A680 titled the New York Privacy Act has been introduced into the New York State Assembly. The bill is sponsored by Assemblywoman Rosenthal (D-District 67). 

The proposed bill seeks to enact the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared. Furthermore the proposed bill creates a special account to fund a new office of privacy and data protection.  

While the bill has echoes of Europe’s General Data Protection Regulation consent requirements, this bill takes a hard line approach on the subject which requires consent for all   processing activities and third-party disclosures, with no exceptions, the proposed bill as currently written raises significant concerns with how businesses would realistically be able to comply with the proposal’s requirements. 

Penalties are very strong under this proposal as seen below:

The attorney general may bring an action in the name of the state,or as parens patriae on behalf of persons  residing  in  the  state,  to enforce this article.

In addition to any right of action granted to any governmental body pursuant to this section, any person who has been injured by reason of a violation  of this article may bring an action in his or her own name to enjoin such unlawful act, or to recover his or her  actual  damages,  or both  such  actions. The court may award reasonable attorney's fees to a prevailing plaintiff.

Any controller or processor who violates this article is subject to an injunction and liable for damages and a civil penalty. When calculating damages and civil penalties, the court shall consider the number  of affected  individuals,  the  severity of the violation, and the size and revenues of the covered entity. Each individual  whose  information  was unlawfully  processed  counts as a separate violation. Each provision of this article that was violated counts as a separate violation.

Privacy is a hotly trending topic that is showing now signs of slowing down. Bills like this one will require significant work as it makes its way through the legislature in order for New York to achieve consumer protection while enacting a workable law that businesses will be able to comply with. 

We at Lanton Law can help. Our legal and lobbying tools can help offer your organization a clear path forward to navigate what will be changing policies for healthcare, technology and clean energy stakeholders. We are a D.C. based firm with no state boundaries as we are active nationwide. Contact us today to discuss your options.  

The North Dakota senate voted in opposition of advancing a bill that would have required app stores to enable software developers to use their own payment processing software. This bill directly addressed fees charged by both Google and Apple.

So what would the bill have addressed? 

The proposal applies to a digital application distribution platform for which cumulative gross receipts from sales on the digital application distribution platform to residents of this state exceed ten million dollars in the previous or current calendar year which uses:

• The platform to provide an application that was created by a person domiciled in this state to a user; or

• The platform to provide an application to a resident of this state.

A provider of a digital application distribution platform may not:

a. Require a developer to use the provider's digital application distribution platform as the exclusive means of distributing a digital product to a user. 

b. Require a developer to use the provider's digital transaction platform or in- application payment system as the exclusive means for accepting payment from a user to download the developer's software application, or purchase a digital or physical product or service created, offered, or provided by the developer through a software application.

c. Retaliate against a developer for choosing to use another digital application distribution platform, digital transaction system, or in-application payment system. 

d. Refuse to allow a developer to provide the provider's application or digital product to or through the provider's platform or system or refuse to allow a user access to the developer's application or digital product through the provider's platform or system, on account of the developer's use of another platform or system. A violation of this subdivision is considered retaliation under this section.

If the North Dakota bill would have advanced through the Senate and into the House, this may have spurred other states to take similar measures, as we have seen with legislation that addresses landmark major policy issues. For example Arizona is considering similar legislation.

Now the title of this blog post is “Apple Gets Legislative Victory in North Dakota For Now.” If you listen to the 2/16/21 CNBC interview with State Senator Kyle Davison (R-ND), Senator Davison states something along the lines of if the bill is defeated in the vote today then nothing is really dead until the legislative session is over.

We at  Lanton Law have seen several times in multiple states that when ideas are deemed to be dealt with through a legislative defeat, sometimes that “dead” bill  comes back during the same session in a companion bill, a budget bill or some other “rider.” Many times it comes down to how determined the legislator is at seeing something accomplished. 

This bill is a prime example of how technology stakeholders and stakeholders in other similar sectors are finding that they have to increase their awareness of state and federal policy in order to remain cognizant of fast moving trends and to ultimately ensure compliance. 

We at Lanton Law can help. Our legal and lobbying tools can help offer your organization a clear path forward to navigate what will be changing policies for technology, healthcare and clean energy stakeholders. We are a D.C. based firm with no state boundaries as we are active nationwide. Contact us today to discuss your options.

