House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) have introduced the American Privacy Rights Act. 

According to the legislator’s press release, this proposal seeks to establish national data privacy rights and protections for Americans, eliminates the existing patchwork of state comprehensive data privacy laws, and establishes robust enforcement mechanisms to hold violators accountable, including a private right of action for individuals.

Furthermore, the release describes other provisions of the proposed legislation: 

• Establishes Foundational Uniform National Data Privacy Rights for Americans

• Gives Americans the Ability to Enforce Their Data Privacy Rights

• Protects Americans’ Civil Rights

• Holds Companies Accountable and Establishes Strong Data Security Obligations

• Focuses on the Business of Data, Not Mainstreet Business

The draft can be seen here.

Lanton Law's experience in privacy and data protection enables these companies to navigate the complex legal and regulatory landscape effectively. By partnering with us, tech and healthcare organizations can develop robust strategies, ensuring compliance, safeguarding personal data, and maintaining trust among your consumers.

Contact us to learn more. 

Privacy has emerged as a critical issue in the digital age, prompting increased scrutiny and regulation. In New York, a hub for technology and healthcare industries, privacy trends have been shaping the legal and regulatory landscape. This blog post will explore the evolving privacy trends in New York and delve into how Lanton Law can help tech and healthcare companies navigate complex privacy laws and develop effective legal and regulatory strategies.

New York has been proactive in addressing privacy concerns, recognizing the importance of protecting personal information in an increasingly interconnected world. Several key privacy laws and regulations have been enacted, creating a robust privacy framework for businesses operating in the state.

The New York Privacy Act, if passed, would establish comprehensive privacy rights for consumers, similar to the European Union's General Data Protection Regulation (GDPR). It would empower individuals with control over their personal data and impose stringent obligations on businesses regarding data protection and transparency.

Additionally, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act has enhanced data breach notification requirements and expanded the definition of personal information. It mandates businesses to implement reasonable security measures and imposes penalties for non-compliance.

Lanton Law has an emerging privacy and data protection section. Here's how our firm can help: 

a. Compliance Assessment: We can conduct comprehensive privacy assessments to identify areas of non-compliance and help businesses align their practices with applicable state and federal privacy regulations. We can review your policies, procedures, and data handling practices to ensure adherence to legal requirements.

b. Privacy Policy Development: We can assist in drafting and updating privacy policies that meet the specific needs of your industry. These policies often outline data collection practices, disclosure mechanisms, and individual rights, providing transparency and legal compliance.

c. Consent Mechanisms: With the increasing emphasis on consent, Lanton Law can help companies develop effective mechanisms for obtaining and managing consent. This includes ensuring clear and informed consent practices, implementing opt-in and opt-out mechanisms, and maintaining records of consent.

d. Privacy Impact Assessments: Lanton Law can conduct Privacy Impact Assessments (PIAs) to identify privacy risks associated with the implementation of new technologies, data-sharing practices, or changes in business operations. PIAs help companies proactively address privacy concerns and mitigate risks.

e. Dispute Resolution: In case of privacy-related disputes, Lanton Law can provide strategic guidance. 

Conclusion:

As privacy concerns continue to grow in the digital age, New York has been at the forefront of enacting comprehensive privacy legislation. Tech and healthcare companies in the state must adapt to these evolving trends to protect consumer data and maintain compliance with privacy regulations. 

Lanton Law's experience in privacy and data protection enables these companies to navigate the complex legal and regulatory landscape effectively. By partnering with us, tech and healthcare organizations can develop robust strategies, ensuring compliance, safeguarding personal data, and maintaining trust among your consumers.

Contact us to learn more. 

In late June 2022 H.R. 8152 was introduced which seeks to provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement. 

What are some of the important aspects of the bill?

According to the Congressional Research Service the bill proposes the following:

Covered Entities. It would apply to most entities, including nonprofits and common carriers. Some entities, such as those defined as large data holders that meet certain thresholds or service providers that use data on behalf of other covered entities, would face different or additional requirements.

Covered Data. It would apply to information that “identifies or is linked or reasonably linkable” to an individual.

Duties of Loyalty. It would impose several duties on covered entities, including requirements to abide by data minimization principles and special protections for certain types of data, such as geolocation information, biometric information, and nonconsensual intimate images.

Transparency. It would require covered entities to disclose, among other things, the type of data they collect, what they use it for, how long they retain it, and whether they make the data accessible to the People’s Republic of China, Russia, Iran, or North Korea.

