Why are we needed
We’re clearly living a new challenge, but if we zoom out we’ll notice that surveillance of infectious diseases is not something new at all. But this time, the crisis is so quick and widespread, that we don’t have the luxury of time. Which is why we need to be overly cautious as we overrule privacy requirements to combat Covid-19 via technological innovation
While there are quite a few privacy aspects that have the potential to be abused, a few remain on top of our minds as we perform the review and advice to the regulators and developers:
- Discrimination: There is a historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race, rather than facts about a particular individual’s actual likelihood of contracting an illness, such as their travel history or contact with potentially infected people.
- Transparency: When we need to move fast, the chances of forgetting this principle are pretty high. Any government use of large-scale data to track the virus spread should be clearly explained to the public. This includes the publication of detailed information about the information being gathered, the retention period for that data, the tools used to process them, and the way these tools guide public health decisions.
- Proportionality: A software that collects large-scale, identifiable information about people, must be justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. Proportionality applies to the measures themselves: the data surveillance infrastructure we’re going to build in these months should not long outlive the crisis it is intended to address.
- Abuse and Misuse: Entities collecting data specific to the COVID-19 crisis, such as information about individuals who are searching for testing centers or information about the disease, must not be able to use such data for any other purpose. The data must not, for example, be combined with behavioral targeting data or be used to train machine learning algorithms to improve advertising. Let us also not forget the malicious actors who are already targeting several organizations to get their hands on sensitive health and location data, therefore, security is going to be essential.
There is no need to suspend the rules on the protection of personal data. The way we’ll manage this clash between fundamental rights is the way we’ll shape our “new normal”.