A bipartisan group of US senators has introduced a coronavirus contact-tracing privacy bill, the Exposure Notification Privacy Act.
If enacted, it would offer wide-ranging protections for app users…
These include a prohibition on mandatory use. Nobody can be forced to use an app, and those who voluntarily choose to do so can later change their mind and have their data deleted.
Contact-tracing apps must have a clear privacy policy explaining what data is collected and how it is processed. As little information as possible must be collected. Information cannot be used for any other purpose beyond coronavirus tracking.
Users must only be informed they have been exposed when a contact has received a positive diagnosis from a test. Some contact-tracing apps notify contacts on the basis of self-reported symptoms or a presumptive diagnosis by a doctor over the phone, and this would not be permitted.
CNET reports that one of the bill’s sponsors, Senator Maria Cantwell (D-WA), told it that public health bodies need to be “in charge.”
An easy way to ensure contact tracing privacy would be to use the joint Apple/Google API, which does all data collection and matching on the phone, and does not collect location data nor any identifiable contact details. So far, however, take-up has been limited. A number of European countries have adopted it, while others are going their own way.
In the US, only a few are so far planning to use the API, a number have rejected it, while most have not yet announced their intentions.