Consumer Control and Consent. It would give consumers various rights over covered data, including the right to access, correct, and delete their data held by a particular covered entity. It would require covered entities to get a consumer’s affirmative, express consent before using their “sensitive covered data” (defined by a list of sixteen different categories of data). It would further require covered entities to give consumers an opportunity to object before the entity transfers their data to a third party or targets advertising toward them.

Youth Protections. It would create additional data protections for individuals under the age of 17, including a prohibition on targeted advertising, and it would establish a Youth Privacy and Marketing Division at the Federal Trade Commission (FTC).

Third-Party Collecting Entities. It would create specific obligations for third-party collecting entities, which are entities whose main source of revenue comes from processing or transferring data that it does not directly collect from consumers (e.g., data brokers). These entities would have to comply with FTC auditing regulations and, if they collect data above the threshold amount of individuals or devices, would have to register with the FTC.

Civil Rights and Algorithms. It would prohibit most covered entities from using covered data in a way that discriminates on the basis of protected characteristics (such as race, gender, or sexual orientation). It would also require large data holders to conduct algorithm impact assessments. These assessments would need to describe the entity’s steps to mitigate potential harms resulting from its algorithms, among other requirements. Large data holders would be required to submit these assessments to the FTC and make them available to Congress on request.

Data Security: It would require covered entities to adopt data security practices and procedures that are reasonable in light of their size and activities. It would authorize the FTC to issue regulations elaborating on these data security requirements.

Small- and Medium-size Businesses: It would also relieve small- and medium-size businesses from complying with several requirements; for instance, these businesses may respond to a consumer’s request to correct their data by deleting the data, rather than correcting it.

Enforcement. It would be enforceable by the FTC, under that agency’s existing enforcement authorities, and by state attorneys general in civil actions.

Private right of action. It would create a delayed private right of action starting four years after the law’s enactment. Injured individuals would be able to sue covered entities in federal court for damages, injunctions, litigation costs, and attorneys’ fees. Individuals would have to notify the FTC or their state attorney general before bringing suit. Before bringing a suit for injunctive relief or a suit against a small- or medium-size business, individuals would be required to give the violator an opportunity to address the violation.

Preemption. It would generally preempt any state laws that are “covered by the provisions” of the ADPPA or its regulations, although it would expressly preserve sixteen different categories of state laws, including consumer protection laws of general applicability and data breach notification laws. It would also preserve several specific state laws, such as Illinois’ Biometric Information Privacy Act and Genetic Information Privacy Act and California’s private right of action for victims of data breaches.

Section by section specifics can be found here. 

We are going to see more privacy proposals on the state and federal level. 

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The California Privacy Protection Agency, the regulator established by the California Privacy Rights Act in November 2020 has posted draft regulations for its upcoming June 8 Board meeting. The draft CPRA regulations can be viewed here. 

The draft regulations do need work to clarify several issues. The draft does address privacy notice requirements, as well as how companies must notify its contractors and vendors to delete personal information as well as how to respond to opt out preference signals. The rules are forecasted to take effect on January 1, 2023. 

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

According to the U.S. House Committee on Energy and Commerce:

“U.S. Representatives Frank Pallone, Jr., D-N.J. and Cathy McMorris Rodgers, R-Wash., Chairman and Ranking Member of the House Committee on Energy and Commerce, and U.S. Senator Roger Wicker, R-Miss., Ranking Member of the Senate Committee on Commerce, Science, and Transportation, today released a discussion draft of a comprehensive national data privacy and data security framework. The draft legislation is the first comprehensive privacy proposal to gain bipartisan, bicameral support.”  

What does the American Data Privacy and Protection Act do?

• Establish a strong national framework to protect consumer data privacy and security;

• Grant broad protections for Americans against the discriminatory use of their data;

• Require covered entities to minimize on the front end, individuals’ data they need to collect, process, and transfer so that the use of consumer data is limited to what is reasonably necessary, proportionate, and limited for specific products and services;

• Require covered entities to comply with loyalty duties with respect to specific practices while ensuring consumers don’t have to pay for privacy;

• Require covered entities to allow consumers to turn off targeted advertisements;

• Provide enhanced data protections for children and minors, including what they might agree to with or without parental approval; 

• Establish regulatory parity across the internet ecosystem; and

• Promote innovation and preserve the opportunity for start-ups and small businesses to grow and compete.

