New Hampshire Plans a Broadband System, Microsoft on Californian Privacy, and Google Collects Medical Data

New Hampshire state legislature is in the works of forming a bill authorizing multi-town districts for the purpose of establishing a broadband system, Government Technology reports.

Although the bill has yet to be finished, said State Sen. Jeanne Dietsch, its framework will help the smallest towns that can’t attract a broadband provider on their own.

The legislation also contains the legal stipulation that municipal districts will work with private companies. This was based off a law signed earlier this year by Gov. Chris Sununu, which authorized municipalities to engage in multi-town bonding projects.

The incoming bill is partially inspired by Vermont’s East Central Vermont Telecommunications District, comprised of 23 towns partnering with the company ValleyNet for its fiber build.

“We modeled it on New Hampshire sewer districts just because that is language that’s already familiar to our legislators, and it’ll be much easier for them to pass it that way than to try to make it look like Vermont,” Dietsch said.

Microsoft vows to extend compliance of California privacy laws to the entire country

In the wake of California’s landmark data privacy law, Microsoft announced Monday that it would honor the “core rights” provided to Californians and expand that coverage across the entire United States, The Verge reports.

The company will extend the main principles of the California Consumer Privacy Act, according to Microsoft Chief Privacy Officer Julie Brill.

“Under CCPA, companies must be transparent about data collection and use, and provide people with the option to prevent their personal information from being sold,” Brill wrote in a company blog post. “Exactly what will be required under CCPA to accomplish these goals is still developing.”

Microsoft will closely monitor any changes to how the government asks companies to enforce the new transparency and control requirements under CCPA, Brill added.

Congress, meanwhile, is in the midst of its own data privacy fight. Democratic lawmakers argue that any national legislation should leave California as a baseline and extend those protections across the country and add more protections if necessary. Republicans and industry stakeholders, on the other hand, disagree and are broadly convinced that CCPA goes too far and any federal law should nullify it and any other state laws in order to stave off a “patchwork” of privacy regulations.

Google and Ascension have begun to collect personal health data from millions

Google has teamed up with health system Ascension to collect medical data, Wired reports. Project Nightingale, which reportedly began last year, includes sharing the personal health data of tens of millions of patients across the nation.

Google’s main role in the project is to develop AI-based services for medical providers. Another major aspect involves creating a health platform for Ascension that can suggest individualized treatment plans, tests, and procedures.

According to Google, its arrangement with Ascension grants the company identifiable health information, but with legal limitations. Under the Health Insurance Portability and Accountability Act, patient records and other medical details can be used “only to help the covered entity carry out its healthcare functions.”

However, the federal healthcare privacy law allows hospitals and other healthcare providers to share information with its business associates without asking patients first. Because HIPAA defines the functions of a business associate so broadly, said Mark Rothstein, a bioethicist and public health law scholar at the University of Louisville, healthcare providers can divulge sensitive information to companies patients may not expect.

“The fact that this data is individually identifiable suggests there’s an ultimate use where a person’s identity is going to be important,” Rothstein said. “If the goal was just to develop a model that would be valuable for making better-informed decisions, then you can do that with deidentified data.”