Lanton Law’s privacy practice has been closely monitoring the various state conversations around data privacy. We previously wrote a blog post titled California’s Consumer Privacy Act Could Be Coming to a State Near You, where we traced how California took the first step to create a consumer privacy law in the wake of Europe’s General Data Protection Regulation.    

So what’s going on with Virginia? Earlier this month the Virginia Senate passed 

 Senate Bill 1392, titled the Consumer Data Protection Act. The Virginia House of Delegates approved a companion (identical) House Bill H.B. 2307 by an 89-9 vote. Each bill likely will be heard in committee next week by the opposite chamber, which provides additional opportunities to make amendments. The state General Assembly will adjourn on March 1, it is expected that Governor Northam will sign the legislation. 

What does the bill do? The proposed legislation seeks the following:

“Establishes a framework for controlling and processing personal data in the Commonwealth. The bill applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The bill outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The bill grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt out of the processing of personal data for the purposes of targeted advertising. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The bill has a delayed effective date of January 1, 2023.”

As with major policy issues that have yet to have a federal solution, states like California, Virginia and others are creating piecemeal policies, which will create compliance issues for entities that operate in several jurisdictions. New York, Oklahoma, Washington State, Minnesota, and North Dakota are jurisdictions that we continue to monitor with brewing policies on point.  

As we become more reliant on technology which crosses several sectors now, businesses are finding that they have to increase their awareness of state and federal policy in order to remain compliant. We at Lanton Law can help. Our legal and lobbying tools can help offer your organization a clear path forward to navigate what will be changing policies for healthcare, technology and clean energy stakeholders. We are a D.C. based firm with no state boundaries as we are active nationwide. Contact us today to discuss your options. 

The ‘‘Safeguarding Against Fraud, Exploitation, Threats, Extremism, and Consumer Harms Act’’ or the "SAFE TECH Act" has been introduced into Congress. The proposal is led by Senators Warner (D-VA), Hirono (D-HI) and Klobuchar (D-MN), as the bill seeks changes to 47 U.S. Code § 230. 

The law which is part of the Communications Decency Act (CDA), also called Title V of the Telecommunications Act of 1996, provides ISP’s with federal immunity to any cause of action that seeks to make ISP’s liable for information that originated with a third party service user. 

Specifically, §230 states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The additional specifics of this law describe the liability shield that these companies currently enjoy which is further protected by federal preemption law. 

We have written several blog post on this topic about prior legislation targeting the law as well as prior U.S. DOJ Scrutiny on the matter. 

Since the SAFE TECH Act has been unveiled there have been multiple stakeholders expressing concern with unintended consequences this proposal in its current form has that will likely result in chilling of expression. 

Regardless of your political viewpoint, if you are a tech stakeholder that has ISP capabilities or you are providing services that deal with the exchange of ideas, you should be monitoring this type of legislative action to avoid unnecessary surprises to your business model. We at Lanton Law can help. 

Our legal and policy tools can help offer your organization a clear path forward to navigate what will be changing policies for technology stakeholders. Contact us today to discuss your options.

The New York State legislature has introduced Assembly Bill 27, which seeks to make New York the fourth state to enact a biometric privacy law. If successful it will be the second state that will allow consumers a private right of action to see companies for improper data handling. 

New York is definitely taking its cue from Illinois, as that state became the first to require businesses to collect biometric data to provide notice and obtain the owner’s written consent prior to using this information. We have written about the Illinois Information Privacy Act or (BIPA) in a previous post. 

The New York proposal seeks to do the following: 

Establishes the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first. 

New York has enacted facial recognition laws in the past. In December 2020 Governor Cuomo released a press statement where he signed A6787-D/S5140-B into law that suspended “the use of facial recognition technology and other kinds of biometric technology in schools, directing a study of whether its use is appropriate in schools and issuing recommendations. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the State Education Commissioner authorizes its use, whichever occurs later. It applies to both public and private schools in New York State.” 

Proposed Assembly Bill 27 shows that New York will continue to press forward in this area and will likely inspire other states. If you are a biometric, Health IT/digital health or technology stakeholder, your interests will be impacted.    

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. Contact us today to learn about your organization’s options to prepare for additional regulatory oversight.

New York has introduced Assembly Bill 27. According to the proposed bill, AB 27 seeks “to establish the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.”  

