Is this bill a smart idea, or should you watch out?
Context
Wearable devices, most prominently smartwatches and step counters, have soared in popularity over recent years. Their sales even rose during the COVID-19 pandemic, at the same time as spending on many other categories of consumer goods and services plunged.
The Apple Watch, by far the most popular such device, can record personal data including menstrual cycles, sleep patterns, and heart rate.
The Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, protects the privacy of all patient-doctor interactions under federal law. But technology, as it usually does, moves faster than the law. Since a smartwatch isn’t a doctor or physician, the health data stored with it is not protected under federal law in the same way.
What the bill does
The SMARTWATCH (Stop Marketing And Revealing the Wearables And Trackers Consumer Health) Data Act would protect personal health data stored on a device with the same HIPAA privacy protections as personal health information shared in person with a doctor.
It was introduced in the Senate on March 1 as S. 500, by Sen. Bill Cassidy (R-LA).
What supporters say
Supporters argue that the legislation is a logical and necessary extension of noncontroversial patient privacy protections for the digital age.
“Smartwatches and wearable tech can collect an amazing amount of data about your health with or without your knowledge,” Sen. Cassidy said in a press release. “The [BILL] prevents big tech from collecting or selling data without the user’s consent. Americans should always know their health information is secure.”
What opponents say
GovTrack Insider was unable to locate any explicit statements of opposition to this legislation specifically. But the bill was inspired by a November 2019 *Wall Street Journal *exposé that Google was gathering personal health information on millions of Americans through its partnership with the healthcare organization Ascension — the very same month that Google bought Fitbit, one of the largest wearable device companies, for $2.1 billion.
The bill was originally introduced three days after the WSJ article, with a press release that specifically referenced the damning report. Without commenting on the legislation, Google took pains to rebut claims that it was gathering the health information.
“Data is logically siloed to Ascension, housed within a virtual private space and encrypted with dedicated keys,” Google Cloud President of Industry Products and Solutions Tariq Shaukat wrote in a blog post after the story broke. “Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads.”
Odds of passage
Introduced by a Republican, the bill has attracted one cosponsor, a Democrat: Sen. Jacky Rosen (D-NV). It awaits a potential vote in the Senate Health, Education, Labor, and Pensions (HELP) Committee.
Sen. Cassidy’s prior version from 2019 also only attracted Sen. Rosen as a cosponsor, and never received a committee vote.
However, that doesn’t doom the bill’s chances, and the evenly split partisanship of the cosponsors (such as it is) may work in its favor.
“This bill has bipartisan support because, for conservatives, it offers protection of individual property (data) rights, and for liberals, it offers government regulation of the market to protect society from exploitation by the tech sector,” Case Western Reserve University social work graduate student Joi Chadwick wrote in a blog post. It would “decrease the possibility of an outcome Republicans want to avoid: a patchwork of conflicting state consumer data privacy laws.”
