If COVID-19 deaths have not prompted a unified approach to infection control in the United States, it might be foolhardy to expect the threat to spur a cohesive approach to socially beneficial biometric privacy.
An analysis of trends in privacy protection during the pandemic by tech business publisher VentureBeat makes this point clear. There are conflicting legislative agendas, a leadership vacuum and piecemeal suggestions for securing data.
In May, a quartet of Republican senators introduced legislation called the COVID-19 Consumer Data Protection Act that would put limits on how businesses, during the pandemic, could use “consumers’ personal health information, proximity data, device data, and geolocation data.”
A central concern in this pro-bill is contact tracing, viewed among health care experts as a critical method of staying ahead of new outbreaks.
But federal digital privacy bills and laws really began flowing last year. One of the better-known bills, at least in the U.S. Senate, is the Democrat-sponsored Consumer Online Privacy Rights Act, known as Copra. It will not see a vote unless Republicans lose control of the Senate in November.
When it comes to privacy, the nation’s single legislative success of significance happened at the state level in 2018 — the California Consumer Privacy Act.
The VentureBeat piece cites six common focuses among the preceding legislative actions: individual privacy rights, individual access to and control of their data, more federal enforcement of rules, data minimization policies for collectors, rules for business use and studies on algorithmic bias.
A related thread is preventing data collectors from holding personal information for as long as they want.
Ryan Calo, an associate professor at the University of Washington School of Law, who is quoted in the story, has warned in Congressional testimony that long-term possession of personal data should be dissuaded. It often leads to data being put to secondary uses, which can dilute responsibility and expand the chance of misuse.
Michelle Richardson, a project director for the Center for Democracy and Technology, is represented in the article as turning the question back on lawmakers. Richardson said, for example, that before the federal government takes possession of personal data collected by private sector sources, it should state all intentions it has for the information.
These all are, if not boilerplate ideas, at least solidly moderate politically and technically practical recommendations, and compromise cannot be found to move privacy protection forward.