Currently, the Illinois Biometric Information Privacy Act, commonly known as BIPA, is the only state with a biometric privacy statute that provides for a similar private right of action. We have been writing in previous posts about how state policies have been taking shape regarding this subject. 

We expect this and other technology questions to be debated in various state houses throughout 2021. It is imperative for interested stakeholders to be prepared for what new potential legislation requires. Contact Lanton Law to discuss your lobbying and legal strategies.   

Proposition 22’s passage in California on November 3, 2020 will have a major impact on the future of the gig economy not just in California but potentially the rest of the country. 

Proposition 22 involved the issue of whether transportation drivers for app-based entities such Uber and Lyft should be classified as independent contractors. This now means that these companies would be exempt from a California law enacted last year that made it harder for these app-based companies to not classify their workers as employees.    

If you have questions about what this means for you contact Lanton Law. We are experts in the technology and fintech industries and can help stakeholders navigate these evolving markets.

For some time now we have been forecasting that technology stakeholders had to be aware of looming regulatory oversight, especially around the issues of antitrust and Section 230. 

Last week the Department of Justice (DOJ) sent draft legislation to Congress to reform Section 230 of the Communications Decency Act.  The draft legislative text implements reforms that the Department of Justice deemed necessary in its June Recommendations. 

The Justice Department’s proposals available here focus on two issues: addressing illicit activity online and promoting transparency and open discourse. 

Regardless of whether this or other legislation gets enacted this year, Section 230 comes under increasing scrutiny by policymakers. It’s a question of when for technology regulation, so if you are a technology stakeholder it is better to be prepared.

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The Platform Accountability and Consumer Transparency Act has been introduced by Sens. Brian Schatz (D-Hawaii) and John Thune (R-South Dakota), which targets Internet Service Providers and attempts to limit their protections under 47 U.S. Code § 230 of the Communications Decency Act (CDA), also called Title V of the Telecommunications Act of 1996. 

The proposed Act points out two critical facts: 

• “Online consumers are not adequately protected in the United States because, with the exception of Federal criminal statutes, providers of interactive computer services are immune from the enforcement of most Federal statutes and regulations.

• The bill among a list of proposed policies also seeks to preserve the internet and other interactive computer services as forums for diversity of political discourse, unique opportunities for cultural development, and myriad avenues for intellectual and commercial activity.”

Specifically, the interactive computer service provider shall provide the following elements:

• reasonably inform users about the types of content that are allowed on the interactive computer service;

• explain the steps the provider takes to

• ensure content complies with the acceptable use policy;

• explain the means by which users can notify the provider of potentially policy-violating content, illegal content, or illegal activity

• include publication of a quarterly transparency report outlining actions taken to enforce the policy

While there are some First Amendment concerns with this legislation, this demonstrates how Section 230 comes under increasing scrutiny by policymakers. It’s a question of when for technology regulation so if you are a technology stakeholder, it is better to be prepared.

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

U.S. Senator Josh Hawley (R-MO) has recently announced his new legislation titled the Behavioral Advertising Decisions Are Downgrading Services (BAD ADS) Act. This bill proposes to remove Section 230 immunity from Big Tech companies that display manipulative, behavioral ads or provide data to be used for them. Behavioral ads are defined in the legislation. 

It is unclear as to how this ties directly to Section 230 immunity and is different from other Congressional bills that create a nexus between Section 230 and its protections to content policies on websites. This bill would not apply to contextual ads  such as advertising that is directed to a user based on:

• ‘‘(aa) the content of the website, online service, online application, or mobile application to which the user is connected;

• ‘‘(bb) the location of the user, as of the time at which the advertising is directed to the user; or

• ‘‘(cc) the search terms that the user applied to arrive at the website, service, or application to which the user is connected

Regardless of whether this or other legislation gets enacted this year, Section 230 comes under increasing scrutiny by policymakers. It’s a question of when for technology regulation, so if you are a technology stakeholder it is better to be prepared.

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On July 29th four of the biggest tech companies CEOs testified in front of Congress. Jeff Bezos of Amazon, Tim Cook of Apple, Mark Zuckerberg of Facebook, and Sundar Pichai of Google all took questions from the U.S House Judiciary Subcommittee on Antitrust, Commercial, and Administrative Law. The hearing which can be viewed here was titled “Online Platforms and Market power, Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google.”  

