The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Senators Press Google on Coronavirus Tracking, Screening Site Privacy

by Chris Brook on Thursday March 19, 2020

Contact Us
Free Demo
Chat

Privacy-conscious senators are worried that technology used by the government to prevent the coronavirus from spreading could be exploited for profit and fear.

As doctors and healthcare practitioners on the front lines continue to fight the ongoing coronavirus (COVID-19) epidemic at hospitals, a handful of politicians in Washington are shifting their attention to the internet, attempting to address privacy concerns that have emerged as a result of the virus.

In the Senate, two Senators, Mark Warner (D-VA) and Richard Blumenthal (D-CT) are cautioning this week that actions by Google could be exploiting fear for profit. Specifically, they're concerned that Google, by collecting user browsing data via web trackers, is targeting consumers with ads for products critical to fighting COVID-19 like hand sanitizer and face masks.

While in addition to being predatory, the ads go counter to claims made by Google earlier this month that the company would ban ads on protective face masks.

The Senators penned a letter to the Federal Trade Commission outlining their concerns.

“These misrepresentations generate direct harm to consumers, exploiting their legitimate fears over the COVID-19 outbreak to over-charge them for products. They also create widespread social harms to our nation’s response to this crisis, such as by contributing to shortages of products essential to the health care workers on the front lines of the COVID-19 response,” the letter (.PDF) read.

Warner was one of 17 Senators behind a separate letter last week to internet providers urging them to suspend data caps and overage fees that could prevent teleworking.

A separate group of senators, Bob Menendez and Cory Booker of New Jersey, Sherrod Brown of Ohio, Richard Blumenthal of Connecticut and Kamala Harris of California, also took umbrage with Google this week, sending the search giant (and Vice President Mike Pence) letters on Wednesday concerning the security of the coronavirus screening site designed to help the government manage COVID-19.

“We are concerned that neither the Administration nor Google has assessed what privacy and cybersecurity vulnerabilities may arise in developing and deploying such a system," the Senators wrote Wednesday.

The politicians have questions, 14 of them to be specific, about how Google and its subsidiaries will be able to use the data. Will they be able to use it commercially? To sell it? The letter highlights recent breaches of LabCorp, Quest Diagnostics, and questions that stem from another initiative Google announced, Project Nightingale, with healthcare company Ascension Health.

That partnership, announced last December, sparked a debate around HIPAA and privacy amidst concerns Google would have access to health records of Ascension patients without their consent. Google, for what it's worth, ultimately said the project would adhere "to industry-wide regulations (including HIPAA) regarding patient data" but that didn't diminish doubts of many in the industry.

The privacy concerns didn't stop at the screening site and Google's ads. Another Senator made his concerns around the privacy implications of another government plan pertaining to COVID-19 known this week, too.

Senator Ed Markey pressed Michael Kratsios, the Trump administration's Chief Technology Officer, on Thursday whether or not COVID-19 patients' location data would be used and if so, how it would be regulated.

Markey cautioned that the government shouldn't "embrace action that represents a wholesale privacy invasion" by leveraging Americans' smartphones to track coronavirus, a concept first brought up in a Washington Post article on Tuesday.

"Attempting to limit smartphone location data in this manner is insufficient to preclude violations of Americans’ privacy," Markey wrote, "A person’s location information can reveal other sensitive details, such as a place of employment, religious affiliation, or political preferences. We need assurances that collection and processing of these types of information, even if aggregated and anonymized, do not pose safetyand privacy risks to individuals."

Tags: Data Privacy, Government, Industry Insights

Recommended Resources


  • Best practices for managing DLP in healthcare
  • Overview of vendors' strengths and weaknesses
  • Top use-cases for DLP in healthcare
  • Top InfoSec concerns for healthcare professionals
  • How to protect sensitive data with DLP
  • Advice from security experts and analysts

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.