Is Data Privacy the Next Legislative Frontier?

    Privacy issues remain a big concern for state lawmakers who are looking to strengthen privacy laws and protect consumer's personal information.

    There are only four states left to adjourn (California, Massachusetts, New Jersey, and Ohio) from legislative sessions, while the rest have recessed until the fall or won't resume until 2019. Lawmakers, however, are already raising and debating issues and bills to file for next session. Chief among these is how to protect consumer data in wake of the past year’s cyber breaches.

    Because more industries are using technology to streamline operational procedures, we are seeing an increase in the number of issues surrounding the collection and security of personal data. Due to the popularity of wearables and fitness trackers, the health club industry has also been experiencing issues with data privacy, and IHRSA is monitoring this trend at the state level to help clubs handle this sensitive information appropriately.

    Technology Data Desktop Newspaper Column

    Data Privacy Issues Reaching the Forefront

    In March, the wildly popular fitness-tracking app, MyFitnessPal (owned by Under Armour) revealed that hackers had compromised the data of more than 150 million users. Similar data breaches at Facebook and other companies have prompted a number of states to take action. We are seeing a number of legislative attempts to reduce data breaches by strengthening data privacy laws.

    In California, Assembly Bill 375 flew through the Assembly and Senate and will greatly expand consumer rights over their own information. The law, which goes into effect on January 1, 2020, allows California consumers to request businesses collecting their information to disclose what, how, and to whom they are collecting and selling it to/for. Consumers will also be able to opt out of the sale of their information to third parties. However, the law only applies to businesses that:

    • Have gross revenues in excess of $25 million;
    • Sell information of more than 50,000 consumers or devices; or
    • Derive 50% or more of revenues from the sale of personal information.

    In Rhode Island, House Bill 7111 would have given consumers the right to know which personal information was being collected by companies and to whom it was being shared and sold. Ultimately, the House instead passed a resolution to create a commission studying potential legislation that would protect consumer data.

    Data breaches are making consumers more protective of their information and making regulators more active in this area. Club owners need to be aware of the increase in devices both brought into the gym and being used by the gym. Consumers increasingly want more control and transparency over how their data is being used. Future privacy legislation could touch on information collected by health clubs, such as registration information, biometric data, and membership management software.

    Europe is also managing issues surrounding data privacy. In May, the European Union’s new privacy law, the General Data Protection Regulation (GDPR), went into effect. The comprehensive new rules mandate that personal data belongs to the consumer, and grants the consumer the opportunity to “opt-in” or “opt-out.” In response, U.S. Sen. Ed Markey (D-MA) has introduced a Senate resolution calling for U.S. companies and institutions covered by the GDPR to provide Americans with the privacy protections included in the European law.

    These are just a few examples which serve as a harbinger of the myriad data privacy legislation we expect to see in the upcoming legislative session.

    PHIT One Step Closer to Passage

    On Thursday, July 12, 2018, a modified version of the PHIT Act went through markup in the House and was reported out of the House Ways and Means Committee. The committee voted in favor of PHIT by a vote of 28 to 7. Now that PHIT has cleared this crucial legislative hurdle, it awaits consideration by the entire house.

    Reps. Jason Smith and Ron Kind—the original sponsors of PHIT (H.R. 1267)—introduced this modified version of PHIT on July 6. Now that the House Ways and Means Committee has accepted the bill, it is free to move forward, meaning it can be added to a larger legislative package and voted on by the House. The larger legislative package could be an HSA bill, part of tax correction legislation, or a number of potential pieces of moving legislation.

    Some of the changes from the original bill include:

    • Removal of exercise videos and exercise equipment from the definition of medical care;
    • Removal of golfing, sailing, hunting, and other expensive activities from the definition; and
    • It caps the use of HSA or FSA money for health club dues to $500 per individual and $1,000 per family. It also adds a cost of living increase to those totals.

    If the larger bill containing the PHIT provision passes, it would then move to the Senate for consideration. The Senate would most likely consider S. 482, introduced by Sen. Thune.

    This is positive news, and we should celebrate this win as we continue to push for a larger victory and healthier nation.

    As always, if you have a question or concern about legislative issues impacting the health and fitness industry across the country or locally? Email the IHRSA team. In the meantime, we’ll continue to analyze the action, so you know when to take yours.

    Author avatar

    Olivia MacLennan

    Olivia MacLennan previously served as IHRSA's Government Relations Coordinator—a position that supported IHRSA members in communicating with legislators while tracking legislation, drafting testimony and alerts, and responding to member inquiries on legal issues.