Privacy in the Time of COVID-19

When the first cases of a novel coronavirus were reported in China in late 2019, US businesses were not focused on what would become a global pandemic. What they were thinking about was how to comply with tough new state privacy laws that were about to go into effect in 2020.

Flash forward to today and the California Consumer Privacy Act, the New York SHIELD Act and several other state and territorial privacy and security laws are in effect (or soon will be). Some of those laws prohibit the kind of data sharing that health experts say is needed to help respond to the novel coronavirus outbreak in the US.

Katelyn Ringrose is a Policy Fellow at the Future of Privacy Forum who specializes in health data who recently discussed privacy issues on the Better Business Bureau National Programs’ >Better Series podcast. Ringrose focused on balancing the need for public health information against the rights of individuals to privacy.

“There’s been this incredible influx of government researchers at healthcare institutions and others who are seeking to obtain and deploy data from multiple sources,” noted Ringrose. “These data driven efforts can help do a lot of things that are really beneficial for society, like trace the spread of COVID-19. But, an adherence to privacy and securities principles and standards like ‘only collecting data that you need that is proportionate to that need’ is the perfect rule to follow during this sort of unprecedented emergency.”

Two groups of US Senators have introduced federal legislation to protect privacy and security while allowing the sharing of location information and other persona data that may be helpful. Both bills would give consumers unprecedented control over the use of their personal data, but significant differences in approach mean neither proposal is considered likely to make it into law in current form.

Privacy experts agree that the ultimate solution is a national privacy and security law that provides protections to residents of all states. Ringrose and the FPF believe that having a uniform approach to data sharing would make it easier to address the current and future emergencies. “If we had (a national privacy law) here in the United States, it should be crafted with flexibility in mind and should have these sorts of events, if not this particular event, in mind. Some flexibility within the law and some forward thinking would have gone a long way to helping companies in terms of giving them guidance of what they need to comply with.”

Many tech companies are working together to create systems that can share COIVD-19 related data in a way that protects personal privacy. Google and Apple as well as researchers from Stanford and MIT are working in cooperation to perfect contact tracing tech that will alert individual and health officials if a person comes in contact with someone who has tested positive for COVID-19.

Those efforts reflect what Ringrose says are needed to improve both public health and protect privacy. “This is absolutely not a one-time event. This frenetic period of innovation should last until we have something solid that we can rely on for the next time something like this happens.”

You can learn more about the the Furture or Privacy Forum’s work to promote a balanced approach to privacy during the COVID-19 pandemic by listening to <Better Series Podcast.