Blog details

Technology and Privacy in the Fight Against the COVID-19 Pandemic

Technology and Privacy in the Fight Against the COVID-19 Pandemic

With thousands of new cases popping up each day globally, many health authorities are turning to technology in the battle against the global pandemic. But can these apps be used without privacy concerns? What are the links between technology and privacy in the fight against the COVID-19 pandemic?

Several nations within the European Union have very recently announced their intent to use an app that enables contact tracing of anyone who tests positive for coronavirus, and contacting anyone to whom they may have transmitted the virus, therefore it seems there may be strong links between technology and privacy in the fight against the COVID-19 pandemic The Pan-European Privacy Preserving Proximity Tracing (PEPP-PT) initiative brings together 130 researchers from eight countries to develop applications that can support contact tracing efforts within countries. This joint initiative is set to be launched on April 7th. The app is expected to indicate to people whether they are low or high risk based on their contact level with the person who has tested positive and instruct them on whether they should get tested or self-isolated for the two week incubation period, based on their level of risk. The proximity to the infected person is tracked by bluetooth technology or the scanning of QR codes posted in public amenities. The app is also expected to track public places and transit systems used by the infected person, and notify their proprietors to do a decontamination clean up. It has also been suggested that the app be used as a hub for all coronavirus related services like to request food or medication, and it is believed that this will help encourage more downloads. According to the article published in The New York Times, the platform will be designed considering GDPR requirements and principles. Connections made between smartphones on a device will be logged for two weeks using strong encryption and, apparently, only local health authorities, deemed ‘trusted’ persons, could download data in order to notify people at risk of infection.

The UK will be launching its own app close to the time their lockdown is lifted. Sky News reported, based on information sources with close knowledge of the project, that while the app has been in existence for some time, key technical details have only recently been agreed by NHSX, the NHS England innovation unit leading the project. The NHSX intends to appoint an Ethics Board to oversee the project, and the app is intended to exist in line with the GDPR. The digital contact tracing app will operate on an opt-in basis. 

In Spain, three measures will be developed: a self-assessment app, a chatbot and the study of the mobility data gathered by telecommunications operators. While mobility data may be processed relying on public interest in the area of public health, which is one of the legitimate bases covered by the GDPR, according to the Spanish Government, mobility data will be collected and matched in an aggregated and anonymised form. However, considering the  data from telecommunications operators is largely pseudonymised rather than anonymised, the GDPR should still apply. Otherwise, the techniques used and the safeguards applied should be further clarified in order to ensure that said data is indeed anonymised. 

While the use of these apps will be optional for now, this study conducted by researchers at Oxford University’s Big Data Institute concluded that in order for them to be effective at keeping infection rates down, they should be used by at least 60% of a population. The UK NHS is hoping that they get at least 50% of the population on board for their new app which will soon be launched.  A very similar app was used to combat the virus in Asian countries like China, where the app was mandatory to go into the general public. There lies a chance now, that people may be required to present the app and prove that they are low risk prior to being admitted into a very populated area, like a crowded restaurant, or to scan a QR code to be allowed access to certain public areas. 

This technology could help governments to ease off on the conditions of their lockdowns, but one should be aware of the privacy implications of technology like this. “Whereas it may be necessary to give up some privacy in times of this huge pandemic threat, the governments should also reassure people that such measures are proportionate and temporary,” comments Dr Bostjan Makarovic, Aphaia Managing Partner.

What do you think? Would you use this type of apps voluntarily? What would you like to know about how your data is handled before you do?  

Do you have questions about how to navigate data protection laws during this global coronavirus pandemic in your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Prev post
La AEPD aprueba las primeras normas corporativas vinculantes (BCRs) bajo el RGPD
April 1, 2020
Next post
Tecnología y privacidad en la lucha contra la pandemia del COVID-19
April 3, 2020

Leave a Comment