The discussion draft can be found here.

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

Snapchat’s parent company is defending against a class-action lawsuit in the U.S. District Court for the Northern District of Illinois brought by two platform users identified as Adrian Coss and Maribel Ocampo. 

The lawsuit alleges that the platform violates the Illinois Biometrics Information Privacy Act by failing to provide users with the required disclosures under the act while collecting, storing and sharing users’ unique facial features and voices. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice, which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into their business models. 

Lanton Law is a national healthcare and life science boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments for our clients. Our healthcare practice can help stakeholders understand what’s at issue so that we can help our valued clients reach their goals. Contact us to learn about how either our legal or lobbying services can help you attain your priorities.   

Lanton Law’s publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without prior written consent of us. To request reprint permission for any of our publications, please use our “Let’s Chat” form, which can be found on our website at www.lantonlaw.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

Senator Creem and Senator Lesser have introduced S.46 titled “An Act Establishing the Massachusetts Information Privacy Act.” The bill can be found here. The Act applies to Massachusetts businesses that earn $10,000 or more annual revenue through 300 or more transactions or that process or maintain the personal information of 10,000 or more unique individuals during the course of a calendar year. The bill has protections on the collection of biometric or location information and seeks to prevent companies from discriminating based on consumer personal information. The MA Information Privacy Commission would also be created by this proposal to oversee this bill’s regulatory scheme. 

This bill mirrors the efforts unleashed by the landmark General Data Protection Regulation (GDPR) in Europe which has been followed by efforts in California. Massachusetts did have a predecessor to S.46 in 2019 which stalled in the legislature.

The bill is currently in the Advanced Information Technology, the Internet and Cybersecurity Committee.  If you are a technology, healthcare or commerce stakeholder then this is something to keep a watch on.  

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

Senators Ron Wyden (D-OR) and Rand Paul (R-KY) have introduced the Protecting Data at the Border Act .

According to the press release “The bipartisan bill prevents law enforcement agencies from continuing to take advantage of the so-called border search “exception” in order to conduct warrantless searches of Americans’ phones and laptops.” 

“The Protecting Data at the Border Act would provide statutory clarity by recognizing that the principles from Riley v. California extend to searches of digital devices at the border. In addition, this bill requires that U.S. persons know their rights before they consent to giving up online account information (like social media account names or passwords) or before they consent to give law enforcement access to their devices.”

The bill summary can be found here.  

Lanton Law is a national boutique regulatory law and lobbying firm that focuses on technology and healthcare/life science. Our privacy practice monitors relevant policy and regulatory decision makers and we counsel clients on emerging trends within this rapidly developing field. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The Federal Trade Commission (FTC) last month issued the FTC Report to Congress on Privacy and Security. 

What’s in the Report? 

According to the agency “This report responds to the Joint Explanatory Statement accompanying the Consolidated Appropriations Act, 2021, P.L. 116-260, directing the Federal Trade Commission (“Commission” or “FTC”) to “conduct a comprehensive internal assessment measuring the agency’s current efforts related to data privacy and security while separately identifying all resource-based needs of the FTC to improve in these areas. The agreement also urges the FTC to provide a report describing the assessment’s findings to the Committees [on Appropriations of the House and Senate] within 180 days of enactment of this Act.”

Additionally, “The report first provides an overview of the FTC’s authority related to privacy and security, highlighting certain recent efforts in those areas. Second, it discusses priorities for improving the effectiveness of our efforts to protect Americans’ privacy. Third, it identifies areas in which we could use additional resources to further ensure Americans’ privacy is protected. Finally, it discusses the need for Congressional action on the FTC’s authority.”

Lanton Law is a national boutique regulatory law and lobbying firm that focuses on healthcare/life science and technology. We continue to monitor the policy and legal developments around the FTC.

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

President Biden has issued an Executive Order (EO) titled Executive Order on Promoting Competition in the American Economy. The EO advocates for promoting “competition in the American economy, which will lower prices for families, increase wages for workers, and promote innovation and even faster economic growth.” In doing so multiple sectors of the economy including labor, healthcare, transportation, agriculture, communications, technology, banking and finance have been targeted.    

As our economy emerges from the pandemic, we foresee that state and federal policymakers will be taking a look to see what laws need to be strengthened or reworked for our reimagined economy. 

