State Lawmakers Push Data Privacy Rules for Government Websites

Nevada’s vaccine information website reportedly planted more third-party cookies and ad trackers than any other state in the country.

Nevada Rep. Robin Titus during the 31st Special Session of the Nevada Legislature, Carson City, July 14, 2020.
Nevada Rep. Robin Titus during the 31st Special Session of the Nevada Legislature, Carson City, July 14, 2020.
David Calvert/The Nevada Independent via AP, Pool, File

CARSON CITY, Nev. (AP) — Following reports that Nevada’s vaccine information website planted more third-party cookies and ad trackers than any other state in the country, Republicans in the statehouse have introduced a bill to tighten the restrictions on how personal data can be collected from websites operated by government entities or other groups contracted to work on their behalf.

Assembly Minority Leader Robin Titus introduced a proposal Thursday afternoon. She said she requested a bill be drafted “as soon as I got wind that Nevadans seeking public COVID-19 vaccination information were being tracked.”

Her proposal would expand Democratic-sponsored policies passed through the statehouse in 2017 and 2019 that required certain websites post notices about data tracking and allow visitors to request to opt out. If passed, those requirements in the state's internet privacy law would include websites such as ImmunizeNevada.Org, where the state has directed residents in search of information about coronavirus vaccines.

A March investigation by the technology publication The Markup revealed the number of third-party cookies and ad trackers at ImmunizeNevada.Org and similar sites in all 50 states. The website is managed by the nonprofit Immunize Nevada and the advertising firm Estipona Group, which told The Associated Press that the cookies and trackers were “industry standard” and used to evaluate the effectiveness of their vaccine outreach efforts.

After The Markup's investigation, the website operators conducted a “full site audit” and reduced the number of third-party cookies planted.

Cookies are scripts placed in a website’s coding that is implanted in browsers to collect information on what people do online. Third-party cookies allow companies other than website operators to track users and frequently are used to sell data to advertisers.

Titus said reporting from The Markup and the Associated Press prompted her to introduce the bill and hoped to learn more about the third parties planting cookies on the state's vaccination site — specifically how and whether the data is being packaged and sold.

“I don’t think third-party data should be allowed (to be collected) when somebody is trying to make a health decision,” Titus said. “Our goal is to make sure people who need the COVID vaccine and want the COVID vaccine aren't afraid to get it. This is just one thing that may add to that pushback of getting the vaccine, if they don’t trust the government.”

State officials said the data was not being sold or used for advertiser re-targeting, but privacy experts told the AP that such an arrangement was unlikely and that third parties like Google and Facebook could package and use the data once collected like they do with other information.

Assemblyman Tom Roberts, a Las Vegas Republican, said ImmunizeNevada.Org differed from other websites because people in search of vaccine information in Nevada don't have dozens of other websites where they can find reliable information about vaccines and how to access them.

“We felt it was important enough to get out in front of this and put a bill draft in so that we can assure the public that we’re going to fix this and they can feel comfortable going to that website and getting vaccination information,” he said.

The Nevada Legislature is scheduled to adjourn May 31.

More in IoT