Blog
Health data privacy takes center stage as legislation advances
March 13, 2023

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
UNITED STATES
Health Data Privacy Takes Focus From All Angles
Three major developments occurred over the last week in health data privacy:
1. The Washington state House of Representatives passed (moving the legislation to the Senate) HB 1155, a bill that would prohibit the sale of non-HIPAA-protected consumer health data and require consumer consent before personal health-related data is shared or collected.
2. U.S. Senators introduced the Uphold Privacy Act, federal legislation that would restrict companies’ ability to collect or use information about personal health without user consent and prohibit profiting off of personally identifiable health data for advertising purposes
3. A class action lawsuit (Case 5:23-cv-01033-NC) was filed against online mental health counseling service BetterHelp, alleging that its sharing of identifying data and health information with third-party advertising platforms (despite promises that user health information would stay private) constituted a deceptive and unfair marketing practice.
TAKEAWAY
These developments, combined with increasing action from the FTC regarding health data privacy and progressing health data legislation in several other states, demonstrate that health data privacy is taking center stage in the eyes of legislators, regulators and plaintiffs’ attorneys.
Read more about the proposed FTC settlement with BetterHelp.
Three States Pass Comprehensive Privacy Bills Through One Chamber
The Hawaii and Iowa Senates and Oklahoma House passed comprehensive privacy bills, moving the legislation through to the opposite chamber.
TAKEAWAY
These states join Montana and Indiana, totalling five states that have passed comprehensive privacy legislation through one chamber in 2023.
All of these bills largely resemble existing comprehensive state privacy laws, with the exception of Oklahoma, which would be the first state to require explicit opt-in consent for the general collection and processing of personal information.
This is the third year that such legislation has passed the Oklahoma House, however, and previous attempts have failed to see movement in the Senate.
EUROPE
UK Introduces Data Protection Reform Bill
UK Technology Secretary Michelle Donelan introduced the Data Protection and Digital Information Bill, which her press release described as a “new common-sense-led UK version of the EU’s GDPR”.
According to the press release, the goal of the legislation is to take the best elements of GDPR and provide businesses with more flexibility, while still maintaining adequacy with the EU.
TAKEAWAY
The legislation still requires the same lawful bases for processing Personal Data as the UK GDPR (which may include consent or legitimate interest, among other bases). It also continues, like existing PECR, to require consent for access to terminal equipment for certain purposes.
However, it does provide more specific detail than the UK GDPR and PECR about the purposes that may constitute legitimate interest under the UK GDPR or an exception to the consent requirement under PECR, presumably to aid in taking the guesswork out of the consent process for businesses.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC warns tax prep companies against using trackers without consent
September 25, 2023The Federal Trade Commission sent warning letters to five...
Delaware governor signs comprehensive privacy law
September 18, 2023Delaware HB 154, implementing the Delaware Personal Data Privacy Act,...
Comparing U.S. state privacy laws: Sensitive Data
September 18, 2023How do different U.S. state laws define and protect...
Latest White Papers
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Ebook: A Publisher’s Guide to Vendor List Curation
December 16, 2021How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.