The work discussed in this blog was presented to the COVID-19 Mobility Data Network on August 14, 2020, as part of regular weekly meetings that aim to share information, analytic tools, and best practices across the network of researchers.
The Brennan Center for Justice is a nonpartisan law and policy institute that conducts rigorous research to identify problems and provide in-depth empirical findings and compelling analyses of pressing legal and policy issues. With a focus on highlighting the regulatory gaps in the systems currently in place in the United States, Laura Hecht-Felella and Harsha Panduranga from the Brennan Center for Justice presented “Government Access to Mobile Phone Data for Contact Tracing – A Statutory Primer”. Within the Brennan Center’s scope of research, media advocacy, and legislative advocacy work, the Liberty and National Security team focuses on promoting government accountability and assuring that government use of new technologies does not violate fundamental rights. Their report examined the statutory protections that exist at the federal level in the United States to safeguard the privacy of the data collected through digital contact tracing tools, specifically cell phone location and proximity data, though their findings bear on the collection and dissemination of such data in the context of public health initiatives more broadly.
They first emphasized the lack of a comprehensive data protection law at the federal level in the United States. The patchwork of laws governing the disclosure of location data to the government by cell phone companies or smartphone app developers and data brokers does not adequately protect civil liberties. While cell phone carriers may be heavily regulated with regards to sharing individually identifiable data, gaps in this regulatory framework may permit workarounds for governments seeking proximity data without consent, and governmental entities may buy similar data from data brokers who may be legally able to purchase these data from the app developers who collect it. Within the United States, their review concluded that existing law falls short in regulating contract tracing proposals that are based on voluntary adoption by users, or aggregate data. As a whole, there are also few limitations on the sharing of aggregate data or the sharing of location information among government agencies (instead, several laws promote it). While the GDPR set the precedent for robust data protection and privacy regulations in the EU, the absence of a federal data privacy law in the United States places the onus on states to develop their own protections and make up for the gaps at the federal level, like the California Consumer Privacy Act that went into effect earlier this year.
As states turn to digital contact tracing tools, the Brennan Center believes that COVID-19 could transform the kind of data that the government is able to routinely access, with severe public health and civil rights implications. In some contexts, they point out that law enforcement has pushed to use cell phone data for policing purposes or to undermine democratic participation by reaching out to researchers to get access to data to monitor protests across the United States. Minority communities that are harder hit by COVID-19, and are also subject to higher rates of policing, will be less likely to participate in contact tracing if the data is shared with law enforcement or immigration enforcement agencies. There is an opportunity now for academics working with mobility data to chime in while app developers continue to work with states to launch these contact tracing apps and advocate for privacy frameworks to minimize civil rights violations and improve participation in digital interventions across populations.
The full report by the Brennan Center for Justice can be found here.