If the CDC bought data showing the messaging performed worse than average in my zip code I'd consider that a clever use of public funds. If they bought data showing whether I followed the rules I'd be furious.
This article comes very close to implying the CDC bought individually identifying data without explicitly saying it. That's disingenuous when all they have is a purchase order with a dollar amount and vendor name.
The root problem here is that these databases exist in the first place. Even if the CDC were prohibited from buying them directly, they would just use commercial intermediaries to analyze and inform policy. The only way to start getting mass surveillance under control is for the US to get some privacy laws that have teeth, like the EU's GDPR. Surveillance companies like "Safegraph" and "Cuebiq" shouldn't even exist.
This article comes very close to implying the CDC bought individually identifying data without explicitly saying it. That's disingenuous when all they have is a purchase order with a dollar amount and vendor name.