Featured image of post Lawmakers Want to Ban AI Companies From Selling Your Health Data
Policy

Lawmakers Want to Ban AI Companies From Selling Your Health Data

staff writer

A bipartisan group of lawmakers has introduced an updated version of the Health and Location Data Protection Act, aiming to close loopholes that allow AI companies to collect, use, and sell Americans’ most sensitive personal information — including data entered into chatbots like ChatGPT, Claude, and Grok.

Senator Elizabeth Warren (D-MA) and Representative Mary Gay Scanlon (D-PA) are leading the renewed push, which comes as major AI labs race to build health-focused products. The original bill, first introduced in June 2022, prohibited data brokers from collecting and selling health and location data. The new version expands that ban to cover other companies that sell such data to brokers, and for the first time, explicitly includes information users share with artificial intelligence systems.

Why This Matters Now

AI companies have been aggressively moving into health care. In January, Elon Musk publicly urged users to upload medical records — including MRI scans — to xAI’s Grok chatbot. That same month, OpenAI launched ChatGPT Health, a sandboxed tab within ChatGPT designed for medical data, alongside ChatGPT for Healthcare, a tool aimed at medical providers. Anthropic quickly followed with Claude for Healthcare, marketed as a “HIPAA-ready” solution for individuals, hospitals, and health systems.

The problem? Current data protections for these tools “largely depends on what companies promise in their privacy policies and terms of use,” Sara Gerke, a law professor at the University of Illinois Urbana-Champaign, told The Verge. The United States still lacks a comprehensive federal data privacy framework, leaving consumers exposed.

What the Bill Does

The Health and Location Data Protection Act would:

  • Ban the sale of health and location information to data brokers, including data entered into AI systems
  • Require the Federal Trade Commission to enact implementing rules within 180 days
  • Provide $1 billion in funding to the FTC over ten years for enforcement
  • Allow enforcement by the FTC, state attorneys general, and affected individuals through private right of action

The bill is cosponsored by Senators Ron Wyden (D-OR) and Bernie Sanders (I-VT), giving it significant progressive backing.

“It’s more important than ever that we crack down on data brokers that are raking in giant profits from selling Americans’ most sensitive information,” Senator Warren said in a statement. “Especially as more people enter their private health data into AI, we need to make sure that information isn’t exploited by the highest bidder.”

The Bigger Picture

This legislation highlights the growing tension between the rapid rollout of AI health tools and the absence of guardrails around how user data is handled. Without federal privacy legislation, companies have wide latitude to determine what happens to information shared with their models — including data that could reveal medical conditions, prescriptions, or diagnoses.

If passed, the Health and Location Data Protection Act would represent one of the most significant federal efforts to date to address the intersection of AI, health privacy, and data brokerage in the United States.