ICO Released a Statement

ICO Released a Statement on their Approach to Regulation during the Coronavirus Pandemic.

The ICO released a statement outlining their approach to regulation during the coronavirus pandemic.

 

The ICO released a statement this week, outlining their approach to regulation during the global coronavirus pandemic, almost one month after publishing their first approach regarding data protection during COVID-19, as we informed in one of our previous blogs.As the pandemic continues to affect the ways in which people do business, the regulatory authority has deemed this time “exceptional times in the nation’s history” and as such acknowledges that the impact of the public health crisis on government, public bodies and businesses is significant enough that it should outline a new empathetic and pragmatic approach to their functioning capacity. The ICO has expressed its intent to be flexible, taking into account the burdens their actions may place on businesses, many of which are already facing staff and operating capacity shortages, and severe financial and other pressures.

 

In its recently released statement, the ICO outlines its new approach surrounding engagement with the public and organisations, regulatory action, and also the Freedom of Information Act and Environmental Information Regulations. The ICO also stated that it has prioritised its services to give additional guidance to organisations on how to comply with the law during these special times. The regulatory authority also acknowledged that effects of this public health crisis are likely to be felt for some time after it is over, and as such, its flexibility will continue to be necessary in some areas for many months to come. It’s intent is to keep this guidance under review as the situation progresses, and to issue updates where necessary.

 

The ICO recognizes its responsibility to take into account the special circumstances that many organisations find themselves today as a result of the public health crisis. As such, Elizabeth Denham, Information Commissioner, in the statement released earlier this week, said “It is important that we regulate for the time we are in now, but it is important too that we look to the future. Data protection can play a central role in promoting economic growth when we come out of this pandemic: encouraging public trust in innovation and supporting the UK as it steps forward in the global economy.”

 

Do you have questions about how to navigate data protection laws during this global coronavirus pandemic in your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.

AI Help Prevent COVID-19

Can AI Help Prevent COVID-19?

Can AI help prevent COVID-19? Can it be used to predict or detect outbreaks, and would this be ethical?

Can AI help prevent the spread of COVID-19? Recently, we released an article on the technological initiatives being put in place across Europe to help control the spread of the novel COVID-19. In our latest vlog series, we aim to explore any AI initiatives which may have been implemented globally in this regard, to what extent AI can help fight this global pandemic, and what the privacy implications of these would be in Europe. As the virus spreads globally, and cases have shown up in over 200 countries worldwide, even more initiatives are popping up around the globe to help combat this pandemic.

Last December, a Toronto based startup, through analyzing the data published on the local newspapers and the information available on the internet, identified a cluster of unusual pneumonia cases happening around a market in Wuhan. Thus, the AI based platform, BlueDot was able to identify what would commonly be known as COVID-19, nine days before the World Health Organisation released its statement informing people of the emergence of this virus, mere hours after health officials diagnosed the first cases of coronavirus. 

Currently, countries like South Korea, using apps which track location data, are able to constantly monitor infected and non infected persons, and their movements. AI can also be used to analyze the way in which the disease is being discussed on social media, to paint a more vivid picture of the impact of the virus. It is no secret that AI can help prevent COVID-19’s spread and flatten the curve, but what are the privacy implications of such measures being used in Europe? Do they fall in line with the GDPR? 

In our latest vlog, part 1 of a two part series on the use of AI in the fight against COVID-19, we explore how AI can prevent or predict the spread of this viral disease:

Be sure to subscribe to our content on YouTube,  to make sure that you catch Part 2.

Do you have questions about how to navigate data protection laws during this global coronavirus pandemic in your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

technology privacy: COVID-19 pandemic

Technology and Privacy in the Fight Against the COVID-19 Pandemic

With thousands of new cases popping up each day globally, many health authorities are turning to technology in the battle against the global pandemic. But can these apps be used without privacy concerns? What are the links between technology and privacy in the fight against the COVID-19 pandemic?

Several nations within the European Union have very recently announced their intent to use an app that enables contact tracing of anyone who tests positive for coronavirus, and contacting anyone to whom they may have transmitted the virus, therefore it seems there may be strong links between technology and privacy in the fight against the COVID-19 pandemic The Pan-European Privacy Preserving Proximity Tracing (PEPP-PT) initiative brings together 130 researchers from eight countries to develop applications that can support contact tracing efforts within countries. This joint initiative is set to be launched on April 7th. The app is expected to indicate to people whether they are low or high risk based on their contact level with the person who has tested positive and instruct them on whether they should get tested or self-isolated for the two week incubation period, based on their level of risk. The proximity to the infected person is tracked by bluetooth technology or the scanning of QR codes posted in public amenities. The app is also expected to track public places and transit systems used by the infected person, and notify their proprietors to do a decontamination clean up. It has also been suggested that the app be used as a hub for all coronavirus related services like to request food or medication, and it is believed that this will help encourage more downloads. According to the article published in The New York Times, the platform will be designed considering GDPR requirements and principles. Connections made between smartphones on a device will be logged for two weeks using strong encryption and, apparently, only local health authorities, deemed ‘trusted’ persons, could download data in order to notify people at risk of infection.

The UK will be launching its own app close to the time their lockdown is lifted. Sky News reported, based on information sources with close knowledge of the project, that while the app has been in existence for some time, key technical details have only recently been agreed by NHSX, the NHS England innovation unit leading the project. The NHSX intends to appoint an Ethics Board to oversee the project, and the app is intended to exist in line with the GDPR. The digital contact tracing app will operate on an opt-in basis. 

In Spain, three measures will be developed: a self-assessment app, a chatbot and the study of the mobility data gathered by telecommunications operators. While mobility data may be processed relying on public interest in the area of public health, which is one of the legitimate bases covered by the GDPR, according to the Spanish Government, mobility data will be collected and matched in an aggregated and anonymised form. However, considering the  data from telecommunications operators is largely pseudonymised rather than anonymised, the GDPR should still apply. Otherwise, the techniques used and the safeguards applied should be further clarified in order to ensure that said data is indeed anonymised. 

While the use of these apps will be optional for now, this study conducted by researchers at Oxford University’s Big Data Institute concluded that in order for them to be effective at keeping infection rates down, they should be used by at least 60% of a population. The UK NHS is hoping that they get at least 50% of the population on board for their new app which will soon be launched.  A very similar app was used to combat the virus in Asian countries like China, where the app was mandatory to go into the general public. There lies a chance now, that people may be required to present the app and prove that they are low risk prior to being admitted into a very populated area, like a crowded restaurant, or to scan a QR code to be allowed access to certain public areas. 

This technology could help governments to ease off on the conditions of their lockdowns, but one should be aware of the privacy implications of technology like this. “Whereas it may be necessary to give up some privacy in times of this huge pandemic threat, the governments should also reassure people that such measures are proportionate and temporary,” comments Dr Bostjan Makarovic, Aphaia Managing Partner.

What do you think? Would you use this type of apps voluntarily? What would you like to know about how your data is handled before you do?  

Do you have questions about how to navigate data protection laws during this global coronavirus pandemic in your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.