Data Privacy in the Time of Plague

76 Pages Posted: 29 Nov 2021 Last revised: 5 Aug 2022

See all articles by Cason Schmit

Cason Schmit

Texas A&M University

Brian Larson

Texas A&M University School of Law

Hye-Chung Kum

Population Informatics Lab, Texas A&M University

Date Written: November 20, 2021


Data privacy is a life-or-death matter for public health. Beginning in late fall 2019, two series of events unfolded, one everyone talked about and one hardly anyone noticed: The greatest world-health crisis in at least 100 years, the COVID-19 pandemic; and the development of the Personal Data Protection Act Committee by the Uniform Law Commissioners (ULC) in the United States. By July 2021, each of these stories had reached a turning point. In the developed, Western world, most people who wanted to receive the vaccine against COVID-19 could do so. Meanwhile, the ULC adopted the Uniform Personal Data Protection Act (UPDPA) at its annual meeting, paving the way for state legislatures to adopt it beginning in 2022. It has so far been introduced in three jurisdictions.

These stories intersect in public health. Public health researchers struggled with COVID-19 in the United States because they lacked information about individuals who were exposed, among other matters. Understanding other public health threats (e.g., obesity, opioid abuse, racism) also requires linking diverse data on contributing social, environmental, and economic factors. The UPDPA removes some barriers to public health practice and research resulting from the lack of comprehensive federal privacy laws. Its full potential, however, can be achieved only with involvement of public health researchers and professionals. This article analyzes the UPDPA and other comprehensive state privacy statutes, noting the ways that they could promote—and hinder—public health. It concludes with recommendations for public health researchers and professionals to get involved in upcoming legislative debates on data privacy. Lives will depend on the outcomes.

Funding: This study has received internal funding from Texas A&M University and no external funding.

Declaration of Interests: None to declare.

Keywords: data privacy, data protection, public health

JEL Classification: I18

Suggested Citation

Schmit, Cason and Larson, Brian and Kum, Hye-Chung, Data Privacy in the Time of Plague (November 20, 2021). Yale Journal of Health Policy, Law, and Ethics, Vol. 21, No. 1, 2022, pp. 152-227, Texas A&M University School of Law Legal Studies Research Paper No. 22-10, Available at SSRN: or

Cason Schmit

Texas A&M University ( email )

Langford Building A
798 Ross St.
College Station, TX 77843-3137
United States

Brian Larson (Contact Author)

Texas A&M University School of Law ( email )

1515 Commerce St.
Fort Worth, TX Tarrant County 76102
United States

Hye-Chung Kum

Population Informatics Lab, Texas A&M University ( email )

College Station, TX 77843
United States


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics