US privacy enforcement agency FTC has issued guidance to businesses so they can avoid falling foul of privacy regulations when developing products or services geared towards combatting the spread of Covid-19.
The FTC (Federal Trade Commission) has urged companies to consider privacy and security matters during development, not after launch.
“Although we will be flexible and reasonable when it comes to bringing enforcement actions against companies engaged in good faith, thoughtful efforts to address the effects of the pandemic, it doesn’t pay to be in the news for privacy and security problems, and then have to retreat to address them,” the FTC said.
Companies should use privacy-protective technologies to preserve consumer privacy.
“Researchers have developed privacy-friendly, decentralised protocols that allow users to voluntarily share encrypted data directly with epidemiologists,” the commission said.
And it urges companies to consider using anonymous, aggregated data. “[That] will allow you to sidestep many of the privacy concerns related to tracking individuals’ location.
“For example, if a consumer has granted you permission to use their location data, nothing would prohibit you from disclosing a heat map of average distances travelled for public health purposes. A consumer’s consent for this use of aggregate, anonymous data would not be required,” the FTC said.
It also advised companies to delete any data collected, analysed, used or shared for emergency public health purposes when the crisis is over.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.