TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | On balancing personal privacy with public interest Related reading: UK-US Data Bridge becomes law, takes effect 12 Oct.




It's hard to imagine going through a day right now without thinking about COVID-19, the disease caused by the coronavirus. You likely already know the basic facts: It appears to have originated in Wuhan, Hubei Province, China; the disease can cause severe illness in people, including death, though, according to the U.S. Centers for Disease Control and Prevention, serious illness occurs in only 16% of cases; the disease is rapidly spreading around the world; and there's still a lot of unknowns surrounding this novel disease. 

Not only is the spread of COVID-19 a public health concern, it's also roiling global markets and stymieing domestic and international travel. It's something we here at the IAPP are responding to, as well, with the postponement of our Data Protection Intensive: UK 2020 event.

The disease is also challenging privacy norms around the world and driving the conversation about the ethical use of data. 

Should governments have access to telecommunications and internet service provider data to monitor and control population movement during an epidemic? Should governments share that data across borders to facilitate an effective response? What about monitoring health in public spaces, like airports, the workplace and schools? Should organizations and researchers have access to health care records to expedite a vaccine or cure?

True, personal privacy, dignity and self-determination are foundational elements of what it means to be human in a free society. But it's also true that public health and safety support a free society that allows us to exercise our human rights — at least in Western democracies. 

Where should the balance between the public interest and personal privacy reside?

It's a question that was discussed in depth by United Nations Global Pulse Legal and Privacy Specialist Mila Romanoff and IAPP Chief Knowledge Officer Omer Tene back in 2018. The joint report between the IAPP and UN, "Building Ethics Into Privacy Frameworks For Big Data and AI," looked at how organizations of all stripes can operationalize data ethics and international best practices, including during a pandemic.

Robert Kirkpatrick, director of UN Global Pulse at the time, summed up the issue succinctly in 2018, noting that "ethical decision-making requires minimizing not only the risk of data misuse, but also that of missed use, that is, of leaving crucial data resources untapped in the global fight against famine, plague and war." 

No doubt, businesses and organizations around the world have been rapidly investing in and adopting technologies, like artificial intelligence, to increase profits and improve analytics for data-driven decision making and risk management, as well as bolster law enforcement initiatives. Once a public health or safety issue hits, however, it's easy to use this same technology to surveil the populace, meaning the ethical use of this data will be paramount to a post-COVID-19 world.

So, how's it playing out so far?

Being a more authoritarian regime and ground zero for COVID-19, China's response has been comprehensive but also Orwellian.

Take, for example, its use of drones to demand that citizens — even lone farmers in disparate parts of the country — go home. Through speakers on the UAVs, police and public officials bark orders at unsuspecting pedestrians and villagers. It feels dystopian. 

A recent article from the South China Morning Post sheds light on the acceleration of data collection in China. Real-name registration and facial recognition are now being used during "over-the-counter purchases and all forms of public transport," the article states. "In the southern province of Guangdong, local authorities said residents must register with their real names when purchasing fever and cough medications at pharmacies so that officials can follow up with them. In the tech hub of Shenzhen, commuters have recently been asked to provide their full names before they can use the subway." 

Other citizens must provide their personal information via QR codes before traveling by bus, train or taxi. If they don't, they cannot travel. (Talk about take-it-or-leave-it consent!) One QR code system, rolled out by Ant Financial's Alipay, assigns citizens one of three codes — green, yellow or red — that then determines whether they can travel. It's not clear, however, how transparent and accurate the color-coding system is. 

Citizens' geolocation is also tracked by telecommunications platforms. Additionally, one of China's largest cybersecurity companies has released an app "that lets users check if they have been on a train or plane with someone who contracted the virus." 

South Korea, another area so far hit hard by COVID-19 with more than 5,000 confirmed cases and at least 30 fatalities, also has an alert system, but the sheer amount of data that is collected and shared is creating an environment replete with increased social stigma.

The government is alerting people if they have been in the vicinity of a patient. Though the data is meant to be anonymized, it's often possible to reidentify the people involved. "No names or addresses are given," the BBC reports, "but some people are still managing to connect the dots and identify people. The public has even decided two of the infected were having an affair." Others face "judgement or ridicule online." 

After the MERS outbreak in 2015, South Korea, which had been criticized for withholding data of patients, amended its laws to improve its ability to track people. Goh Jae-young, an official at the Korea Centers for Disease Control Prevention, told the BBC, "At first we interview the patients and try to gather information, emphasizing that this affects the health and safety of the entire people. ... Then, to fill in the areas they perhaps haven't told us, and also to verify, we use GPS data, surveillance camera footage, and credit card transactions to recreate their route a day before their symptoms showed." 

Singapore is also closely tracking known infections. One website — pointed out on Twitter by @RyutaroUchiyama — shares where an infected person lives and works, the hospital to which they've been admitted, among other information. Hong Kong has released a similar dashboard here

Increased data collection may be helping to slow the spread of the disease, while many citizens appear to have offered little resistance to the increased surveillance. But what happens once the disease is contained? How can any of this be temporary? Like a tax, once a shift in surveillance norms has taken place, is it hard to shift back? Will this increased surveillance and social control spread to the West?

It's instructive to look back at the joint report between the IAPP and UN about building ethics into privacy frameworks for big data and AI. To once again quote the UN's Robert Kirkpatrick, "As global efforts to develop new frameworks around the responsible use of emerging technologies begins to take shape, it is imperative that they address not only the human rights implications of 'misuse,' but also those of 'missed use.'" 

Let's hope we continue to assess this line and continuously build ethics into our frameworks so we don't mistakenly transform our world into a dystopia. 

Photo by Cory Schadt on Unsplash


Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.