For years, the idea of a federal privacy law in the same vein as GDPR seemed to be a far-fetched dream. Then came the nightmare: coronavirus. As mobile device and other monitoring services are being considered for employers and retail, because of the COVID-19 pandemic, the U.S. Senate announced a bill, which would apply to the collection of American health, geolocation, and proximity information.
The COVID-19 Consumer Data Protection Act (the “Act”) aims to heighten protection for American’s data by imposing requirements on businesses similar to those seen in the GDPR and CCPA. Specifically, the Act is designed to protect information that constitutes “precise geolocation data, proximity data, and personal health information.” Any entity or person who “collects, processes, or transfers covered information” and is also subject to the Federal Trade Commission Act, is a common carrier subject to the Communications Act of 1934, or is a nonprofit organization would be subject to the law.