A group of Republican senators sent a letter to White House Coronavirus Response Coordinator Jeffrey Zients asking him to inform Congress how the Biden Administration plans to address data collection concerns following a recent Centers for Disease Control and Prevention (CDC) contact tracing order.
The order, which was issued on Oct. 25, 2021, requires airlines and operators to collect personal information from incoming international passengers, including American citizens. According to the order, airlines are required to collect a passenger’s full name, address while in the United States, primary contact phone number, secondary or emergency contact phone number, email address, date of birth, airline name, flight number, city of departure, departure date and time, city of arrival, arrival date and time, and seat number. Airlines are required to retain the required information for 30 days and transmit it within 24 hours of a request from the CDC.
The letter was signed by Sen. John Thune, R-S.D., ranking member of the Senate Committee on Commerce, Science, and Transportation, and Sens. Deb Fischer, R-Neb., Jerry Moran, R-Kan., Marsha Blackburn, R-Tenn., Rick Scott, R-Fla., and Michael Lee, R-Utah,
“It is unclear at this time whether the aviation industry is equipped to collect and retain more personal information from passengers than it does today and share it across multiple proprietary systems before responsibly and securely transmitting it to the CDC,” the senators wrote.
The CDC order gives airlines the option to submit contact tracing information to CDC via “an established DHS data system.” If airlines submit via this method, the CDC order notes that the Department of Homeland Security (DHS) will also submit this information into its Automated Targeting System (ATS), which will be retained for a minimum of fifteen years and used for non-public health purposes. It is unclear if consumers are aware of their data being potentially retained by the Federal government for a significant amount of time.
Once information is entered into ATS, the CDC order notes that permitted uses of established data systems include but are not limited to immigration enforcement, law enforcement, anti-terrorism, national security, and border security.
“It is also unclear whether the CDC has the data management capabilities to secure a new trove of personal information that would become a valuable target for both criminal hackers and cyber espionage agents of foreign governments,” the senators wrote. “The traveling public must be informed of the potential costs this order could impose on their privacy.”