Democratic Senators Introduce Health and Location Data Protection Act of 2024

A new bill was presented in the Senate that could stop data brokers from using unfair and deceitful acts and methods associated with health and location information, particularly keeping data brokers from marketing, reselling, trading, licensing, transmitting, disclosing, or otherwise making accessible location information, health information, and other categories of sensitive information discovered by the Federal Trade Commission (FTC). Senator Elizabeth Warren (D-MA), Sheldon Whitehouse (D-OH), Ron Wyden (D-OR), and Bernie Sanders (I-VT) introduced the bill and applied the same laws presented at the start of the year; nevertheless, time is short for the bill to be passed, since the present Senate ends next month.

The Health and Location Data Protection Act of 2024 requires the formation of a government registry of data brokers and gives individuals the right to ask brokers not to gather their information. Brokers would likewise need to share information about the people and organizations they share information with and the motive for sharing information. The bill doesn’t forbid any HIPAA-compliant action, for example, the disclosure of health information in a data broker’s ability as a HIPAA-regulated entity or business associate, the publishing of newsworthy facts of genuine public concern, or disclosures pursuant to a legitimate authorization.

Location data is frequently disclosed or peddled by data brokers beyond the knowledge or permission of consumers, by businesses that consumers might be totally unacquainted with. At present, the data broker sector is mostly not regulated with minimal limitations on data sharing. It’s been a concern that the information being gathered and peddled may consist of specific geolocation information obtained through mobile phones that could identify a person’s specific location, including the particular rooms inside a building. When it comes to a healthcare facility, that data could show people’s probable health issues.

This year, the HHS’ Office for Civil Rights released a HIPAA Privacy Rule update that forbids HIPAA-covered entities from sharing reproductive healthcare data if that data is required to prosecute or enforce liability on people or healthcare companies who aid legitimate reproductive healthcare. Location data, together with distinctive device identifiers and information from other resources, could show details about individuals’ reproductive healthcare and might be employed for those reasons.

The use of location data to focus on persons in search of lawful reproductive healthcare isn’t just hypothetical. At the beginning of this year, Sen. Wyden’s investigation discovered that location data gathered from cell phones that determined individuals’ trips to abortion clinics were given to an anti-abortion group that utilized the information for a specific marketing campaign on women wanting abortions.

Lately, the FTC decided to settle with two data brokers, Venntel Inc. and Gravy Analytics Inc., prohibiting them from utilizing, selling, transferring, sharing, licensing, or otherwise exposing consumers’ trips to sensitive places, such as medical establishments, correctional services, schools/childcare amenities, military installations, religious institutions, labor union offices, services aiding people according to racial and ethnic qualification, and assistance giving homes to the homeless, home abuse, refugee, or populations of immigrant.