Lanton Law is a national boutique law and lobbying firm that focuses on highly regulated industries such as healthcare, technology, and finance. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

U.S. Senator Gillibrand (D-NY) issued a press release announcing the Data Protection Act of 2021, which would create the DPA, an independent federal agency whose goal is to protect Americans’ data, instill privacy safeguards and work to ensure that there is transparency in data sharing practices. 

There have been some changes to this proposed legislation since last year’s version of the bill. These changes include:

• Supervision of Data Aggregators: Grants the DPA authority to review Big Tech mergers involving a large data aggregator, or any merger that proposes the transfer of personal data of 50,000 or more individuals.

• Office of Civil Rights: Establishes the DPA Office of Civil Rights to advance data justice and protect individuals from discrimination. 

• Enforcement Powers: Improves DPA enforcement powers to oversee the use of high-risk data practices and to penalize, examine, and propose remedies to the social, ethical, and economic impacts of data collection.

• Penalties and Fines: Prohibits data aggregators from committing any unlawful, unfair, deceptive, abusive, or discriminatory data practices; and allows for penalties and fines to be levied if violated, including triple penalties for violations against children.

• Defines Key Terms for Transparency: Provides Key Definitions for Privacy Harm, Data Aggregators, and High-Risk Data Practice, among other key terms.

According to the release “The DPA would be an executive agency. The director would be appointed by the president and confirmed by the Senate, serves a 5-year term, and must have knowledge of technology, protection of personal data, civil rights, and law. The agency may investigate, subpoena for testimony or documents, and issue civil investigative demands. It may prescribe rules and issue orders and guidance as is necessary to carry out federal privacy laws. The authority of state agencies and state attorneys general are preserved in the Act. The DPA would have three core missions:

1. Give Americans control and protection over their own data by authorizing the DPA to create and enforce data protection rules. 

2. Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace. 

3. Prepare the American government for the digital age.”

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are a banking/finance, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The  Social Media Privacy Protection and Consumer Rights Act of 2021 has been reintroduced and is being led by Senators Kennedy (R-LA), Klobuchar (D-MN), Manchin (D-WV and Burr (R-NC). The proposal seeks to improve the transparency of online platforms, strengthen consumers’ options when a data breach occurs and ensure companies comply with privacy policies that protect consumers.

According to the bill’s press release the proposal seeks the following: 

• Give consumers the right to opt out and keep their information private by disabling data tracking and collection,

• Provide users greater access to and control over their data,

• Require terms of service agreements to be in plain language,

• Ensure users have the ability to see what information about them has already been collected and shared,

• Mandate that users be notified of a breach of their information within 72 hours,

• Offer remedies for users when a breach occurs, and

• Require that online platforms have a privacy program in place.

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

In the wake of the Colonial Pipeline attack, President Biden has signed the Executive Order on Improving the Nation's Cybersecurity. The EO has a number of provisions including: 

• Establishes a “Cybersecurity Safety Review Board” comprising public- and private-sector officials, which can convene after cyber attacks to analyze the situation and make recommendations.

• Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.

• Plans for enhancing software supply chain security 

This comes amid an increase in cyber attacks on private healthcare and technology companies as well as the federal government. 

Ransomware attacks are becoming a bigger threat and being prepared from a compliance and risk management standpoint is becoming more crucial. Having appropriate cyber policies in place is one step.  We have other solutions. 

Lanton Law is a national boutique law and lobbying firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

Lanton Law’s privacy practice has been closely monitoring the various state conversations around data privacy. We previously wrote a blog post titled California’s Consumer Privacy Act Could Be Coming to a State Near You, where we traced how California took the first step to create a consumer privacy law in the wake of Europe’s General Data Protection Regulation.    

So what’s going on with Virginia? Earlier this month the Virginia Senate passed 

 Senate Bill 1392, titled the Consumer Data Protection Act. The Virginia House of Delegates approved a companion (identical) House Bill H.B. 2307 by an 89-9 vote. Each bill likely will be heard in committee next week by the opposite chamber, which provides additional opportunities to make amendments. The state General Assembly will adjourn on March 1, it is expected that Governor Northam will sign the legislation. 

What does the bill do? The proposed legislation seeks the following:

“Establishes a framework for controlling and processing personal data in the Commonwealth. The bill applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The bill outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The bill grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt out of the processing of personal data for the purposes of targeted advertising. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The bill has a delayed effective date of January 1, 2023.”

