As coronavirus wreaks havoc across the world, governments are increasingly employing various methods of surveillance to track their citizens to combat the spread of the pandemic. While much of it is essential at this crucial juncture, this has also led to worries over data privacy and misuse of private and personal data.
A group of 15 organizations in the US has written to Congress urging it to take steps to protect protect privacy of citizens and secure their personal data, including location and health data, in the forthcoming emergency relief packages.
“Allowing access to personal data, particularly health data, without guardrails could threaten fundamental rights and liberties and open the door to data exploitation that could violate civil rights and harm vulnerable populations. It is not enough to expect that corporations will keep the promises they make in their unregulated terms of service. There must also be federal protections for new data collection, processing and sharing, and real consequences for violations,” the letter signed by the 15 organizations, including Amnesty International-USA, Access Now Campaign for a Commercial Free Childhood, the Center for Digital Democracy, the Center for Human Rights and Privacy said.
Others who signed the letter included Common Sense Media, Consumer Federation of America, Free Press Action, Media Alliance, New America’s Open Technology Institute, Oakland Privacy, Parent Coalition for Student Privacy, Public Citizen, Public Knowledge and US PIRG.
To battle the unprecedented pandemic, several governments have already deployed different kinds of tracking and surveillance tools. China, for instance, closely monitored people’s mobiles and face-recognizing cameras. It also made it mandatory for people to check and report their body temperature and medical condition to quickly identify suspected coronavirus carriers. Use of such high-level surveillance technologies also enabled the authorities to track the movements of people and identify the contact chain.
Recently, in US too it was reported that the Federal government was in talks with tech companies such as Google and Facebook about ways to use smartphone location data to track the spread of the coronavirus.
The government is interested in understanding how this data could be compiled to map the spread of the infection, to see whether people are practicing social distancing, track infected patients and their movements.
“We are exploring ways that aggregated anonymized location information could help in the fight against COVID-19,” Washington Post quoted Google spokesman Johnny Luu as saying. “One example could be helping health authorities determine the impact of social distancing, similar to the way we show popular restaurant times and traffic patterns in Google Maps.” He had, however, stressed any such partnership “would not involve sharing data about any individual’s location, movement, or contacts.”
In Israel, the Supreme Court had to step in last week to stop the police from using such personal data obtained via surveillance of the citizens to enforce quarantines. To combat the Coronavirus pandemic, the Israeli government had started cellphone surveillance of its citizens to locate people and their whereabouts.
In South Korea, the government started collecting and harnessing CCTV and mobile location data and combined them with others such as credit card purchase records to track movements of coronavirus patients and establish virus transmission chains. For a while it even started posting detailed location histories about people who tested positive for the coronavirus, leading to public blaming and shaming.
Similarly, in Lombardy, the hardest-hit region in Italy, the authorities were monitoring people by location tracking of their smartphones to understand if they were obeying the lockdown orders. They even found that about 40% were “moving about too much.”
What is the worry?
While it is known that tech companies routinely collect location data, which might be shared with public health, transportation and law enforcement authorities, what worries many is how this data is further shared/sold to third party aggregators for further profit. The Facebook Analytica scandal was just the tip of the iceberg.
The 15 organizations, in their collective appeal to the Congress, agreed that personal health data unrelated to the coronavirus might be improperly collected and shared, as well as data linked to commercial transactions. However, they outlined a set of principles for protecting privacy and securing personal data during the pandemic and economic downturn:
- Mass data collection must be deemed necessary for public health and proportionate to the need;
- Any data collected during the crisis should respect fundamental rights established by the U.S. Constitution, including but not limited to the rights to privacy and against government invasion of property guaranteed under the Fourth Amendment;
- Extraordinary public health measures can be introduced during the crisis but should be limited in scope and duration, so they do not become permanent features of law;
- Data collection and processing must be transparent, and individuals should be clearly informed about the purpose of data collection and how long their data will be retained;
- Only data relevant to resolving the crisis should be collected, and it should not be used or repurposed for marketing, advertising or commercial purposes, or any unrelated research purposes without informed consent;
- Health data needs to be kept confidential and secure, and should be deleted automatically following the pandemic; and
- Penalties for failing to comply with these principles should be toughened, so that the financial benefits of mishandling data never exceed the consequences.