The advent of COVID-19 has resulted in an increased reliance by consumers and businesses on technology and digital data, as physical interactions are no longer possible. However, this reliance underscores the need for a more comprehensive federal privacy framework to meet the needs of millions of consumers. A new paper from the Center for Information Policy Initiative entitled “Data Protection in the New Decade: Lessons from COVID-19 for a US Privacy Framework” highlights several key takeaways from this issue to consider when forming a new privacy framework.
1. Data and the technologies that facilitate its collection and use are an essential part of our lives.
The increasing permeation of data into our private lives underscores the need for new privacy laws to protect both individual privacy and effective data usage.
2. A privacy law must not impede the responsible use of artificial intelligence (AI).
AI has been instrumental in the development and use of new technologies in medicine to combat COVID-19 and conduct contact tracing. Hence, laws should allow for the use of AI while also providing guidelines for reasonable use.
3. The right to privacy must be balanced with other fundamental rights.
The ongoing pandemic has illustrated that privacy cannot be an absolute privacy, and, as such, privacy laws should provide both accountability and flexibility.
4. Traditional interpretations of data protection principles have proven insufficient to keep up with modern data uses.
In the face of our modern, data-driven economy, the concept of consent is difficult to uphold and contextualize as our usage of data today is more seamless and personalized. The use of data for the purposes of enforcing quarantine or contact tracing also renders the use of consent invalid. Hence, consent should not be used as the main protection mechanism in new privacy laws.
5. Privacy laws should focus less on the collection of data and more on the use of data after collection.
Current events have shown that there are valid reasons for data collection, such as for vaccine research. Thus, it is more important that privacy protection laws focus more on how the collected data is used, where there are more avenues for violation, than on the collection itself.
6. Privacy laws should embrace an accountability-based model of data protection.
Incorporating accountability frameworks into privacy laws can help to ensure both responsible usage and enforceable protections for consumer privacy.
7. Comprehensive federal privacy legislation is the best approach to ensuring privacy protections in the US.
Given how the transfer and use of data is not limited by physical borders, privacy laws should be approached on a federal level to ensure consistency across state lines and provide uniform protections for US consumers.