VCH declined an interview and provided an email statement that said, in part, their health authority “has clear privacy protocols to protect patient information and we take breaches of privacy extremely seriously.” They also said they recently made changes to their systems to limit patient information sent through paging broadcasts and are working with B.C.’s Office of the Information and Privacy Commissioner as they “move to alternate technologies.”.
Public health vs. privacy: Read the lawmakers’ letter“An unprecedented crisis of this magnitude calls for an all-of-society response, including partnering with the private sector, to protect the health of Americans, but we must not lose sight of the civil liberties that serve as the foundation of our country,” the lawmakers wrote. The trio also voiced concern that search data relating to COVID-19 — for example, the data that’s provided when users look up testing stations on Verily’s Project Baseline screening site — could be applied in discriminatory ways. Government agencies might deny benefits to a user suspected to have COVID-19, or insurance companies might deny coverage.
The idea of using location data to track the virus has come up in several contexts:
- Israel’s Shin Bet security service has been using cellphone surveillance to locate people who may have the virus — and send those people text alerts. Just today, Israel’s Supreme Court ruled that the surveillance system couldn’t be used unless the nation’s parliament sets up an oversight committee.
- Seattle epidemiologist Trevor Bedford has proposed using a cellphone-based system to identify and notify people who may have come close enough to a coronavirus carrier to be exposed to the virus themselves. The system is part of a wider strategy to stop the outbreak. Bedford argues that the benefits of tracking the virus through location data “outweigh the costs for the time being.”
- A startup called Kinsa Health says it’s tracking the virus in real time, using more than a million high-tech thermometers that are connected to the internet. Kinsa executives told The New York Times that the system identifies COVID-19 hotspots by looking for areas with unusual clusters of users who have fevers.
In their letter, the lawmakers said they supported bold measures to address the coronavirus crisis. But they urged the White House to implement a set of procedures to protect individual privacy:
- The federal government should aggregate or minimize data to what public health experts identify as necessary. Data sets should be anonymized where practicable.
- Private companies should be limited to collecting only data specific to the COVID-19 crisis, and should not use that data for other purposes such as targeted advertising.
- Government agencies should be prohibited from transferring information to entities that aren’t involved with the public health response to COVID-19. “Under no circumstances should this data be shared with law enforcement or immigration agencies,” they write.
- Data should be transferred and stored using the highest cybersecurity protocols.
- There should be a prohibition on attempts to re-identify specific individuals from aggregate or anonymized data sets.
- When the pandemic has run its course, government agencies and contractors should be required to delete identifiable data.
The lawmakers also called upon administration officials to consult leading computer scientists, experts on privacy and ethics, and public interest organizations to ensure that their policies “preserve and protect privacy to the greatest extent possible.”