As with major policy issues that have yet to have a federal solution, states like California, Virginia and others are creating piecemeal policies, which will create compliance issues for entities that operate in several jurisdictions. New York, Oklahoma, Washington State, Minnesota, and North Dakota are jurisdictions that we continue to monitor with brewing policies on point.  

As we become more reliant on technology which crosses several sectors now, businesses are finding that they have to increase their awareness of state and federal policy in order to remain compliant. We at Lanton Law can help. Our legal and lobbying tools can help offer your organization a clear path forward to navigate what will be changing policies for healthcare, technology and clean energy stakeholders. We are a D.C. based firm with no state boundaries as we are active nationwide. Contact us today to discuss your options. 

Last month as part of the State of the State 2021, Governor Cuomo announced a comprehensive law around personal data and privacy protections for New York state residents.

So what does this proposal outline?

According to the Governor’s proposal “This law will mandate that companies that collect information on large numbers of New Yorkers disclose the purposes of any data collection and collect only data needed for those purposes. Governor Cuomo will also establish a Consumer Data Privacy Bill of Rights guaranteeing every New Yorker the right to access, control, and erase the data collected from them; the right to nondiscrimination from providers for exercising these rights; and the right to equal access to services.”  

“The proposal also expressly protects sensitive categories of information including health, biometric and location data and creates strong enforcement mechanisms to hold covered entities accountable for the illegal use of consumer data. New York State will work with other states to ensure competition and innovation in the digital marketplace by promoting coordination and consistency among their regulatory policies. 

New York’s proposal seems to be following a trend set by California’s Privacy Rights and Enforcement Act. We believe that we are witnessing a slow moving transition towards similar oversight in other states. 

The increasing demands around data security and data privacy has presented new challenges to business operations and compliance efforts. Not to mention there are new rising risks around consumer data privacy expectations. 

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. We are the dedicated business partner that you need behind you to help you confront the changing regulatory landscape around data. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today!

New York has introduced Assembly Bill 27. According to the proposed bill, AB 27 seeks “to establish the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.”  

Currently, the Illinois Biometric Information Privacy Act, commonly known as BIPA, is the only state with a biometric privacy statute that provides for a similar private right of action. We have been writing in previous posts about how state policies have been taking shape regarding this subject. 

We expect this and other technology questions to be debated in various state houses throughout 2021. It is imperative for interested stakeholders to be prepared for what new potential legislation requires. Contact Lanton Law to discuss your lobbying and legal strategies.   

On July 29th four of the biggest tech companies CEOs testified in front of Congress. Jeff Bezos of Amazon, Tim Cook of Apple, Mark Zuckerberg of Facebook, and Sundar Pichai of Google all took questions from the U.S House Judiciary Subcommittee on Antitrust, Commercial, and Administrative Law. The hearing which can be viewed here was titled “Online Platforms and Market power, Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google.”  

Sadly, there was a lot of political posturing on both sides of the political aisle and not a lot of policy. The main takeaway is that there is still no clear bipartisan antitrust agenda. 

Democrats presented evidence regarding antitrust concerns. It seemed they had pointed questions regarding certain deals such as Amazon's purchase of Ring to control that sector of the market and Facebook's alleged threats against Instagram before its purchase of the company.  

Republicans focused on perceived anti-conservative bias in tech instead of addressing company size and market power. Their questions focused on whether the tech companies will participate in "electioneering" for Joe Biden and grilled Facebook about Twitter's shutdown of Trump Jr.'s account. 

This has been a year-long investigation by this Subcommittee with this testimony capping the investigation. Subcommittee members are still in the process of sending follow-up questions to the CEOs and finalizing their conclusions over the next few weeks. Once they are done the Subcommittee will file a report of its findings. 

This process has been highly politicized, and many tech stakeholders are wondering whether any significant policymaking will get done by the end of the year. While there is reason to be skeptical, there is a highly charged election about to take place, meaning it wouldn’t surprise us if a small step towards technology regulation was accomplished. The bigger question is what happens to tech policy at the start of 2021? 

We continue to see an increase in federal and state policymaking when it comes to technology companies. The threat of looming technology legislation will undoubtedly lead to increased regulation. It’s better to be prepared now by knowing the landscape and preparing your strategic options in order to navigate the increased scrutiny. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

U.S. Congressman Cicilline (D-RI) has announced  his intent to introduce legislation “that tightly restricts the use of personal, online consumer data that is often used to ‘microtarget’ voters with misleading ads.” According to his release, the legislation will be titled the “Protecting Democracy from Disinformation Act” and has the following elements: 

• Restricts Microtargeting: Only allows advertisers and online platforms to use age, gender, and location when targeting political ads. 

