Tracking Our Movements to Deal with COVID-19, Keeping Us Safe or Losing Our Privacy?

One of the many ways our lives are being changed by COVID-19 is how technology companies are being called on to track our movements to determine where the virus is heading and who we might have come into contact with if we have tested positive. Our mobile phones are providing the information to our service providers who in turn supply the information to the federal, local and state governments. It’s done without our knowledge. This has raised a number of issues including possible violation of our privacy.

Technology companies like Google, Facebook and Amazon can monitor the location of individuals through their surveillance apps that provide locations and maps. This information is then made available to the Centers for Disease Control, the National Institute of Health as well as state agencies and perhaps 500 city governments creating a portal for geolocation data. Since the data involved is our medical information, there are many legitimate questions being raised by privacy experts as well as everyday Americans.

The federal government apparently can legally request location data from telecom carriers or Google but the information could not be released without user consent or a court order. However in an emergency — like fighting the coronavirus pandemic — the government could and is capturing the information without consumer approval or court order.

Many privacy advocates are worried that the current crisis could create a lasting acceptance of governments obtaining and manipulating our most private information without our knowledge or consent. They call for federal legislation to address the issue.

The current Health Insurance Portability and Accountability Act, or HIPAA, permits hospitals confidentially send data to “business partners” including health insurance, medical devices and other health related services. The law requires hospitals to notify patients about use of their data but they don’t need to secure the patient’s permission before doing so. Such personal identification data as one’s name, social security numbers can’t be shared unless the records are needed for treatment, payment or hospital administration.

These restrictions have not stopped hospitals from contracting with outside vendors who are able to develop apps and algorithms that utilize the information in bulk without identifying an individual’s specific information.

Users of the Internet and its applications understand that before using a particular app or commercial website, they must give their informed consent. It would not come as a shock to most people that only an extremely small percentage of users ever read, much less understand, the legalese they agree to.

Congress should pass additional privacy legislation that would provide Americans with more transparency to this process for both consumers and the data companies that utilize the information for not only bolstering our fight against COVID-19 but for commercial purposes as well. The legislation should also contain limitations on sharing the information and the criteria when it is appropriate for governments to seek the information from private firms.