Digital Contact Tracing in the European Union - Best Practices for United States Legislators and Regulators?

Countries across the globe have been grappling with the COVID-19 pandemic and how to mitigate its spread. Digital contact tracing has emerged as one solution for managing the pandemic. With digital contact tracing, however, comes significant privacy challenges, in large part because of the sheer scope of sensitive data that is collected through digital contact tracing. The lack of a comprehensive federal privacy in the United States and its sectorial approach to privacy would leave potential digital contact tracing solutions largely unregulated. The European Union (E.U.), however, has been very active in issuing guidance related to digital contact tracing solutions, and how to achieve compliance with the E.U.’s comprehensive privacy regulation, the General Data Protection Regulation (GDPR). E.U. guidance could be instructive for U.S. legislators and regulators working on the privacy implications of digital contact tracing.