVID-19 Consumer Data Protection Act would "provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data" during the coronavirus pandemic, Sens. Roger Wicker (MS), John Thune (SD), Jerry Moran (KS) and Marsha Blackburn (TN) said in a joint statement.
Though not specifically named, it's likely that the legislation would apply to the contact tracing framework that Apple and Google announced in April.
Specifically, companies would be required to obtain consumer consent before using data to track the spread of coronavirus and allow users to opt out at any time. It also compels companies to let users know how their data is being used, how long it might be stored, and with whom it might be shared. Additionally, companies would be required to delete or anonymize information after it's no longer needed.
Most of those requirements are already baked into the Apple-Google API. The tech giants' system relies on anonymized data stored in a decentralized manner, and both companies are requiring that app developers offer contact tracing on a strictly opt-in basis. Apple and Google have also pledged to dismantle the system after it's no longer needed.
Since the idea originated at Apple in March, the Cupertino tech giant worked with its in-house cryptographers to ensure that the system would protect consumer privacy and security at every level.
Some of those protections have caused Apple and Google to clash with other governments, like the U.K., that are opting for a system that stores information in a centralized database. France and Germany have also floated a centralized system, though Germany has since changed its stance and backed Apple and Google's methodology.
But some privacy advocates, like Sara Collins, policy counsel at watchdog group Public Knowledge, are raising their own concerns about the bill. Collins said that the legislation gives no new resources, enforcement powers or rule-making authority to the Federal Trade Commission, The Verge reports.
She claims it also preempts much stronger Federal Communications Commission privacy protections on mobile carriers, and also preempts states from "adopting or enforcing any stricter privacy protections in the absence of strong federal protections at the FTC."
She called the legislation "deregulation disguised as consumer protection" and says that it provides "little protection for Americans' privacy during the COVID-19 epidemic."
Apple and Google released beta versions of their exposure notification APIs to developers this week ahead of a wide launch in mid-May.
Lawmakers on Thursday announced new legislation aimed at protecting consumer privacy from contact tracing apps. Credit: Martin Falbisoner
The COVID-19 Consumer Data Protection Act would "provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data" during the coronavirus pandemic, Sens. Roger Wicker (MS), John Thune (SD), Jerry Moran (KS) and Marsha Blackburn (TN) said in a joint statement.
Though not specifically named, it's likely that the legislation would apply to the contact tracing framework that Apple and Google announced in April.
Specifically, companies would be required to obtain consumer consent before using data to track the spread of coronavirus and allow users to opt out at any time. It also compels companies to let users know how their data is being used, how long it might be stored, and with whom it might be shared. Additionally, companies would be required to delete or anonymize information after it's no longer needed.
Most of those requirements are already baked into the Apple-Google API. The tech giants' system relies on anonymized data stored in a decentralized manner, and both companies are requiring that app developers offer contact tracing on a strictly opt-in basis. Apple and Google have also pledged to dismantle the system after it's no longer needed.
Since the idea originated at Apple in March, the Cupertino tech giant worked with its in-house cryptographers to ensure that the system would protect consumer privacy and security at every level.
Some of those protections have caused Apple and Google to clash with other governments, like the U.K., that are opting for a system that stores information in a centralized database. France and Germany have also floated a centralized system, though Germany has since changed its stance and backed Apple and Google's methodology.
But some privacy advocates, like Sara Collins, policy counsel at watchdog group Public Knowledge, are raising their own concerns about the bill. Collins said that the legislation gives no new resources, enforcement powers or rule-making authority to the Federal Trade Commission, The Verge reports.
She claims it also preempts much stronger Federal Communications Commission privacy protections on mobile carriers, and also preempts states from "adopting or enforcing any stricter privacy protections in the absence of strong federal protections at the FTC."
She called the legislation "deregulation disguised as consumer protection" and says that it provides "little protection for Americans' privacy during the COVID-19 epidemic."
Apple and Google released beta versions of their exposure notification APIs to developers this week ahead of a wide launch in mid-May.
Comments
This is basically legislation written by Apple/Google. If Congress attempted to do it themselves it would be much much worse... after the umpteenth committee and two epidemics later, they’ll have decided Apple had the best approach.
Next, as a registered Republican and libertarian-leaning conservative, I cannot help but laugh at this. The GOP is the party that all too often cries foul when Apple has protected consumers from government calls for encryption back doors -- actions by Big Brother that actually would weaken protections for the average citizen (actions, I myself am strongly against). And here they are now touting government oversight of Apple, saying they seek to protect consumers. Sorry, but any government involvement would likely result in something detrimental to consumer protection and privacy, not strengthen or benefit it. The problem with most elected representatives is that they tend to only think about creating some new law or regulation when in fact the best thing they could do would be to do less.
Less intervention. It does a people good.
Apple DID have the best approach but these wolves are suddenly acting weird because so much data is involved. Bet your ass all government authorities are in the background as we speak, looking for a way to get in.
The idea is GREAT, but it's becoming over-politicized and overly-complicated since data is involved. A different approach would be to tell everyone to "fu** off" and release the technology Apples way on Apples terms. No politics or non-techies involved. If Google wants to harvest everyone's data so be it, the genies out the bottle but as far as Apple goes, let them do it their way and leave them alone.
When I said greed I was talking about data.
I like to speak vaguely to see if people are on my frequency. Sometimes I get carried away, sorry.
Apple could not do this on their own, no more than Google could. "Going their own way" would be a waste of time and a completely useless exercise. Trite replies like yours are fun and all I'm sure, but think it through before posting. You do Apple no favors, nor your fellow Apple users, by sowing distrust of the effort. Try to be smarter and not such a wannabe.
This is not the only thing Apple and Google have joined efforts with. Smart home device interoperability, IoT network security, device communication standards, cloud data sharing and more is already being worked on together and solved together and there will be more to come. Get used to it.
I’d rather have them all open, but folks can’t behave, so here we are.
<s> Well, there’s a surprise... </s>