Insights
Publications

Federal “COVID-19 Consumer Data Protection Act” Proposed

May 7, 2020 Blog

A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis.

While numerous companies and governments have developed and deployed apps and programs to track individuals and trace contacts between individuals in furtherance of the laudable goal of helping to better understand and address the pandemic, there have been concerns that such data could be collected without proper authorization and/or used for purposes outside of the scope for which the data is willingly provided.

On April 30, 2020, four Republican senators (Sens. Blackburn of Tennessee, Moran of Kansas, Thune of South Dakota, and Wicker of Mississippi) announced their intention to introduce a privacy bill to address the issue. The legislation would apply only geolocation and personal health information and would regulate how such information is collected and how it may be used during the COVID-19 Public Health Emergency. As such, the legislation would be temporary in nature. Additionally, it would apply to certain companies to the extent such companies are collecting and/or using such geolocation and personal health information. Specifically, (i) entities subject to the jurisdiction of the FTC Act, (ii) common carriers subject to the Communications Act of 1934, and (iii) nonprofits collecting such data would be subject to the requirements of the legislation.

Entities subject to the proposed law would be required to provide disclosure to and get consent from the data subject prior to the collection of her/his data regarding the data to be collected, the intended sharing of such data, and the categories of recipients with whom the data is to be shared, along with an effective opt-out mechanism enabling individuals to revoke consent. Such companies would also have to file a public report once every 30 days disclosing the aggregate number of individuals whose data has been collected and/or transferred, the categories of such data, the purposes of the collection of such categories of data, and the recipients of data shared. The FTC would be expected to provide guidelines on the appropriate use of data.

Cybersecurity is also addressed by the proposed law, requiring subject entities to “establish, implement, and maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity” of the data covered by the law.

Enforcement would be provided for through the FTC Act’s provision of enforcement against unfair and/or deceptive practices. Additionally, the proposed law would provide state attorneys general with the power to bring civil actions for enforcement against entities who adversely affect the interests of the relevant residents of their respective states.

Whether the law will gain sufficient support to move forward remains to be seen, and will turn on the perceived propriety and effectiveness of the law to address the privacy concerns at issue, along with, of course, political considerations. If the previous attempts at federal privacy legislation are a guide, broad support is unlikely, though time will tell if the specific circumstances of the pandemic are a differentiating factor.

More information can be found in the press release announcing the planned introduction of the bill.

Firm Highlights

Publication

New California Bill Requires Employers to Offer Bereavement Leave

AB 1949 , a bill passed by the California legislature and awaiting Governor Newsom’s signature, would require California employers to offer five days of bereavement leave to employees each time they lose a spouse...

Read More
Publication

Platform Ecosystems – The Landscape of US and EU Legislation (Webinar)

Stephanie Skaff and Nate Garhart discuss "Platform Ecosystems – The Landscape of US and EU Legislation." Several new bills targeting online platform companies are making their way through state and federal legislative bodies in the...

Read More
Publication

The War Exclusion in a Time of War

The “war” exclusion has gotten more attention over the past couple of weeks in light of Russia’s invasion of Ukraine. For good reason. This exclusion, common in property and liability policies alike, typically eliminates...

Read More
Publication

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision , holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was...

Read More
Publication

Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business, it is frequently...

Read More
Publication

Caught in the Crossfire — How Will the War Exclusion Affect Commercial Policyholders?

The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage...

Read More
Publication

California AG Signals Enforcement of the Global Privacy Control Under the CCPA

As companies prepare for the provisions of the California Privacy Rights Act (“CPRA”) to come into effect in January 2023, California Office of Attorney General (“OAG”) has signaled that companies should not wait to...

Read More
Publication

Continuing Use of CGL Policies to Cover Data Breach Losses

Our lives and the products and devices we use become more dependent on data by the day. As a result, cyberattacks and data breaches present everchanging risks to companies and individuals, and the importance...

Read More
Publication

Maximizing Your Insurance Coverage for Data Privacy Liability

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world. Compliance with data privacy regulations such as the...

Read More
News

LinkedIn Loses Data Appeal

Erik Olson was quoted in the article "LinkedIn Loses Data Appeal" in CDR Magazine . In the article, Erik said: We are pleased to see that the Ninth Circuit has again affirmed, in light...

Read More