• Improves Transparency: Requires disclosure and reporting on who paid for an ad, how much it cost, whom an ad is aimed at, and who saw the ad.

• Holds Online Platforms Accountable: Provides enforcement through the Federal Election Commission’s existing authority, a private right of action, and criminal penalties for online platforms and ad intermediaries that knowingly and willfully violate the Act.

Expect issues such as microtargeting and others to come to the forefront as we enter in the election season of 2020. 

Lanton Strategies; a segment of Lanton Law works to help advance our clients interests before both legislative and regulatory bodies on the state and federal levels. We use sources from the Hill, state houses, agencies, markets and trade associations, to inform our clients and achieve proactive results. Let us know how either our government affairs services or legal services can help you achieve your priorities. 

Apple and Google have announced their partnership to enable Bluetooth technology to help interested stakeholders such as healthcare agencies and governments to fight COVID-19. The announcement describes the tech companies’ intent of “releasing draft documentation for an Exposure Notification system in service of privacy-preserving contact tracing.” The most important thing to note is that the companies will not be building contact tracing apps but will be providing tools around a unified programming interface that will allow these aforementioned stakeholders to create their own contact tracing applications. And while this partnership and others like it are a much needed resource during our fight against COVID-19, privacy concerns with how these companies are using our information loom in the background. 

So what is contact tracing? It can come in two forms. The first form is human to human tracing, which is described in the Centers for Disease Control and Prevention’s (CDC) list of core principles. 

• Contact tracing is part of the process of supporting patients with suspected or confirmed infection.

• In contact tracing, public health staff work with a patient to help them recall everyone with whom they have had close contact during the timeframe while they may have been infectious.

• Public health staff then warn these exposed individuals (contacts) of their potential exposure as rapidly and sensitively as possible.

• To protect patient privacy, contacts are only informed that they may have been exposed to a patient with the infection. They are not told the identity of the patient who may have exposed them.

• Contacts are provided with education, information, and support to understand their risk, what they should do to separate themselves from others who are not exposed, monitor themselves for illness, and the possibility that they could spread the infection to others even if they themselves do not feel ill.

• Contacts are encouraged to stay home and maintain social distance from others (at least 6 feet) until 14 days after their last exposure, in case they also become ill. 

As you can see this is a very specialized skill that needs to be timely executed to prevent further spread of disease. 

According to the CDC digital tracing on the other hand is another set of tools that can be used to “expand the reach and efficacy of contact tracers.” This is what we are seeing from the Apple-Google partnership, as well as other applications (apps) that we see flooding the market in an effort to provide additional tools to combat COVID-19. 

Digital contact tracing can theoretically be more efficient because it doesn’t rely on memory, but requires user cooperation where people would have to download the relevant apps on their phones. In order for something like this to have an almost “real time” effect, a large number of people would have to adapt to this technology. Are we as a society ready for this? While emergencies like this would seem like the answer would be a common sense “yes” there are a lot of other issues at play such as are positive alerts to a user accurate and will a user’s information be protected? A great example of user worry could come in the form of potential genetic discrimination of which we wrote a prior blog post.  

To date the skepticism of technology companies being able to use healthcare data has been rampant. For example, several industry stakeholders were surprised by the Wall Street Journal’s (WSJ) article  that Google has been working since 2018 on a "secret" project involving patient data with Ascension, the St. Louis-based nationwide health system. 

Project Nightingale would involve having Google be provided with millions of health records of U.S. citizens, which has prompted a recent follow up letter by three U.S. Senators to gain additional insight into the project’s specifics. Facebook has a new tool called Preventive Health that seeks to “connect people to health resources and checkup recommendations from leading health organizations.” And while Microsoft launched Microsoft Cloud for Healthcare; whose program applies “flexible capabilities to power individualized experiences, improve team collaboration, and unify data to unlock real-time insights,” demonstrates that while technology and healthcare are merging, the need for addressing privacy concerns remains at the forefront. 

We need all the tools we can get our hands on during this difficult struggle against COVID-19, especially when it comes to digital contact tracing. There is no doubt that we need the efficiencies that technology has to offer. The potential is there, but there has to be buy in from a majority of people in order for this to work. Not only do we have to continue to work to ensure that everyone has access to smartphone technology, but we have to put some additional “safety checks” in place to ensure that ‘anonymized’ aggregated data isn’t sold, that sensitive protected health information (PHI) is guarded and the proper laws/regulations are put in place so that we can learn from the painful lessons that COVID-19 has taught thus far. 