Sadly, there was a lot of political posturing on both sides of the political aisle and not a lot of policy. The main takeaway is that there is still no clear bipartisan antitrust agenda. 

Democrats presented evidence regarding antitrust concerns. It seemed they had pointed questions regarding certain deals such as Amazon's purchase of Ring to control that sector of the market and Facebook's alleged threats against Instagram before its purchase of the company.  

Republicans focused on perceived anti-conservative bias in tech instead of addressing company size and market power. Their questions focused on whether the tech companies will participate in "electioneering" for Joe Biden and grilled Facebook about Twitter's shutdown of Trump Jr.'s account. 

This has been a year-long investigation by this Subcommittee with this testimony capping the investigation. Subcommittee members are still in the process of sending follow-up questions to the CEOs and finalizing their conclusions over the next few weeks. Once they are done the Subcommittee will file a report of its findings. 

This process has been highly politicized, and many tech stakeholders are wondering whether any significant policymaking will get done by the end of the year. While there is reason to be skeptical, there is a highly charged election about to take place, meaning it wouldn’t surprise us if a small step towards technology regulation was accomplished. The bigger question is what happens to tech policy at the start of 2021? 

We continue to see an increase in federal and state policymaking when it comes to technology companies. The threat of looming technology legislation will undoubtedly lead to increased regulation. It’s better to be prepared now by knowing the landscape and preparing your strategic options in order to navigate the increased scrutiny. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

Democrats on the House Energy and Commerce Committee led by Chairman Pallone (D-NJ) along with Congresswoman DeGette (D-CO) Chair of the Subcommittee on Oversight and Investigations, Congresswoman Schakowsky (D-IL) and Congressman Doyle (D-PA) sent a letter to Facebook along with other tech companies requesting more COVID-19 transparency on their platforms. The request seeks monthly reports on this issue which mirrors a similar request from the European Union. The letter discusses concerns around “a troubling rise of false or misleading information related to COVID-19 disseminated by domestic and foreign actors on platforms such as yours.”

We continue to see an increase in federal and state policymaking when it comes to technology companies. The threat of looming technology legislation will undoubtedly lead to increased regulation. It’s better to be prepared now by knowing the landscape and preparing your strategic options in order to navigate the increased scrutiny. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.  

With all the news surrounding the Trump Administration and its complex political and economic relationship with China, some may find it surprising that the latest company suspected to be possibly impacted by the two countries would be TikTok. 

According to its website, TikTok is an app for short-form mobile videos. The company says it has offices in Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo, but the company does have close ties to China through the company’s owner ByteDance; a Beijing-based technology company. TikTok has become more mainstream in the U.S. due to the pandemic, whereby various users including small business owners have been using the app to expand their economic reach. 

The last few months have brought increased scrutiny over the app. Both India and Indonesia have banned the app, while the U.S. Navy and other U.S. armed forces branches have banned the app as well. Most of the concerns have been around the issue of national security and how much user information  is shared with the Chinese government.

TikTok responded to this brewing controversy last year with a statement that addressed the company’s viewpoint on data privacy and security as well as content concerns. In response to the Administration threatening that it is considering a ban on TikTok, the company has been increasing its lobbying presence to hedge against a possible ban.   

Will a possible ban have a chilling effect on U.S. technology companies? Currently, the answer is no. We don’t want to cause controversy by suggesting this, but with the recent activities in Congress, the Federal Trade Commission and the Department of Justice that we have been reporting about, warrants that technology stakeholders keep a close watch on how the industry is receiving a lot of policy interests. It is safe to believe that technology policy is on the verge of changing, as technology stakeholders can no longer sit back and think that this industry is immune from regulatory oversight. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology,   healthcare/life sciences and finance. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

The House Judiciary Antitrust Subcommittee has scheduled a July 27, 2020 hearing for the CEO’s of Amazon, Apple, Google and Facebook (Big Tech) to testify regarding the Committee’s ongoing investigation of digital marketplace competition. The hearing is titled “Online Platforms and Market Power, Part 6: Examining the Dominance of Amazon, Facebook, Google and Apple.”  

The Committee’s press release has a joint statement from House Judiciary Committee Chairman Nadler (D-NY) and Antitrust Subcommittee Chairman Cicilline (D-RI) which states “Since last June, the Subcommittee has been investigating the dominance of a small number of digital platforms and the adequacy of existing antitrust laws and enforcement. Given the central role these corporations play in the lives of the American people, it is critical that their CEOs are forthcoming. As we have said from the start, their testimony is essential for us to complete this investigation.”

