Senators Express Concerns Over Impact of Contact Tracing Order on Data Privacy, Security
CDC order requires airlines to collect a significant amount of personal information from all passengers and retain it for 30 days
Just when you thought flying couldn’t get funkier, the CDC is trying to get hold of your private information and retain it for thirty days after you have flown. Sure, they say it’s for contact tracing, but why didn’t they do that as COVID and the Delta variant were at its peak.
A friend got COVID while on her cruise. They took a test before they got on the cruise ship and one every day that they were on the cruise line. When she tested positive they took her off the ship and sequestered her in a hotel in Germany until she tested negative.
What good would it do for the CDC to have the mountain of information? The airlines and cruise lines already have a system to handle a breakout.
Would you fly if you had to give your information to the CDC after each flight?
WASHINGTON – U.S. Sens. Roger Wicker, R-Miss., ranking member of the Senate Committee on Commerce, Science, and Transportation, John Thune, R-S.D., Deb Fischer, R-Neb., Jerry Moran, R-Kan., Marsha Blackburn, R-Tenn., Rick Scott, R-Fla., and Michael Lee, R-Utah, today sent a letter asking White House Coronavirus Response Coordinator Jeffrey Zients to inform Congress on how the Biden Administration plans to address data collection concerns following the recent Centers for Disease Control and Prevention (CDC) “contact tracing” order, which requires airlines and operators to collect personal information from incoming international passengers, including American citizens.
“It is unclear at this time whether the aviation industry is equipped to collect and retain more personal information from passengers than it does today and share it across multiple proprietary systems before responsibly and securely transmitting it to the CDC,” the Senators wrote.
“The traveling public must be informed of the potential costs this order could impose on their privacy.”
The CDC order requires airlines and operators to retain a passenger’s personal information for a minimum of 30 days from the flight’s departure and transmit it to the agency within 24 hours of a request from the CDC Director. This order gives airlines the option to submit contact tracing information to CDC via “an established DHS data system.”
If airlines submit via this method, the order notes that the Department of Homeland Security (DHS) will also submit this information into its Automated Targeting System, which will be retained for a minimum of fifteen years and used for non-public health purposes. It is unclear if consumers are aware of their data being potentially retained by the federal government for a significant amount of time.
Wicker has been a strong advocate for protecting consumer data. Last Congress, Wicker, Thune, Moran, and Blackburn introduced the COVID-19 Consumer Data Protection Act. The legislation would direct companies to inform consumers on how their data will be handled, to whom it will be transferred, and how long it will be retained at the point of collection.
This is a copy of the full letter:
Recently, CDC issued an order titled, “Requirement for Airlines and Operators to Collect and Transmit Designated Information for Passengers and Crew arriving into the US; Requirement for Passengers to Provide Designated Information.” The order requires airlines and other aircraft operators to collect additional personal information from all passengers, including American citizens, traveling to the United States from a foreign last point of departure and submit it to CDC for the purposes of COVID-19 contact tracing.
The order requires airlines and operators to retain this information a minimum of 30 days from the flight’s departure and, within 24 hours of a request from the CDC Director, transmit it to CDC.
We write to express concerns about the impact this policy could have on the privacy and data security of the American flying public. It is unclear at this time whether the aviation industry is equipped to collect and retain more personal information from passengers than it does today and share it across multiple proprietary systems before responsibly and securely transmitting it to the CDC.
This data collection and transfer process must potentially comply with numerous international data privacy regulations. It is also unclear whether the CDC has the data management capabilities to secure a new trove of personal information that would become a valuable target for both criminal hackers and cyber espionage agents of foreign governments. Finally, it is unclear if consumers will be aware that their personal information may be retained by private entities or the federal government for various amounts of time and may be used for non-public health purposes.
Per the order, it is possible for a passenger’s personal information to be retained by the Federal government for a “minimum of fifteen years.” The traveling public must be informed of the potential costs this order could impose on their privacy.
It is essential that Congress is kept fully informed of how the administration will address these and other concerns. We, therefore, request that you, and the appropriate executive departments, provide a briefing to our staff as soon as possible on this order.
Thank you for your prompt attention to this important matter.