Wicker, Cantwell Highlight Big Data for COVID-19 at 'Paper Hearing'
Big data could be used to track and curtail COVID-19, Senate Commerce Committee leaders from both parties said Thursday, noting the need to scrutinize pandemic data collection (see 2004080068). Lack of a federal privacy law is undermining efforts, witnesses told the committee during a "paper hearing." Groups highlighted potential data pitfalls that need to be avoided. There was no real-time testimony, but documents were exchanged.
The tech industry and government are leveraging anonymized location data to “pinpoint the source of potential outbreaks,” said Chairman Roger Wicker, R-Miss. It’s important to understand what data is collected, how it’s anonymized, how it’s shared and how consumers are notified, he argued.
Tech might “better model, track, and ultimately stop, the spread” without “compromising the privacy of individual consumers,” said ranking member Maria Cantwell, D-Wash. She cautioned against “hasty decisions” to “sweep up massive, unrelated data sets.” She urged Congress to “guard against vaguely defined and non-transparent government initiatives with our personal data. Because rights and data surrendered temporarily during an emergency can become very difficult to get back.” Legislators and regulators in Europe are making the same point (see 2004020001).
Limit such sharing to the emergency, and don't OK “downstream secondary uses” that surprise consumers, testified University of Washington law professor Ryan Calo. He said no one should expect data use and sharing to lead to higher health insurance premiums.
Data protection tools like strong encryption are vital for sorting through data, combining sources and training models, testified ACT|The App Association Senior Director-Public Policy Graham Dufault. He warned against weakening encryption in favor of government access for combating criminal activity.
The pandemic is upending the privacy debate, forcing policymakers to ask questions about data-sharing and whether the U.S. values privacy over public health, emailed Information Technology and Innovation Foundation Vice President Daniel Castro to us. Ideally, government could help create a model data sharing agreement that gives companies immunity to “assure consumers that they are acting in the public interest,” he said. COVID-19 highlights the need for a federal privacy law, said NetChoice Vice President Carl Szabo.
Absence of a federal privacy law undermines trust in health services and inhibits disease response, said Center for Democracy and Technology Privacy's Data Project Director Michelle Richardson. She noted it remains unclear whether location tracking and proximity-based contact tracing are effective.
Congress should create data guardrails in the next relief package to ensure consumers remain safe after the pandemic, Public Knowledge wrote the committee. Question data practices and remain skeptical of industry’s broad claims about the product effectiveness in tracking the pandemic, said PK Policy Counsel Sara Collins.
A federal privacy law should encourage the use of “aggregate or anonymized data for research purposes,” said Network Advertising Initiative CEO Leigh Freund. NAI’s code of conduct could be best practices for all companies, she said. A federal law would help companies understand what data can be shared legally and ethically to help support emergency health initiatives, said Future of Privacy Forum Senior Counsel Stacey Gray.
Interactive Advertising Bureau companies use maps to monitor movement, to discover patterns and to identify affected areas, said Executive Vice President-Public Policy Dave Grimaldi. Kinsa Smart Thermometers CEO Inder Singh highlighted the ways those products can aid in early detection.
The FTC noted some legalities parents should be aware of if kids use remote educational resources. Schools can consent on behalf of parents when allowing online services to collect children’s data, blogged Consumer & Business Education Division attorney Lisa Weintraub Schifferle. Under the Children’s Online Privacy Protection Act, she said that services can use the data for educational, not commercial, purposes.