The changing face of privacy in a pandemic
Going to a restaurant or getting a haircut used to be a relatively fuss-free experience but some countries are now implementing a digital check-in system at public spaces to help with contact tracing and identifying infectious clusters. As governments globally scale-up technology to fight the pandemic, what are the trade-offs between privacy and security during this time?
Technology has enabled a crisis response in data collection through wearables and apps, but these solutions are contentious due to privacy issues. In June 2020, it was revealed that Britain’sNational Health Service shared the personal data of millions of British citizens with a secretive U.S. data-mining company Palantir, which raised concerns about the transfer of public health data to private companies. But even before the pandemic, privacy has been a major concern worldwide.
In 2013, an American whistleblower, Edward Snowden, leaked damning information about the extent of surveillance on U.S citizens and foreign nationals by the government. While that revelation reignited debates about privacy, the European Union already had a data protection directive as early as 1995when the internet was still in its infancy. That was eventually replaced by the General Data Protection Regulation, or GDPR, in 2016, which is now considered the gold standard for protecting data and privacy. While the United Nations also adopted a resolution in 2014 affirming the right to privacy in a digital age, there is no universal playbook on how privacy should be protected in a pandemic.
The European Data Protection Board, which oversees the GDPR, and the Organisation for Economic Co-operation and Development, or OECD, have called on governments to cease and reverse the exceptional use of data when the pandemic is over. Acknowledging the novel data governance and privacy challenges governments face when gathering data such as biometrics and geolocation, OECD also recommended that governments work with privacy watchdogs to ensure compliance and clarify regulatory uncertainties in a transparent and responsible manner.
The American Civil Liberties Union has also proposed that these tools should also be voluntary and not used for other purposes, such as law enforcement. The trove of data gathered during the pandemic is a double-edged sword. While it can provide solutions, the potential for misuse is high. At the end of 2019, there were more than 4billion active internet users or 53 percent of the global population. Researchers from the University of Southern California’s Center for Body Computing found that hackers are “becoming increasingly interested in the susceptibility of health data.
Health data can be predictors of potential health issues or even behavior, making it particularly valuable on the black market compared to other types of data. In 2018, state-sponsored hackers stole the records of 1.5 million patients from a cluster of healthcare institutions in Singapore, including the Prime Ministers. Then, the hackers targeted the Prime Minister’s medication data "specifically and repeatedly." Many countries have leveraged different methods to varying degrees of effectiveness in fighting the pandemic, and some have been deemed more controversial than others. Taiwan — with a population of almost 24 million — has less than 500 cases of Covid-19 and seven deaths at the end of July. Part of their success stems from a “digital fence” monitoring system. Home quarantine orders are enforced by monitoring the person’s location through mobile cellular signals.
Authorities will then be alerted if the person leaves the “digital fence". The Taiwanese government has also partnered with citizens to develop online and offline tools to fight the virus, including appthat tracks face mask availability. Countries like Singapore and Qatar have also launched mobile applications to help with contact tracing efforts or self-isolation measures. Qatar's app, which taps on GPS and proximity Bluetooth signals, is mandatory for all citizens and residents, while Singapore’s app is voluntary and does not collect any location data, relying solely on Bluetooth proximity signals instead. Shortly after their release, security flaws were found in apps used by countries such as Qatar, India, and South Korea, although they were quickly fixed.
South Korea’s app was found to contain a vulnerability that could expose private details of people in quarantine to hackers. The country, which has been lauded for its strategy to contain the coronavirus, also uses credit card information, phone call records, and even CCTV footage to form a more complete picture of the pandemic. Similar surveillance tools have been employed in countries such as India, Iran, Israel, and China. China’s cavalier approach to privacy has seen the country deploy drones, artificial intelligence, and security cameras to enforce quarantines and monitor public spaces. Beyond the hardware and software, the perception of privacy varies across different cultures.
On one end of the spectrum, we have China and its intrusive approach to harnessing data, while Germany is on the other end with its extremely cautious approach to privacy. And in the middle, you have East Asian countries such as South Korea and Singapore. There are two main approaches to contact tracing apps, and both versions rely on anonymized IDs to record interactions with nearby devices, which allows for complete privacy. The centralized approach, which has been adopted in Australia and France, involves the storage of Bluetooth signals from phones and devices in its proximity to a central server. This allows authorities to build a complete picture of all social interactions.
OpenSAFELY is a secure analytics platform that allows health information for COVID-19 analysis that allows the health information of millions of patients be shared without violating their privacy.Google Chrome version 83 includes new privacy and security updates as well as features delayed from version 82.
The decentralized approach, however, only stores Bluetooth signals from devices belonging to infected cases in a central server and not the devices nearby. The anonymized ID belonging to the infected individual will then be broadcasted to all phones with the decentralized app to check if they have been exposed. Germany, which initially backed a centralized approach, later reversed course to support decentralized contact tracing, similar to the “decentralized" apps used in Italy and Switzerland.
The goal of data collection in a pandemic is to provide decision-makers with accurate information to balance the supply and demand on hospital resources, masks, food, and ultimately, shape health and social policies during these extraordinary times. The focus, then, is on striking a balance between safeguarding public health and protecting individual rights. Technology giants Apple and Google, have taken the lead to collaborate on a solution based on a decentralized approach to data collection. And a growing number of countries are bowing to the Google-Apple model, including Germany, when Apple refused to lower its privacy settings on its iPhones.
While some analysts have lauded the Apple-Googlecollaboration efforts as an example of a public-private partnership for the public good, some governments are unhappy with the tech giants’ prescriptive approach. In a joint statement, five European nations called for more flexibility from Apple and Google in the design and application of their apps.
A group of 27 doctors and researchers led by Johns Hopkins University also recommended in a report, those technology companies should not control the terms, conditions, or capabilities of digital contact tracing. In a manner, a lot of the data collected during the pandemic isn’t new, but how it is collected and what is being done with it in a rapidly-evolving situation is. As we have seen in some countries, privacy and safety need not be mutually exclusive. Whether countries can strike that balance will set the tone for privacy even after the pandemic ends. Hey, guys. Thanks for reading it. We'd love to hear your privacy concerns, so share with us your thoughts.
Choosing providers that support data residency helps companies satisfy their customers’ increasingly regional expectations of privacy — especially when paired with a robust, globally-focused privacy program.Working with service providers that support data residency helps ensure that information can be collected, processed, and stored in a way that meets different expectations.