Insights
Publications

Federal “COVID-19 Consumer Data Protection Act” Proposed

May 7, 2020 Blog

A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis.

While numerous companies and governments have developed and deployed apps and programs to track individuals and trace contacts between individuals in furtherance of the laudable goal of helping to better understand and address the pandemic, there have been concerns that such data could be collected without proper authorization and/or used for purposes outside of the scope for which the data is willingly provided.

On April 30, 2020, four Republican senators (Sens. Blackburn of Tennessee, Moran of Kansas, Thune of South Dakota, and Wicker of Mississippi) announced their intention to introduce a privacy bill to address the issue. The legislation would apply only geolocation and personal health information and would regulate how such information is collected and how it may be used during the COVID-19 Public Health Emergency. As such, the legislation would be temporary in nature. Additionally, it would apply to certain companies to the extent such companies are collecting and/or using such geolocation and personal health information. Specifically, (i) entities subject to the jurisdiction of the FTC Act, (ii) common carriers subject to the Communications Act of 1934, and (iii) nonprofits collecting such data would be subject to the requirements of the legislation.

Entities subject to the proposed law would be required to provide disclosure to and get consent from the data subject prior to the collection of her/his data regarding the data to be collected, the intended sharing of such data, and the categories of recipients with whom the data is to be shared, along with an effective opt-out mechanism enabling individuals to revoke consent. Such companies would also have to file a public report once every 30 days disclosing the aggregate number of individuals whose data has been collected and/or transferred, the categories of such data, the purposes of the collection of such categories of data, and the recipients of data shared. The FTC would be expected to provide guidelines on the appropriate use of data.

Cybersecurity is also addressed by the proposed law, requiring subject entities to “establish, implement, and maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity” of the data covered by the law.

Enforcement would be provided for through the FTC Act’s provision of enforcement against unfair and/or deceptive practices. Additionally, the proposed law would provide state attorneys general with the power to bring civil actions for enforcement against entities who adversely affect the interests of the relevant residents of their respective states.

Whether the law will gain sufficient support to move forward remains to be seen, and will turn on the perceived propriety and effectiveness of the law to address the privacy concerns at issue, along with, of course, political considerations. If the previous attempts at federal privacy legislation are a guide, broad support is unlikely, though time will tell if the specific circumstances of the pandemic are a differentiating factor.

More information can be found in the press release announcing the planned introduction of the bill.

Firm Highlights

Publication

Twists in the Plot: California AG Releases Final CCPA Regulations

With a little time to consider the  finalized California Consumer Privacy Act regulations  released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some...

Read More
Publication

PSDcast – Is Energy Companies' Customer Data a Trade Secret?

We often focus on the privacy issues involved in data collection – and they are critically important – while neglecting the idea of data as a tangible and valuable resource (and how to protect...

Read More
Publication

Privacy During Bankruptcy Proceedings: Why It Matters

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to...

Read More
News

Prop. 24 Passes: What Companies Need To Know About the New Privacy Law

Nate Garhart spoke to the San Francisco Business Times on the steps companies can take to prepare for the California Privacy Rights Act (CPRA). He noted that if the CPRA applies to your business, then...

Read More
Publication

Top 10 Practical Business Implications Arising From the Passage of the CPRA

California’s Proposition 24 passed as expected, and the new California Privacy Rights Act will change the privacy landscape created by the California Consumer Protection Act (CCPA), which went into effect only months ago. While...

Read More
Publication

Three Steps Licensees Can Take to Protect Their IP Rights in Bankruptcy

During periods of widespread economic disruption such as the present, operating businesses must be able to identify and respond to threats to the financial health of their contracting counterparts in order to protect key...

Read More
Publication

Undergoing Bankruptcy Proceedings? Here’s How to Make Sure PII Maintains Its Value

Due to the COVID-19 pandemic, some businesses are considering potential liquidation or restructuring through bankruptcy. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings...

Read More
Publication

Electric Fence: Protecting Proprietary Rights in Collected Energy Data

Like companies in other industries, a growing number of modern energy-related companies are focusing their efforts on data collection and analysis. For example, Enphase – an energy technology company – regularly tracks data about how...

Read More
Publication

Proposition 24: California’s Ever-Evolving Privacy Landscape

Next Tuesday is election day, and this year, California voters are deciding whether to support another statewide privacy initiative – the California Privacy Rights Act (CPRA) (Proposition 24).  This measure would expand on the...

Read More
Publication

Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras...

Read More