The Committee’s investigation launched its antitrust investigation last June. The Committee’s efforts are bipartisan and the Committee is attempting to address whether Congressional oversight is needed to pass tighter antitrust laws to ensure a more balanced marketplace. The Committee’s investigation will focus on documenting where competition is lacking in digital markets; exploring whether large companies are suppressing competition; and determining whether Congress and regulators need to do more to address Big Tech's dominance. If Congress decides that legislation is needed, it could lead to the first major policy revisions of U.S. antitrust law in decades.

Additional policy threats to technology companies remain besides Congress. In a mix of business and political reasons for determining whether a new class of start ups is being stifled by Big Tech, the Federal Trade Commission (FTC) and the Department of Justice (DOJ) last year have announced joint efforts to investigate Big Tech. The FTC will have responsibility for investigating Amazon and Facebook while the DOJ will investigate Google and Facebook. It is looking as though some kind of regulatory action is coming by year end. Not to mention Big Tech has been receiving a lot of antitrust scrutiny from overseas. 

It is no secret that oversight over technology stakeholders is near. It’s best to look at your risks to determine whether you have the tools to protect your business and be nimble enough to navigate the changing policy currents. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.   

Earlier this year we started our conversation with the technology industry urging stakeholders to be aware of the growing policy attacks on the responsibilities of an Internet Service Provider (ISP) via the technology law 47 U.S. Code § 230. 

The law which is part of the Communications Decency Act (CDA), also called Title V of the Telecommunications Act of 1996, provides ISP’s with federal immunity to any cause of action that seeks to make ISP’s liable for information that originated with a third party service user. 

Specifically, §230 states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The additional specifics of this law describe the liability shield that these companies currently enjoy which is further protected by federal preemption law. 

A few weeks back we highlighted how politicians on both sides of the aisle have been more assertive in how tech companies are not living up to their expectations under Section 230. Now in addition to recent U.S. Department of Justice scrutiny, U.S. Senator Hawley (R-MO) has introduced the Limiting Section 230 Immunity to Good Samaritans Act, which seeks to provide accountability for bad actors who abuse the Good Samaritan protections provided under that Act. 

According to the Senator’s press release the bill “would prohibit Big Tech companies from receiving Section 230 immunity unless they update their terms of service to promise to operate in good faith and pay a $5,000 fine (or actual damages, if higher) plus attorney’s fees if they violate that promise.” This legislation makes it easier for Americans to sue tech companies that censor political speech or hide competitor content. This bill mirrors more conservative politicians who feel that tech companies are censoring conservative viewpoints.

Regardless of your political viewpoint, if you are a tech stakeholder that has ISP capabilities or you are providing services that deal with the exchange of ideas, you should be monitoring this type of legislative action to avoid unnecessary surprises to your business model. We at Lanton Law can help. 

Our legal and policy tools can help offer your organization a clear path forward to navigate what will be changing policies for technology stakeholders. Contact us today to discuss your options.     

U.S. Congressman Cicilline (D-RI) has announced  his intent to introduce legislation “that tightly restricts the use of personal, online consumer data that is often used to ‘microtarget’ voters with misleading ads.” According to his release, the legislation will be titled the “Protecting Democracy from Disinformation Act” and has the following elements: 

• Restricts Microtargeting: Only allows advertisers and online platforms to use age, gender, and location when targeting political ads. 

• Improves Transparency: Requires disclosure and reporting on who paid for an ad, how much it cost, whom an ad is aimed at, and who saw the ad.

• Holds Online Platforms Accountable: Provides enforcement through the Federal Election Commission’s existing authority, a private right of action, and criminal penalties for online platforms and ad intermediaries that knowingly and willfully violate the Act.

Expect issues such as microtargeting and others to come to the forefront as we enter in the election season of 2020. 

Lanton Strategies; a segment of Lanton Law works to help advance our clients interests before both legislative and regulatory bodies on the state and federal levels. We use sources from the Hill, state houses, agencies, markets and trade associations, to inform our clients and achieve proactive results. Let us know how either our government affairs services or legal services can help you achieve your priorities. 

