Kia ora koutou,

In the four weeks since my last digest introduction, New Zealand has seen a contained resurgence of COVID-19 cases, and Auckland has been moved back into a level 3 lockdown. This reminder of how precarious our situation is has generated a renewed government focus on contact tracing and reprised conversations here about the balance between public safety and individual privacy (on that, take a look at this interesting blog by the Information Accountability Foundation on balancing the right to privacy against other fundamental rights, such as the right to life in the COVID-19 context).

While the government has decided to push the national election date out to manage the current outbreak, this has not stopped rival political parties from using COVID-19 for leverage. In July, a member of Parliament resigned after it was revealed that he leaked information about COVID-19 patients — obtained from a party supporter — to the media. An investigation into the breach by the State Services Commission found that it was politically motivated and questioned why highly sensitive health information was being distributed so widely in the first place. This has prompted the NZ Privacy Commissioner to launch an inquiry into the distribution of COVID-19 patient information by the Ministry of Health.   

It has also been reported this week that the NZ government is working with controversial facial recognition company NEC to role out NeoFace to check photographs against its database and identify potential passport fraud. NEC stated that the software would not be used to conduct surveillance but solely for securely issuing passports.

Of course, regardless of the way this software will be used, the reality is that this and similar products have been developed using vast databases of images collected from unwitting individuals conducting their lives online. Anna Johnston of Salinger Privacy has reflected on just this issue in a recent article on privacy as a “public good.” “Privacy is a shared experience, where the actions of one can negatively affect the whole," she writes. "That is why privacy protection cannot be left to the choices made or controls exercised by individual consumers or individual citizens. It must be treated and managed and regulated as a public good, because privacy harms are increasingly collective harms.” In my view, this article is a must-read, thought-provoking piece on the way we frame privacy rights and data control.

Thankfully, the Auckland KnowledgeNet chapter managed to host an in-person event just hours before the new lockdown descended on Auckland. The event was a panel discussion with employment law specialist Carl Blake, Chief Information Security Officer Hilary Walton, and privacy professional Emma Pond on the topic of managing privacy in a remote-working world. It was a well-attended and very enjoyable event and hopefully the way we will all be connecting again before too long.

In the meantime, enjoy the digest. Stay safe, and be kind.

Nga mihi nui