Congress must take steps to protect our privacy and secure our personal data, including location and health data, in the forthcoming emergency relief packages, 15 groups said in a letter sent to members of Congress today.
“Allowing access to personal data, particularly health data, without guardrails could threaten fundamental rights and liberties and open the door to data exploitation that could violate civil rights and harm vulnerable populations. It is not enough to expect that corporations will keep the promises they make in their unregulated terms of service. There must also be federal protections for new data collection, processing, and sharing, and real consequences for violations,” the letter reads.
Tech companies routinely collect location data, which might be shared with public health, transportation and law enforcement authorities. Personal health data unrelated to the coronavirus might be improperly collected and shared, as well as data linked to commercial transactions. The groups outlined a set of principles for protecting privacy and securing personal data during the pandemic and economic downturn:
- Mass data collection must be deemed necessary for public health and proportionate to the need;
- Any data collected during the crisis should respect fundamental rights established by the U.S. Constitution, including but not limited to the rights to privacy and against government invasion of property guaranteed under the Fourth Amendment;
- Extraordinary public health measures can be introduced during the crisis but should be limited in scope and duration, so they do not become permanent features of law;
- Data collection and processing must be transparent, and individuals should be clearly informed about the purpose of data collection and how long their data will be retained;
- Only data relevant to resolving the crisis should be collected, and it should not be used or repurposed for marketing, advertising or commercial purposes, or any unrelated research purposes without informed consent;
- Health data needs to be kept confidential and secure, and should be deleted automatically following the pandemic; and
- Penalties for failing to comply with these principles should be toughened, so that the financial benefits of mishandling data never exceed the consequences.
Access Now, Amnesty International USA, Campaign for a Commercial Free Childhood, the Center for Digital Democracy, the Center for Human Rights and Privacy, Common Sense Media, Consumer Federation of America, Free Press Action, Media Alliance, New America’s Open Technology Institute, Oakland Privacy, Parent Coalition for Student Privacy, Public Citizen, Public Knowledge and U.S. PIRG signed the letter.
For further information or to schedule an interview, contact Mariya Parodi, at [email protected]
Learn more here about COVID-19 and human rights.