Apple and Google have announced their partnership to enable Bluetooth technology to help interested stakeholders such as healthcare agencies and governments to fight COVID-19. The announcement describes the tech companies’ intent of “releasing draft documentation for an Exposure Notification system in service of privacy-preserving contact tracing.” The most important thing to note is that the companies will not be building contact tracing apps but will be providing tools around a unified programming interface that will allow these aforementioned stakeholders to create their own contact tracing applications. And while this partnership and others like it are a much needed resource during our fight against COVID-19, privacy concerns with how these companies are using our information loom in the background. 

So what is contact tracing? It can come in two forms. The first form is human to human tracing, which is described in the Centers for Disease Control and Prevention’s (CDC) list of core principles. 

• Contact tracing is part of the process of supporting patients with suspected or confirmed infection.

• In contact tracing, public health staff work with a patient to help them recall everyone with whom they have had close contact during the timeframe while they may have been infectious.

• Public health staff then warn these exposed individuals (contacts) of their potential exposure as rapidly and sensitively as possible.

• To protect patient privacy, contacts are only informed that they may have been exposed to a patient with the infection. They are not told the identity of the patient who may have exposed them.

• Contacts are provided with education, information, and support to understand their risk, what they should do to separate themselves from others who are not exposed, monitor themselves for illness, and the possibility that they could spread the infection to others even if they themselves do not feel ill.

• Contacts are encouraged to stay home and maintain social distance from others (at least 6 feet) until 14 days after their last exposure, in case they also become ill. 

As you can see this is a very specialized skill that needs to be timely executed to prevent further spread of disease. 

According to the CDC digital tracing on the other hand is another set of tools that can be used to “expand the reach and efficacy of contact tracers.” This is what we are seeing from the Apple-Google partnership, as well as other applications (apps) that we see flooding the market in an effort to provide additional tools to combat COVID-19. 

Digital contact tracing can theoretically be more efficient because it doesn’t rely on memory, but requires user cooperation where people would have to download the relevant apps on their phones. In order for something like this to have an almost “real time” effect, a large number of people would have to adapt to this technology. Are we as a society ready for this? While emergencies like this would seem like the answer would be a common sense “yes” there are a lot of other issues at play such as are positive alerts to a user accurate and will a user’s information be protected? A great example of user worry could come in the form of potential genetic discrimination of which we wrote a prior blog post.  

To date the skepticism of technology companies being able to use healthcare data has been rampant. For example, several industry stakeholders were surprised by the Wall Street Journal’s (WSJ) article  that Google has been working since 2018 on a "secret" project involving patient data with Ascension, the St. Louis-based nationwide health system. 

Project Nightingale would involve having Google be provided with millions of health records of U.S. citizens, which has prompted a recent follow up letter by three U.S. Senators to gain additional insight into the project’s specifics. Facebook has a new tool called Preventive Health that seeks to “connect people to health resources and checkup recommendations from leading health organizations.” And while Microsoft launched Microsoft Cloud for Healthcare; whose program applies “flexible capabilities to power individualized experiences, improve team collaboration, and unify data to unlock real-time insights,” demonstrates that while technology and healthcare are merging, the need for addressing privacy concerns remains at the forefront. 

We need all the tools we can get our hands on during this difficult struggle against COVID-19, especially when it comes to digital contact tracing. There is no doubt that we need the efficiencies that technology has to offer. The potential is there, but there has to be buy in from a majority of people in order for this to work. Not only do we have to continue to work to ensure that everyone has access to smartphone technology, but we have to put some additional “safety checks” in place to ensure that ‘anonymized’ aggregated data isn’t sold, that sensitive protected health information (PHI) is guarded and the proper laws/regulations are put in place so that we can learn from the painful lessons that COVID-19 has taught thus far. 

There is no need to rehash the harsh societal effects that COVID-19 has had not only on our psychological and financial wellbeing, but also on the vulnerable population’s immune system. Those having to deal with underlying health conditions such as diabetes, obesity, hypertension have been especially at risk, including some young and healthy individuals. As we race to understand the rationale behind why such an erratic disease impacts some but not others, the question that frequently comes up is whether a person’s genes has something to do with becoming infected?

