By Finn Raben
Across the globe, governments and technology companies are busy exploring solutions to combat the COVID-19 pandemic. Track and trace apps have been proposed or are being used in many countries to locate outbreaks of the virus and impede further cases, while other countries are using facial recognition software, and mobile data to monitor lockdowns. In an unprecedented coalition, Apple and Google have joined forces to create an app for track and tracing.
While it’s vital to use technological resources for positive causes, the data collection processes involved in these developments are a challenge for data protection and privacy. In the understandable rush to create these tech-based solutions in order to save lives, are our human rights to privacy and protection being impinged or even ignored?
Many countries have already employed technology to help prevent the spread of COVID-19, raising ethical data collection issues across the world. In Israel, for example, the government began by utilising existing counter-terrorist tracking technology which monitors citizens’ location data through their mobile devices without consent, to track the movements of infected people, alert people around them and enforce quarantine measures. This was stopped by the Supreme Court who ruled that only those citizens who tested positive to COVID-19 could be subject to a digital review of their movements. Facial recognition software is being used in China, to tell whether people are wearing masks, and in Russia, to tell whether people are breaking quarantine. In Poland, those completing a 14-day isolation are required to take a geo-located selfie every day.
While the motivations behind these practices may be good, this use of technology poses a great threat to data protection and privacy. These practices require substantial numbers of people to hand over large volumes of personal data – their locations, appearance etc. This is often done without their knowledge, and without a full explanation of what the data is being used for, how long it will be kept, who will have access to it, and what protections and security measures will be employed to prevent misuse. Although governments are beginning to make changes to ensure more data protection and privacy for citizens when utilising technology to combat COVID, there is a long way to go to ensuring that these practices are completely safe and provide full data rights to those using them.
The US is one example of a country introducing legislation to give those providing their data more rights over it. According to Business Insider, although more states are in the process of considering apps to track and trace cases of COVID-19, just three US states have committed to track and trace using the Google/Apple app so far, and new legislation is being passed to prevent abuse of the data collected. Amongst other things, the bill would require anyone who operates an exposure notification service to collaborate with public health authorities, requires usage of the app to be voluntary, and blocks the commercial use of any data it might collect. And last week the UK also u-turned on their plans to use an app that did not comply by data rules set out by the EU.
With any chance of a COVID vaccine being in the distant future, we have little understanding of how long these track and trace practices will need to be in place. How long will apps be necessary and how much data will need to be collected for the initiatives to be successful? If governments aren’t practicing ethical data collection, will the implementation of these apps lead to the normalisation of un-ethical practices and set a precedent? The actions we have seen in the US and UK are a good start, but more governments around the world need to introduce legislation and take action so that COVID-19 does not have long-lasting negative impact on our freedom and privacy.
Despite recent developments, it is possible for organisations and governments to practice ethical data collection when it comes to COVID. ESOMAR has been a champion of ethical data collection and use for the benefit of individuals’ privacy for more than 70 years and is instrumental in ensuring that the expertise of the data and insight industry is informing legislators on data protection and privacy across the globe. There are a number of things that organisations can do to practice ethical data collection while using technology effectively, but the first thing every company or government must remember is that each piece of data reflects a living person and that the data belongs to that person – not you as an organisation. Companies and governments should invest in the human and technological resources that allow them to manage flows of data responsibly, should be accountable for the data in their possession and be fully transparent with those whose data is being collected. Suppliers which are contracted by governments to develop and deploy these apps should also be accountable not just under the law, but also by adopting pre-existing Codes of Conduct which have guided many sectors to adopt responsible data collection and use practices.
Our 2019 study completed with HERE Technologies into data transparency and trust found that 70% of consumers in the US would be very likely to share personal data if they understood that their personal data is being stored safely and securely, while two thirds very likely to share personal data if the data collector is clear about why their personal data is needed and how it will be used. Data suggests that there is a reluctance in many countries to download apps for tracking and tracing, So, for companies or governments looking to gain data, transparency with consumers or citizens is key.
In these unprecedented circumstances, governments need to build trust with citizens who they expect to part with their data. A survey conducted by Seoul National University’s Graduate School of Public Health found that 78.5 percent of respondents would sacrifice the protection of their privacy rights to help prevent a national epidemic. But respondents shouldn’t have to sacrifice their privacy for the greater good. Actions must be taken to prevent the spread of COVID-19 but these actions must take into account the rights of the people providing the data. If we don’t we may face the repercussions of un-transparent data collection for years to come.
Finn Raben is director general of ESOMAR.