Kia ora koutou,
Since my last introduction, in which I signaled that New Zealand was slightly relaxing its national lockdown (from alert level 4 to alert level 3), we’ve been lucky enough to enjoy a further relaxation of our COVID-19 response state. As of Wednesday last week, NZ has been at alert level 2, which has allowed for a significant return to “normal life.” Restaurants and retailers have begun trading again, families can reunite, and we can resume domestic travel. This is a privileged position to be in, and I hope our friends and colleagues elsewhere in the Asia-Pacific get there soon.
It’s no surprise that as Kiwis start to interact again on a relatively grand scale, the NZ Ministry of Health has released a contact tracing app — NZ COVID Tracer. What is refreshing, however, is that it appears this new app has succeeded in achieving public health and safety outcomes in a privacy-protective way. NZ Privacy Commissioner John Edwards has publicly supported the app, describing it as a “privacy-friendly solution for contact tracing that New Zealanders should feel secure in downloading and using.” Edwards, who was consulted during the development of the app, noted that it was created using privacy-by-design principles and ensured that information is used and shared for public health purposes only.
For those of you still grappling with privacy and public health debates and the risks of government-mandated technology, the privacy commissioner has also released a very helpful comparative overview of the contact tracing apps developed to date.
COVID-19 response is not the only cause for privacy concerns, however. The NZ police have been criticized for conducting an unapproved trial of controversial facial recognition software Clearview AI. While the police ultimately decided not to use the technology, the privacy commissioner was reported as being “a little surprised by this one,” noting he would have expected to be consulted. In Australia, the Australian Digital Health Agency revealed that the My Health Record system was potentially compromised in September 2019. However, the ADHA assured the public that it caught the vulnerability and managed it and that no health information was exposed.
Meanwhile, the IAPP continues in its efforts to support the global privacy profession virtually during the pandemic, including the release of an incredible set of