While it seems like we have been discussing gene therapy for some time, understanding how to harness the potential of the human genome is still in the “early innings.” According to the National Human Genome Research it was found that there are about 20,500 genes in human DNA. This information had taken 13 years to find and was completed in 2003. There are so many things to learn about our genes in order to be precise enough to fully realize how we can get to the ultimate improvement in patient outcomes. Unfortunately, it seems as though time is not on our side when needing to understand how our genes play a key role in fighting this terrible disease. It seems like the best thing to mitigate our circumstances until we get a vaccine is how to contain it. From social distancing to contact tracing, one idea that has been gaining steam on re-opening the economy is the possibility of immunity passports. 

So what are immunity passports? The World Health Organization (WHO) states “Some governments have suggested that the detection of antibodies to the SARS-CoV-2, the virus that causes COVID-19, could serve as the basis for an ‘immunity passport’ or ‘risk-free certificate’ that would enable individuals to travel or to return to work assuming that they are protected against re-infection. There is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.”

Currently there is so much fear and mistrust regarding information on COVID-19 that in order for this to work in my opinion, we would have to have certainty in antibody testing, as well as a 100% understanding about how long immunity actually lasts. Aside from a vaccine, this would certainly move economies forward as a way to slowly start to recoup the financial losses we have witnessed worldwide. But could well intentioned things like immunity passports lead to something unintended such as genetic discrimination? 

According to the National Institutes of Health (NIH), genetic discrimination occurs when people are treated differently by their employer or insurance company because they have a genetic mutation that causes or increases the risk of an inherited disorder or they have a familial history of a specific health condition. Surprisingly, this issue could determine whether someone gets hired or fired and could mean the difference between receiving comprehensive coverage.

GINA does provide a solution to genetic discrimination. The Genetic Information Nondiscrimination Act (GINA) provides for protection against this type of discrimination. Title I of GINA prohibits genetic discrimination in health insurance, and Title II prohibits genetic discrimination in employment.

Under the first part of the act, it is illegal for health insurance providers to use or require genetic information to determine whether a person is eligible for coverage. The second part prohibits employers from using a person’s genetic information in making decisions about hiring, promotion, and various other terms of employment.

However, GINA and similar laws do not protect individuals from genetic discrimination under every circumstance, such as an instance in which an employer has fewer than 15 employees. The act also does not apply to those serving in the military or those insured under the Veterans Health Administration or Indian Health Service. Furthermore, the act does not protect against genetic discrimination in other forms of insurance, including life, disability, and long-term care, according to the NIH.

While GINA’s development was designed for genetic discrimination, I believe that we have not yet seen how this law could potentially evolve from its original intent, especially in this circumstance. Constantly looking through both a policy and legal lens, I see potential problems with an immunity passport. While I understand how this is designed to get the economy back on track, how will individuals be judged regarding obtaining an immunity passport. Is this something you will be required to have by an employer? Are there privacy issues that will evolve from having to declare whether you have an immunity passport? Will employees be looked at differently if they have a passport versus those that don’t? Will an employee’s cost of insurance increase because they happened to get COVID-19?

COVID-19 has changed our lives in ways that we cannot yet imagine. As we start transitioning back towards living with this complex disease until there is a cure, our minds are currently undergoing small yet lasting changes that will unconsciously shape the way we make decisions going forward. It is very foreseeable that society will try and mitigate risks to businesses, meaning that it is not unforeseeable that companies may try and understand any genetic risks that may exist to employees. Whether this is the new normal, a threat to privacy or something else remains to be seen. 

*Disclaimer: The information provided in this blog post is an opinion and is for informational purposes only and not for the purpose of providing legal advice. Access to this information does not create an attorney client relationship between Lanton Law and the viewer. You should contact your attorney to obtain advice with respect to any particular issue or problem.

We are honored to have worked with STACK for Pharmacy on a great and timely webinar titled “The New Concerns of a Digital Workplace. COVID-19 has changed the way that we work, communicate and transfer information and finances. We discuss the early trends of what we are seeing from a transitioning marketplace.

Click here to access the webinar

STACK will be teaming up with Lanton Law to do an April 22, 2020 webinar at 1:00 PM EST titled “The New Concerns of a Digital Workplace.” Join Jonathan Ogurchak, Founder & CEO of STACK and Ron Lanton III, Esq, Principle of Lanton Law to discuss the following:

Challenges facing healthcare organizations with a rapid deployment to “work from home” environments

Considerations to ensure ongoing compliance and ensure appropriate use

Future areas for advancement related to the “new normal” organizations are likely to face

Click here to register