How Will COVID-19 Tracking Apps Affect Privacy?

By Brian J. Lamoureux May 20, 2020Cybersecurity

America is grappling with a compelling question during the coronavirus pandemic: should we allow Big Tech and the government to use our smartphones to track our movements, body temperature, and activities to slow the infection rate?

As explained by the wonderful documentary Terms and Conditions May Apply, history provides some guidance here. Twenty years ago, a little-known web-based toy company called filed bankruptcy. Toysmart proposed to sell its customer list as part of its bankruptcy process. This request implicated serious privacy concerns as Toysmart had promised its customers that it would never sell or disclose their information. Understandably, however, Toysmart’s creditors viewed the customer list as a valuable asset that should be sold to satisfy their claims.

After much public outcry (including an enforcement action by the Federal Trade Commission against Toysmart), Toysmart was allowed to sell its customer list. This resulted in tremendous outrage among privacy advocates, and spurred Congress into action. Congress immediately proposed a comprehensive online privacy bill called “The Online Privacy Protection Act of 2001.” This bill would have made it illegal for a website to “collect, use, or disclose personal information concerning” individuals in violation of rules to be set by the Federal Trade Commission. It would have also required websites to keep personal information confidential and secure.

But, before this bill could pass, something tragic happened: 9/11. Congress quickly realized that having private companies such as websites gathering lots of information about users might be a critically important tool in the newly-formed fight against terrorism. Unsurprisingly, the privacy bill went nowhere and instead Congress passed the Patriot Act, which expanded the government’s ability to obtain data in the war against terrorism.

This policy shift had three enormous impacts. First, it paved the way for social media and tech companies to create platforms based on gathering, using, and selling consumer information virtually free of regulation. Had the 2001 privacy act passed, those business models might have been unworkable due to the forthcoming FTC restrictions. Would Facebook have even been able to exist in its current form with such strong privacy regulation? Likely not.

Second, Americans showed that they were mostly comfortable trading certain liberties for safety (or at least in appearance). Desperate times understandably called for desperate measures. However, as the last twenty years have shown, perhaps it was not such a great idea from a privacy perspective to allow Big Tech and other data-driven companies to have the virtually unrestrained ability to gather, manipulate, use, sell, and monetize our personal data.

Third, we now see some serious consequences of this policy shift. It’s one thing to allow Big Tech and the government to access the movies we like, sports teams we follow, and friends we have on Facebook. But, now that the coronavirus pandemic is here, public health advocates seek to use Big Tech’s tools to access our current body temperature, movements, places we’ve visited, and people we sat next to on the subway or at Subway. Sure, these advocates correctly note that people could opt-out of these tools, but how soon before we see signs in restaurants saying “Green Status Customers Only?”

The pandemic requires a coordinated and strong response by government and society. Whether this response should include a wholesale trading of the privacy rights we held dear before the pandemic (such as our movements, health status, contacts, body temperature, etc.) is an open and serious question. We should pause and think before granting Big Tech and the government access to these highly personal data points. It is impossible and too early to tell whether granting this level of access to our personal data will be effective or what long term impact it will have on our privacy rights. One thing for sure, however, is that once this genie is out of the bottle, there is no going back. If you would like further information, please contact PLDO Partner Brian J. Lamoureux at 401-824-5155 or email

[This article was published in the Providence Journal, May 18, 2020 print edition, and can be accessed by clicking]



Disclaimer: This blog post is for informational purposes only. This blog is not legal advice and you should not use or rely on it as such. By reading this blog or our website, no attorney-client relationship is created. We do not provide legal advice to anyone except clients of the firm who have formally engaged us in writing to do so. This blog post may be considered attorney advertising in certain jurisdictions. The jurisdictions in which we practice license lawyers in the general practice of law, but do not license or certify any lawyer as an expert or specialist in any field of practice.

Back to Blog
Brian J. Lamoureux is a Partner with Pannone Lopes Devereaux & O'Gara LLC and a member of the Employment Law, Cyber Law, Litigation and Corporate & Business Teams. He is also Practitioner Faculty in Management (Business Law) at Providence College, his alma mater.

His extensive practice areas include complex commercial litigation, employment law, construction law, social media law, and creditors' rights. In addition to being an accomplished business litigator, he has developed into a nationally-recognized voice on cutting-edge legal issues relating to social media. He is a frequent presenter, published author, and broadcast commentator on the topic and regularly appears on WPRI-TV, NBC10 and NECN-TV, the nation's largest 24-hour regional news network. His recent newspaper columns and articles include Social Media Privacy Law Impacts EmployersShould Employees Use Facebook at Work?Privacy Rights Being Tested in the Digital AgeDigital Age Hiring Process Filled With DangerTexting in the Workplace? Dangers Abound, Email Privacy Not a Guarantee in Workplace, and Worry About Workplace Prejudice? Clean Up. Mr. Lamoureux's work has also been published in the Providence Business News and Rhode Island Lawyers Weekly.

He successfully briefed and argued before the First Circuit Court of Appeals in a case confirming surety's rights to indemnification. He was lead counsel in a successfully resolved certified class action regarding the demutualization of an insurance company before the U.S. Bankruptcy Court for the District of Rhode Island, and served as trial co-counsel in one of the largest defense jury verdicts in the Federal District Court in Massachusetts.

Mr. Lamoureux has been honored for his achievements by the Providence Business News and was selected as a member of its 2011 Class of "40 Under Forty."

He earned his J.D., magna cum laude, from the Syracuse University College of Law, where he was a member of the Syracuse Law Review and Moot Court Honor Society. At the same time, he received a Master of Public Administration from the Maxwell School of Citizenship and Public Affairs. He also holds a Master of Arts degree in Political Science from the University of Rhode Island, where he was a teaching assistant in American Government and International Relations, and a B.A. in Political Science, cum laude, from Providence College.

Prior to joining PLDO, Mr. Lamoureux was a litigation partner in a large international AMLaw 200 firm. He is admitted to practice in state and federal courts in Rhode Island and Massachusetts, and is qualified to serve as a receiver in Rhode Island Superior Court. Mr. Lamoureux is also admitted to practice before the U.S. Supreme Court. To reach Attorney Lamoureux, please call 401-824-5100 or email

Leave a Reply