Contact tracing has quickly emerged as the go-to method of tracking the spread of the coronavirus among the general population, but there have been crucial questions around the most effective, ethical, and legal ways of doing so. New legislation introduced this week, the COVID-19 Consumer Data Protection Act (CDPA), seeks to enact legal guardrails around the collection and use of peoples data.

Its a sign of progress that legislation is emerging around this issue, but it also highlights that theres a way to go yet. The CDPA has some issues that privacy experts are concerned about, and the lack of any Democrat co-sponsors indicates a lack of bipartisan support. The Dems actually have their own version of this type of legislation, called the Consumer Online Privacy Rights Act (COPRA), which was introduced in December. Both bills emerged from the same committee the Senate Committee on Commerce, Science, and Transportation and so the lack of bipartisanship is especially notable.

The CDPA was introduced by Senators Roger Wicker (R-MS), John Thune (R-SD), Deb Fischer (R-NE), Jerry Moran (R-S), and Marsha Blackburn (R-TN). COPRA is sponsored by Senators Maria Cantwell (D-WA), along with Brian Schatz (D-HI), Amy Klobuchar (D-MN), and Ed Markey (D-MA).

Despite the partisanship, the CDPA includes much that all sides can agree on. And in an announcement about the bill, the Republican Senators said all the right things. For example, Senator Wickers statement reads, As the coronavirus continues to take a heavy toll on our economy and American life, government officials and health-care professionals have rightly turned to data to help fight this global pandemic. This data has great potential to help us contain the virus and limit future outbreaks, but we need to ensure that individuals personal information is safe from misuse.

Per the announcement, the CDPA includes the following:

In a statement to VentureBeat, Liz OSullivan, cofounder of ArthurAI and technology director of STOP (Surveillance Technology Oversight Project), said that the CDPA is a step in the right direction, but shes concerned that it doesnt go far enough. Theres nothing stopping companies from using this data to profit after the crisis, and it wont protect people in the event that ICE or other law enforcement agencies subpoena identifiable information while the crisis is ongoing, she said.

In a way, the issues here are business as usual for data privacy. All the usual concerns apply: This data is a great source of power in any hands, to be politicized or used for personal gain. If companies are left with a choice to delete or de-identify, its pretty clear which one they will choose, she said, adding that Its telling, in fact, that Palantir, a company typically associated with national security, has already won contracts to handle this data.

She emphasized that the danger with any bill that fails to keep a divide between public and private data is the creation of the illusion of privacy while handing governments, and state-adjacent corporate entities, expanded surveillance capabilities.

Andrew Burt, chief legal officer at Immuta and managing partner at bnh.ai, said in a statement to VentureBeat that the CDPA does serve to reinforce how important data and data analytics are to combatting the pandemic. Theres a reason, for example, that the most thorough plans to get Americans back to work pre-vaccine start with contact tracing and monitoring knowing who might be a carrier of the virus, and where theyve gone and who theyve been in close proximity to, is the first step to getting us to a state of reasonable safety, he said. Data collection and data analytics will form the backbone of those efforts. So I see the CDPA as a very clear acknowledgement of that fact.

But Burt also noted that there is much more that needs to be discussed around data protection laws, such as what a bill like this says about the broader state of data protection laws, the current and future role of the FTC around privacy, what counts as health data in a world of ubiquitous data generation and collection, applying time limits to new surveillance mechanisms for COVID-19, and more.

The fact that legislators are moving forward with data privacy laws is a welcome sign of progress. But Republicans and Democrats will need to do more to come to consensus lest the U.S. ends up with data laws that fail to strike the best balance between protecting people from the coronavirus and protecting people from future abuses.

Here is the original post:

AI Weekly: CDPA bill shows progress on coronavirus-tracking data privacy, but theres still a ways to go - VentureBeat