Senator Elizabeth Warren and Representative Mary Gay Scanlon plan to introduce an updated version of the Health and Location Data Protection Act to prevent AI companies and others from selling health and location data, including information shared with AI tools like ChatGPT and Claude.
- Ban on selling Americans' health and location data by AI firms
- Includes data shared with AI chatbots like ChatGPT and Claude
- FTC granted enforcement powers with $1 billion budget over 10 years
What happened
Senator Elizabeth Warren and Representative Mary Gay Scanlon are preparing to introduce an updated Health and Location Data Protection Act that broadens protections against the sale of Americans’ private health and location information. This version extends beyond data brokers to include companies using AI platforms, explicitly covering health data entered into services like ChatGPT, Claude, and others used in medical settings.
The original bill, first introduced in 2022, focused on data brokers alone, but the revised legislation responds to the growing role AI systems play in processing sensitive health information. AI companies have introduced healthcare-oriented products and encouraged users to upload medical records, raising concerns about potential misuse and data breaches.
Why it matters
As AI technology increasingly integrates into healthcare, users are sharing sensitive medical data with chatbots and AI services without comprehensive federal data privacy protections. This leaves consumers vulnerable to unauthorized access and commercial exploitation of their health information, often dependent on the companies’ privacy policies.
By explicitly banning the sale of these data to brokers and empowering regulatory bodies to enforce these rules, the bill aims to curb the lucrative trade in highly sensitive health and location data. The inclusion of funding and enforcement provisions signals a significant federal commitment to strengthening data privacy at a time when no overarching national framework exists.
What to watch next
In the coming weeks, the bill's formal introduction will set the stage for Congressional debate on AI-related health data privacy. Monitoring the responses from AI companies, healthcare providers, and privacy advocates will be key, as their cooperation or resistance could shape the bill’s final provisions and implementation.
The Federal Trade Commission will have 180 days to create the enforcement rules once the legislation passes, with a $1 billion budget over ten years earmarked for this purpose. Observers should track how the FTC and state authorities apply these regulations, as this could create new compliance requirements and reshape data handling practices in the AI and health sectors.