Data Against the Pandemic
Updated: 4 days ago
Arguably one of the most crucial debates of this new decade is the constant evolution of rights, responsibilities, and consequences of data mismanagement for citizens and digital users. Data democratization is still not fully agreed on between corporations, society and governments. We are still trying to make the most of the latest #dataanalysisrevolution, predictiveness and algorithms that may even consider your coffee machine usage as a variable for your overall health. The complexity of this matter lies in understanding that this possibility truly exists. That every digital service that collects user data could be used as a surveillance tool and a profit machine. Allowing companies to exploit one’s personal information, without consent or gratification to those who accepted the terms and conditions. In other words, it is crucial to respect everyone’s data as formally as you would do with a tangible possession.
On the other hand, by being extra cautious, we could be missing a critical opportunity to actually put data services in motion. As a prime example, to help us prevent the spread of a common enemy: #Covid19, the virus that got the world sick. This disease succeeded, bringing humanity down for a long period of time, some faring better than others. Take South Korea, for example, their public app created to match, anonymously, the geolocation of covid-positive citizens with possible infected areas; providing their residents full visibility of hot spots, even warning them if they had been close, or in contact, to someone infected. Obviously, this method could only be deployed in a country where the smartphone adoption went up to 95% in 2019. This mobile application contrasts with how European and American countries deal with data concerns; the Korean solution includes an #Optoutfeature, which means (and pay close attention to this): as long as the user doesn't actively disable it, the application will perform at full capacity. This crucial part of the application performs a social engineering act, where the user is never restricted from leaving apart from the system. Everywhere else in the world, these kinds of applications are Opt-in, which requires these features to be consciously activated and prevent adoption and full data gathering.
Like Korea, many countries are using what they have on hand to fight back the virus: Israel uses current counterterrorism #cybertechnologies to limit the spread of #Covid19. It includes the monitoring of citizens’ mobile phone location data (without requiring their consent) to track the precise movements of people infected with the virus, alert people of new cases near them and enforce quarantine measures. Even their Supreme Court had to intervene, deciding that only citizens who tested positive to the virus can be subject to a digital review of their movements and can receive quarantine orders from the Ministry of Health. In China, citizens are required to download government-issued health applications that generate a score based on contagion risk and share that information with the police. The Chinese Ministry of Public Security has also bought a facial recognition technology to identify individuals, even when they are wearing a surgical mask. In Russia, facial recognition is being used to check whether people are breaking quarantine. When looking at Taiwan, the government has integrated the national health care database with customs and travel records and is tracking whether citizens are abiding by their quarantine orders through government-issued mobile phones. Everyone's goal is simple: point whatever resources they have on data utilization and worry about bureaucracy later.
In Europe, the chair of the European Data Protection Board (EDPB), Andrea Jelinek, released a formal statement at the beginning of the pandemic on the processing of personal data in the context of the #Covid19 outbreak. She was clear that data protection should not be omitted with the excuse of public health, underlining that even in these exceptional times, organizations must ensure the protection of personal data of said subjects. According to the Board “the emergency is a legal condition which may legitimize restrictions of freedoms, provided these restrictions are proportionate and limited to the emergency period”. For this reason, a number of considerations are necessary to ensure the lawful processing of personal data. On a legal basis, employers and public health authorities do not have to rely on the individual’s consent to process personal data within the scope of a pandemic but can rely on Article 6 and 9 of the #GDPR. The EDPB points out that when telecomm data is being processed for public purposes, such as localization data, it ought to be protected by national laws. It is also important to highlight that national legal restrictions have to be considered when processing personal data in the context of employment.
Google and Apple, with their country sized user basis, are finally collaborating with each other to set a precedent for everybody else. They have jointly designed a two-step plan to open up the smartphone market, owned almost entirely by themselves (Samsung 21.2%, Apple 13.3% 2020 Market Share). Beginning to, through the phone API first, make the most of connectivity via Bluetooth in everybody’s device. But what do we as a society win by exposing our phones to invasion via Bluetooth? On the first stage of the collaboration each device will be temporarily assigned a numeric code, which will be linked to every location visited throughout the day. This code will be continuously updated and won’t store any user information. The user must actively participate to keep their health information updated. If someone gets diagnosed sick with a positive test, they should update their profile on the application. With a covid-positive test registered on the platform, the system will track back the last positions registered and alert every device that came into contact with a patient in the past urging them to proceed with the correspondent preventive actions. Making a public commitment to keep every single part of the process transparent was essential to establish credibility. The second and more ambitious stage consists of the development and deployment of a whole environment of applications, linked directly to public health authorities and critical systems. Our personal data will be finally put to use for the common good. Scary? Yes. Necessary? With the global crisis and the vaccine still months away, this must be executed fast.
The mass adoption of digital channels by society is increasing by the day. In a matter of weeks, we witnessed a revolution on every single level of society, from working from home professionals to students still assisting their classes remotely, and people buying groceries sitting in their living rooms. For every new technological disruption, laws and regulations must follow closely. Different regulations are set by every country on data protection guidelines; however, it is clear that we, as a society, must evolve collectively on how we respond to a global health crisis. This is not affecting an isolated region. According to a #JohnHopkinsUniversity report, as of September 2020, only 12 countries haven’t reported a single coronavirus case (probably just because they haven’t tested enough). We are learning worldwide how to react to a global pandemic and the most important thing is: this could only be the first of many different pandemics that this generation will have to fight. It is up to us to be better prepared for next time.
By Ricardo Carranza