Groningen, Germany, March 2021 – All over the world, the response to the Covid-19 pandemic has been in part based on new technologies, notably contact-tracing applications, which bring undisputed benefits such as accuracy, speed and the capacity of managing large amounts of information, but also raise questions about the respect of privacy and the use of data. In line with its on-going work on the use of technologies for security, Efus took part in an online symposium on “Data and the Public Order – From descriptive to prescriptive practices” organised by the University of Groningen, Campus Fryslan (Germany), on 11 February.
Taking stock of a year’s worth of developments in technologies to face the pandemic
Efus moderated one of six parallel sessions: titled “Crisis management and data protection during Covid-19, it explored the opportunities and risks of the use of data by public institutions. It was in many ways a continuation of one of the web conferences of the Efus 2020 series on crisis management during the pandemic.
Indeed, in May 2020, Efus organised a session on the use of technologies to manage the pandemic and the impact they have on privacy (the minutes can be found on Efus Network). At the time, European countries had just started developing and testing contact-tracing applications, and some were using drones to monitor physical distancing regulations. The symposium allowed us to take stock of the evolution of the technologies since then, how data protection is ensured and the ways in which public perceptions have changed.
Different context, same technologies – same efficiency?
Dr Angela Daly of the Strathclyde Centre for Internet Law and Policy in Glasgow (UK) and Anis Fuad from the Center for Digital Society at the Gadjah Mada University in Yogyakarta (Indonesia) talked about the technologies used in Scotland and in Indonesia, the main challenges encountered and the problems related to data protection.
Dr Daly said that the Scottish contact-tracing application benefited from a relatively high take-up by the population, which is key for its effectiveness. She stressed that achieving high take-up among the population is only possible if there is trust in the government and its data management capabilities.
Anis Fuad explained that Indonesia had witnessed an increase in telemedicine because of the pandemic. He said that many telemedicine companies are expanding their services, which begs the question of how such initiatives will continue once the Covid-19 crisis is overcome, and specifically, what will happen to the data that is collected via such applications.
Safeguards to ensure data protection
Sophie Kwasny is the Head of the Data Protection Unit of the Council of Europe and is responsible for standard-setting and policy on data protection and privacy. She presented the Council’s report on Digital solutions to fight Covid-19 that outlines how emergency measures affected the rights to privacy and data protection.
She highlighted the principles of data protection that apply in a state of emergency: the overarching principles of the Rule of Law, necessity, proportionality, temporariness, effective (parliamentary and judicial) scrutiny, predictability of emergency legislation, and loyal cooperation among state institutions. The principle of effectiveness is particularly interesting: have the technologies used so far (contact-tracing applications, monitoring drones, e-bracelets to name only a few) been effective? In other words, is the promise of technology worth the risk of data breaches?
Towards a responsible use of data
Andrej Zwitter, Dean of the Faculty Campus of Fryslan at the University of Groningen, concluded the session with a few reflections on how we can start thinking about a responsible use of data in the face of a crisis such as the current pandemic. He reiterated that there are existing means for ensuring the safe use of data during crisis situations. Beyond the safeguards enumerated by Sophie Kwasny, he also pointed out that the humanitarian community has developed principles such as the fair processing of data and rights to retention and deletion of data.
At the same time, a number of gaps remain to be addressed, such as the rights of data subjects and the need to elaborate a concept that includes group privacy, as opposed to only addressing individual privacy rights.