As authorities and companies explore surveillance tools to fight the coronavirus and reopen the U.S. economy, many federal lawmakers agree that privacy protections are key. But proposals for safeguards unveiled in recent weeks have crashed into two familiar roadblocks in the U.S. Senate.
Many Republicans want federal law to override state-level rules for privacy, while Democrats have argued stronger state statutes should hold sway and want individuals to be able to sue companies for privacy violations.
Momentum for a general federal privacy standard picked up late last year when Republicans and Democrats discussed respective proposals in the Senate Commerce Committee. The plans overlapped in many ways and would allow consumers to opt in to share sensitive information and require businesses to minimize how they use such data.
But unresolved differences reappeared last month in dueling bills tailored for data collection around the coronavirus pandemic, leaving some policy analysts doubtful the bills will move forward. “They kind of left me with a sense of déjà vu,” said Müge Fazlioglu, senior Westin research fellow at the International Association of Privacy Professionals.
The continuing disagreements also give more room to foreign governments to set standards for the global tech industry, said Sen. Mark Warner, a Democrat from Virginia, who co-sponsored a coronavirus privacy bill in May. “Reasserting American leadership in this area would be extremely important,” Mr. Warner said.
With progress on pandemic privacy bills unclear before Congress’s August recess and the November election, advocates and industry groups say U.S. consumers will face a ramp-up of data collection by businesses and authorities without a road map from Washington.
Meantime, businesses have moved further online during the pandemic and many companies are, without clear legal guidance, pondering how to collect data on the health and location of their employees to reopen offices. This poses another challenge for companies struggling to comply with existing privacy laws, said Curtis Simpson, chief information security officer for the cybersecurity firm Armis Inc.
“It’s costing [companies] a lot of money to try to figure out how to be compliant,” Mr. Simpson said. “I would argue, depending on how complex this continues to be in some geographies, they may never achieve compliance.”
State and local officials have also begun considering mobile phone apps to help track the spread of the virus, many of them supported by infrastructure created by Apple Inc. andAlphabet Inc.’s Google. The lack of legal standards has allowed the tech giants to self-regulate the effort, so far with mixed results.
It’s unclear whether lawmakers will find ways to compromise to provide companies the guidance they seek.
Privacy Isn’t Dead. Far From It.
Welcome! The fact that you’re reading this means that you probably care deeply about…