Bill Overview
Title: My Body, My Data Act of 2022
Description: This bill establishes protections, subject to certain limits, for personal reproductive or sexual health information. This includes information relating to past, present, or future surgeries or procedures, such as the termination of a pregnancy. Specifically, commercial entities, including individuals, nonprofits, and common carriers, may not collect, retain, use, or disclose personal reproductive or sexual health information except (1) with the express written consent of the individual to whom such information relates, or (2) as is strictly necessary to provide a requested product or service. Commercial entities also must provide individuals with access to, and a reasonable mechanism to delete, any of their reproductive or sexual health information upon request. Further, commercial entities must maintain and publish a privacy policy describing their practices with respect to such information. The bill's provisions do not apply to entities that are subject to certain existing health-related privacy regulations, such as the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996. Additionally, the provisions do not apply to the disclosure of personal reproductive or sexual health information for the publication of newsworthy information of legitimate public concern. The bill provides for enforcement by the Federal Trade Commission and by private civil actions.
Sponsors: Sen. Hirono, Mazie K. [D-HI]
Target Audience
Population: Individuals concerned about the privacy of their reproductive or sexual health information
Estimated Size: 280000000
- The bill applies to commercial entities that handle personal reproductive or sexual health information, which could have global users or customers.
- The global population that may seek reproductive or sexual health services and whose data could be collected by commercial entities is quite large.
- Reproductive and sexual health data can pertain to a wide range of services, including common medical services like contraception and pregnancy-related care, available worldwide.
Reasoning
- Given the scope and scale of the policy's impact, it is essential to choose a diverse set of individuals representing various demographics such as age, gender, occupation, and location across the United States.
- The policy has an extensive reach due to its subject area (reproductive health data), affecting a broad cross-section of the population who use digital services related to health.
- While the budget determines the scale of implementation and enforcement (impact level), it is vital to choose individuals who directly interact with services that collect reproductive health data.
- Many people may experience different levels of impact based on their interaction with the healthcare system, their digital footprint, and their level of concern regarding data privacy.
- The interview should cover both people who are immediately concerned or impacted by the policy and those who might be indirectly affected or see little change.
Simulated Interviews
Software Engineer (Los Angeles, CA)
Age: 32 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 12/20
Statement of Opinion:
- I value my privacy, especially when it comes to health apps.
- This policy sounds like a step in the right direction for protecting sensitive information.
- It would make me more comfortable using apps that require reproductive health data.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 5 |
Marketing Executive (Chicago, IL)
Age: 45 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 1.0 years
Commonness: 15/20
Statement of Opinion:
- Privacy policies are complicated, and it's hard to know what happens to our data.
- I think the policy could benefit us but seems focused mostly on reproductive health, which is not my main concern.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 6 | 5 |
| Year 20 | 6 | 5 |
Graduate Student (Portland, OR)
Age: 23 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 10.0 years
Commonness: 8/20
Statement of Opinion:
- This policy aligns with my interests in protecting digital rights and health information.
- I'm glad to see steps being taken to safeguard data, but wonder about enforcement and accountability.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 7 | 5 |
| Year 3 | 7 | 4 |
| Year 5 | 8 | 4 |
| Year 10 | 8 | 4 |
| Year 20 | 8 | 4 |
Primary School Teacher (Miami, FL)
Age: 39 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 20.0 years
Commonness: 10/20
Statement of Opinion:
- Expecting a baby makes privacy top-of-mind, especially with apps tracking my health.
- It's great to hear this policy is addressing information privacy.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 9 | 8 |
| Year 2 | 9 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 6 |
| Year 20 | 9 | 5 |
Freelance Photographer (Austin, TX)
Age: 27 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 2.0 years
Commonness: 17/20
Statement of Opinion:
- I don't usually think about data privacy, but it's good to know someone is.
- If this policy limits misuse of my data, it will definitely increase my trust.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 5 |
Nurse Practitioner (Boston, MA)
Age: 52 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 5/20
Statement of Opinion:
- I see this as a critical policy for patient and user trust.
- Hopefully, it will standardize practices across apps that collect health data.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 6 |
| Year 20 | 8 | 6 |
Journalist (New York, NY)
Age: 31 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 15.0 years
Commonness: 7/20
Statement of Opinion:
- Having reported on data breaches in the past, this policy seems promising to mitigate risks.
- It raises the question of how soon and how effectively enforcement can happen.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 8 | 4 |
Retired (Phoenix, AZ)
Age: 66 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 16/20
Statement of Opinion:
- Privacy is very important, but I often need help understanding all the settings.
- This policy could help bring peace of mind about data security.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 6 | 5 |
| Year 20 | 6 | 4 |
College Student (Atlanta, GA)
Age: 19 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 8.0 years
Commonness: 9/20
Statement of Opinion:
- Privacy is crucial, and it's crucial for us younger folks as we use many apps.
- Efforts like this policy are fundamental to protect us better.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 7 | 4 |
| Year 3 | 8 | 4 |
| Year 5 | 8 | 4 |
| Year 10 | 8 | 4 |
| Year 20 | 8 | 4 |
Small Business Owner (Seattle, WA)
Age: 58 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- As a business owner needing customer trust, data privacy is essential.
- The policy could bolster confidence among consumers and foster better business practices.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 6 |
| Year 20 | 8 | 5 |
Cost Estimates
Year 1: $75000000 (Low: $50000000, High: $100000000)
Year 2: $70000000 (Low: $45000000, High: $95000000)
Year 3: $70000000 (Low: $45000000, High: $95000000)
Year 5: $65000000 (Low: $40000000, High: $90000000)
Year 10: $60000000 (Low: $35000000, High: $85000000)
Year 100: $50000000 (Low: $30000000, High: $80000000)
Key Considerations
- The bill aims to strengthen data privacy, which is increasingly becoming a critical concern for individuals worldwide.
- Commercial entities need to establish new compliance mechanisms, impacting various industries differently based on their reliance on personal data.
- Legal and regulatory compliance will be vital to avoid penalties or reputational damage, driving overhead costs for targeted businesses.