There is no need to rehash the harsh societal effects that COVID-19 has had not only on our psychological and financial wellbeing, but also on the vulnerable population’s immune system. Those having to deal with underlying health conditions such as diabetes, obesity, hypertension have been especially at risk, including some young and healthy individuals. As we race to understand the rationale behind why such an erratic disease impacts some but not others, the question that frequently comes up is whether a person’s genes has something to do with becoming infected?

While it seems like we have been discussing gene therapy for some time, understanding how to harness the potential of the human genome is still in the “early innings.” According to the National Human Genome Research it was found that there are about 20,500 genes in human DNA. This information had taken 13 years to find and was completed in 2003. There are so many things to learn about our genes in order to be precise enough to fully realize how we can get to the ultimate improvement in patient outcomes. Unfortunately, it seems as though time is not on our side when needing to understand how our genes play a key role in fighting this terrible disease. It seems like the best thing to mitigate our circumstances until we get a vaccine is how to contain it. From social distancing to contact tracing, one idea that has been gaining steam on re-opening the economy is the possibility of immunity passports. 

So what are immunity passports? The World Health Organization (WHO) states “Some governments have suggested that the detection of antibodies to the SARS-CoV-2, the virus that causes COVID-19, could serve as the basis for an ‘immunity passport’ or ‘risk-free certificate’ that would enable individuals to travel or to return to work assuming that they are protected against re-infection. There is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.”

Currently there is so much fear and mistrust regarding information on COVID-19 that in order for this to work in my opinion, we would have to have certainty in antibody testing, as well as a 100% understanding about how long immunity actually lasts. Aside from a vaccine, this would certainly move economies forward as a way to slowly start to recoup the financial losses we have witnessed worldwide. But could well intentioned things like immunity passports lead to something unintended such as genetic discrimination? 

According to the National Institutes of Health (NIH), genetic discrimination occurs when people are treated differently by their employer or insurance company because they have a genetic mutation that causes or increases the risk of an inherited disorder or they have a familial history of a specific health condition. Surprisingly, this issue could determine whether someone gets hired or fired and could mean the difference between receiving comprehensive coverage.

GINA does provide a solution to genetic discrimination. The Genetic Information Nondiscrimination Act (GINA) provides for protection against this type of discrimination. Title I of GINA prohibits genetic discrimination in health insurance, and Title II prohibits genetic discrimination in employment.

Under the first part of the act, it is illegal for health insurance providers to use or require genetic information to determine whether a person is eligible for coverage. The second part prohibits employers from using a person’s genetic information in making decisions about hiring, promotion, and various other terms of employment.

However, GINA and similar laws do not protect individuals from genetic discrimination under every circumstance, such as an instance in which an employer has fewer than 15 employees. The act also does not apply to those serving in the military or those insured under the Veterans Health Administration or Indian Health Service. Furthermore, the act does not protect against genetic discrimination in other forms of insurance, including life, disability, and long-term care, according to the NIH.

While GINA’s development was designed for genetic discrimination, I believe that we have not yet seen how this law could potentially evolve from its original intent, especially in this circumstance. Constantly looking through both a policy and legal lens, I see potential problems with an immunity passport. While I understand how this is designed to get the economy back on track, how will individuals be judged regarding obtaining an immunity passport. Is this something you will be required to have by an employer? Are there privacy issues that will evolve from having to declare whether you have an immunity passport? Will employees be looked at differently if they have a passport versus those that don’t? Will an employee’s cost of insurance increase because they happened to get COVID-19?

COVID-19 has changed our lives in ways that we cannot yet imagine. As we start transitioning back towards living with this complex disease until there is a cure, our minds are currently undergoing small yet lasting changes that will unconsciously shape the way we make decisions going forward. It is very foreseeable that society will try and mitigate risks to businesses, meaning that it is not unforeseeable that companies may try and understand any genetic risks that may exist to employees. Whether this is the new normal, a threat to privacy or something else remains to be seen. 

*Disclaimer: The information provided in this blog post is an opinion and is for informational purposes only and not for the purpose of providing legal advice. Access to this information does not create an attorney client relationship between Lanton Law and the viewer. You should contact your attorney to obtain advice with respect to any particular issue or problem.