In early April 2020, the New York Times published an article showing the tracked movement of Americans in the midst of the COVID-19 pandemic by analyzing cellphone location data across the entire country. Similarly, Tectonix, a data analytics firm who used locations of anonymized mobile devices, tweeted an analysis of the movement and spread of 5.6 thousand individuals identified on a Ft. Lauderdale beach on a specific day. While this near-real time analysis highlights the usefulness and practicality of Big Data in the fight against the pandemic, it also raises consumer privacy concerns in a largely unregulated sector.
As previously discussed, the U.S. relies on a patchwork of regulations to govern the collection and use of Big Data and to protect consumer privacy; this patchwork creates large gaps in regulation for Big Data usage. On April 9, 2020, the U.S. Senate Committee on Commerce, Science, & Transportation held a paper hearing entitled, “Enlisting Big Data in the Fight Against Coronavirus,” in order to address these concerns. The primary goal of the Committee’s hearing was to find the best way to maximize potential benefits of Big Data while minimizing the privacy risks to consumers.
Leading privacy experts submitted written testimony to the Committee recognizing the crucial impact of Big Data in the fight against the current pandemic, and the need for legislation that can protect consumer privacy while not diminishing its effectiveness. From identifying where social distancing is failing and understanding future transmission hotspots, to identifying environmental and geographic factors affecting the rate of disease transmission, Big Data provides actionable insight that other sectors are unable to provide. Still, enabling such unregulated use of Big Data during this outbreak may be risky; history has shown that practices enacted during emergencies are hard to undo.
The Future of Privacy Forum, a leader in privacy standards and principled data practices in support of emerging technologies, recommends four components to a “comprehensive federal privacy legislation that [is] flexible enough to support data-driven public health initiatives under the right safeguards and within limits consistent with privacy and civil liberties.” These components are: legal protections for sensitive data that includes not just health information but also geo-location data; mandatory privacy risk assessments for corporations involved in high-risk data processing; mandatory independent ethical review boards overseeing research that utilizes sensitive data—especially in sectors that are currently unregulated in their Big Data usage; and strict purpose limitation policies, which would require scientific research utilizing personal data to be “compatible” with the initial purpose for which the personal data was processed—pursuant to the European model.
Additionally, a consistent theme across proposals for increased regulation is the necessity for transparency. The mounting number of non-HIPAA-covered entities that are regularly collecting, using, and sharing sensitive consumer information, makes it increasingly more difficult for individuals to know who has access to their information and how that information is being used. However, increased transparency, in coordination with other privacy regulations, may encourage individuals to participate in data-related studies and ease concerns about how private information may be used.
The COVID-19 pandemic continues to test countless aspects of our societal norms, economy, and legal system. Big Data pulls together many of these issues by calling into question how much, and under what circumstances, individual privacy should be exchanged for public health and safety. The Senate’s paper hearing on April 9 confirmed the importance of Big Data in responding to the current pandemic and also signaled potential legislative action to protect consumer privacy in the modern digital world. While Big Data is playing a critical role in fighting the pandemic, this crisis has nonetheless exposed legislative gaps in protecting consumer privacy.