Last year, with the shockwaves of the Cambridge Analytica scandal still echoing, the U.S. Federal Trade Commission fining Facebook $5 billion, and the U.K. Information Commissioner's Office announcing its intention to fine British Airways and Marriott hundreds of millions of pounds, we thought privacy had reached its zenith. California privacy advocates were stirring Washington, D.C., into legislative action, Brazil and India competing to put in place comprehensive privacy laws, 500,000 organizations appointing data protection officers in the EU alone, and an industry of privacy tech vendors emerging. Surely, we thought, this can’t be topped.
Well, think again. Over the past few months, since the World Health Organization’s March 11 announcement of COVID-19 as a pandemic, privacy has emerged front and center of every possible public health and economic policy debate. Work or study from home? This raises a plethora of privacy issues about platforms’ data practices, the blurring of the line between employees’ private and work life, online proctoring of exams, not to mention the all-too-common “I forgot my camera or microphone on while Zooming” experience. Privacy 1, pandemic 0.
Back to the office? Get ready for a long, complex privacy checklist. Measuring employees’ temperature? Don’t forget to protect their privacy. Testing employees for COVID-19 or antibodies? Requiring employees to fill out health questionnaires about themselves, their relatives and friends? Contact tracing for employees either manually or via new apps? Privacy, privacy, privacy. What do you do if an employee reports symptoms? Who do you tell or not tell? And what data can be shared with fellow employees, with corporate management, customers, public health authorities?
On and on it goes, privacy questions abound, and Congress is stirred to action with COVID-19 privacy bills coming in rapid succession from both sides of the aisle in both chambers. Prepare for an onslaught of new acronyms: EEOC, OSHA, ADA, ADEA, FLCA, FFCRA. I’m not kidding. And that’s just U.S. law. There’s also state regulation, and, in fact, county and city, and, wait, what about Europe? There, the European Data Protection Board and European Commission are hurrying to augment guidelines by 27 national data protection authorities.
And those are just the employment and education privacy issues. There are also matters involving new technologies, such as a garden variety of proximity-based contact tracing apps, not to mention antibody passports and individual risk scores. Moreover, this being a public health crisis, questions arise about access to data for research purposes, big data, scientific progress — but let’s make sure we don’t forget individual rights, fairness, equity. Somebody get a privacy professional in the room!
You get the point. If you thought privacy was a growth issue in 2019, you ain’t seen nothing yet. 2020 is emerging as the year of privacy and COVID-19. Recognizing these new privacy needs, the IAPP launched a new research project together with EY, the "IAPP-EY COVID-19 Privacy and Trust Research Project." Through both quantitative and qualitative surveys of the industry, policymakers and consumers, the IAPP and EY will flesh out new privacy questions emerging from the crisis and follow new industry trends. In Wednesday’s first installation, we report on issues such as remote work, employee health monitoring and data sharing with third parties and government agencies.
Of course, the pandemic-inflicted economic carnage did not entirely skip over the privacy profession. As corporate budgets contract, privacy, too, feels the crunch. But fortunately, perhaps due to the ballooning of privacy problems and the relative resilience of a market that’s driven by regulation, as of April, 72% of privacy professionals expected no or only a small reduction in privacy staff, while 81% expected no or only a small reduction in privacy budgets.
For the next few months, we will continue to follow these developments. We will report periodically on the issues that occupy privacy professionals, regulators and consumers — and keep our fingers on the pulse of the market for privacy pros, as it deals with not only the grave health care crisis and great economic upheaval, but also new policy debates, presented by COVID-19.
Photo by Brian McGowan on Unsplash
The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities.
If you want to comment on this post, you need to login.