Greetings from Brussels!
More precisely, greetings from a state of confinement in the heart of Europe. Like other EU member states, Belgium has entered an accentuated phase of shutdown in a controlled effort to contain the spread of COVID-19 and take some of the burden off our courageous medical practitioners and establishments. I may be more fortunate than others in that I have a fully functional home office, so I am able to hole up in the den for extended periods of time. The entire IAPP is now working remotely until future notice; it’s the new normal for now.
As you may have read in my notes of early March, technology platforms are being used and exploited in and around the COVID-19 pandemic with varying degrees of implication for privacy rights. These are extraordinary times we are witnessing, and no one can escape the societal and economic impacts the pandemic has brought to bear. There has been much praise for South Korea of late, a country that ranked as one of the worst hit by the virus outbreak in early March. The Koreans have been lauded for their embrace of technology, not only to support an effective and transparent response to its citizens, but also as a weapon against the virus.
The authorities decided early on to adopt two fundamental values to address the outbreak. First, it was considered that securing public participation through a policy of openness and transparency was critical. Second, they felt they needed an innovative approach to problem-solving by encouraging creative thinking and using the depth of available technology to develop a rigorous and meaningful crisis response.
Under the South Korean Infectious Disease Control and Prevention Act, it is provisioned that the public has the right to be informed of response results. The government has subsequently been holding briefing twice a day since early March. In the balance, the law also grants the authorities comprehensive access to information resources, including a trove of personal data. There is a relatively detailed interactive map that charts infection locations and related statistics. The government is sharing “live” data mapping with citizens.
There are numerous media reports on the use of technology in South Korea. For example, authorities have been able to back-track the movements of infected citizens via mobile location information and satellite technology, as well as banking transaction information. Armed with this information, the authorities have been publishing data via apps that, in turn, leverage geo-localization technology, informing the public of areas with high infection rates to avoid. Apps are also offered to those in self-quarantine (with mild symptoms) who can self-diagnose with systematic reporting to the medical authorities. Generally, South Korea has become a benchmark in leveraging technology in the “corona combat.” However, they are not alone. Asia as a whole has been fairly prolific in its adoption. Here is a World Economic Forum article that provides a decent summary of how this is being achieved.
On the surface — and under the exceptional circumstances in which we find ourselves — such personal data-processing measures seem plausible, even sensible. However, here in Europe, the reality of privacy rights as provisioned under both the ePrivacy Directive and GDPR pose significant hurdles for member state legislators and regulators. While emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate response, adequate safeguards and right to judicial remedy would also be an obligation. Importantly, a concern already expressed in Asia, what of the legitimacy and potential legacy post-pandemic? We may be in a “new normal,” but what level of normal are we willing to tolerate once the dust has settled?
If you want to comment on this post, you need to login.