Press Releases

As tech companies and public health agencies deploy contact tracing apps and digital monitoring tools to fight the spread of COVID-19, Representatives Suzan DelBene (WA-01), Anna Eshoo (CA-18), and Jan Schakowsky (IL-09), along with Senators Richard Blumenthal of Connecticut and Mark Warner of Virginia, today introduced the Public Health Emergency Privacy Act to set strong and enforceable privacy and data security rights for health information.

After decades of data misuse, breaches, and privacy intrusions, Americans are reluctant to trust tech firms to protect their sensitive health information. According to a recent poll, more than half of Americans would not use a contact tracing app and similar tools from Google and Apple over privacy concerns. The bicameral Public Health Emergency Privacy Act would protect Americans who use this kind of technology during the pandemic and safeguard civil liberties. Strengthened public trust will empower health authorities and medical experts to leverage new health data and apps to fight COVID-19.

“We must use every tool available to ensure a robust public health response to the COVID-19 pandemic. We can protect our public health efforts while addressing personal privacy concerns. I support this pandemic-specific privacy legislation because it achieves a mutual goal of many privacy-minded lawmakers in Congress. However, more needs to be done to broadly protect Americans’ sensitive personal information at all times,” said DelBene. “Comprehensive federal privacy legislation that I’ve called for must include state preemption to create a strong, uniform national standard for data privacy. We also must ensure that our small businesses and microbusinesses are not unintentionally hindered. Additionally, the conversations surrounding controller and processor liability should be thoroughly vetted prior to moving any future legislation forward. I am hopeful that this crisis has shed light on the lack of digital privacy standards in our country and look forward to working with these lawmakers and others in the future on this issue.”

The Public Health Emergency Privacy Act would:

• Ensure that data collected for public health is strictly limited for use in public health;
• Explicitly prohibit the use of health data for discriminatory, unrelated, or intrusive purposes, including commercial advertising, e-commerce, or efforts to gate access to employment, finance, insurance, housing, or education opportunities;
• Prevent the potential misuse of health data by government agencies with no role in public health;
• Require meaningful data security and data integrity protections, including data minimization and accuracy, and mandate deletion by tech firms after the public health emergency;
• Protect voting rights by prohibiting conditioning the right to vote based on a medical condition or use of contact tracing apps;
• Require regular reports on the impact of digital collection tools on civil rights;
• Give the public control over their participation in these efforts by mandating meaningful transparency and requiring opt-in consent; and
• Provide for robust private and public enforcement, with rulemaking from an expert agency while recognizing the continuing role of states in legislation and enforcement.

The text of the bill can be found here and a summary of the legislation can be found here.