Using technology to track people’s movements is nothing new. However, since the onset of the COVID-19 crisis earlier this year, governments worldwide are relying on contact tracing applications to track their citizens’ movements and more.
The last four months have seen relaxing of privacy legislations (like GDPR and PIPA) and additional emergency laws passed as countries work to stop the spread of the pandemic. But these actions raise serious concerns about whether the new policies that include tracking, sharing information across borders about travel history, personal movement, and body temperatures will become the new normal in a post-COVID-19 world.
Privacy legislation cites public and vital interest as one of the legal bases for processing personal data. A lot of countries — including South Korea, China, Australia, Italy, and the U.S. — have utilised and partnered with Big Tech to launch apps, create movement databases, add surveillance outside people’s homes, and even text people who’ve been in the same vicinities as others who’ve tested positive for the coronavirus.
Experts worry that while using these contact tracing apps to follow the spread of COVID-19 is good from a public health perspective, these apps do — by their very design — collect vast amounts of personal data. Privacy advocates have raised concerns that governments and other entities may repurpose the collected data, storing it for indefinite periods and using it for non-coronavirus-related plans.
No one has yet proven the efficacy of these apps, either, as their effectiveness also depends greatly on widespread adoption, which is difficult to gain from populations that express concern about privacy and do not fully trust their governments.
Some Data Protection Authorities (DPAs) have issued guidelines about how to manage, contain, and halt this global pandemic. Of their three classifications — restrictive, neutral, and permissible — DPAs recognise that “the right approach must lie in finding a balanced middle ground which does not ignore the application of essential privacy principles.”
Insofar as protecting people’s privacy, has the cat been let out of the bag? The barn door been closed after the horse has left? Is Pandora’s box wide open, now? No one is sure.
The UK Information Commissioner’s Office (ICO) has stated that while the current health emergency does require current actions to protect the public interest — including collecting and storing sensitive health, genetic, and biometric data and tracking movement — data protection and electronic communication laws do not preclude government legislation.
Partnering with Big Tech
Just one year ago, the U.S. FTC levied big fines and restrictions against tech; yet now, these same Big Tech companies have partnered with governments to develop surveillance and mass contact tracking apps. Privacy advocates worry that those who welcome data sharing through partnerships with Big Tech companies like Google, Apple, and Facebook in the name of stopping the global pandemic elevates those technologies as equal partners in privacy discussions with the governments and presents a serious potential problem: a technology company that unilaterally decides to protect our privacy today can infringe up on that privacy tomorrow.
What happens next?
The pandemic could, however, present an opportunity to assert regulation within the digital age. A connected world poses major privacy challenges and with the latest health crisis, it’s possible that future citizens — especially those living in liberal democracies — will willingly trade away more privacy in return for services to help protect them from another viral pandemic or other health threat. But will Big Tech or government drive that shift? And how will that shift affect our desires for a limited state and individual liberty?