Will Any Data Privacy Be Left After COVID-19? Ask Washington

By Charles McDermid

Governments across the world have unleashed stunning surveillance tools to collect data from citizens in the fight against COVID-19. Many now fear how that information may be used once the pandemic has finally passed.

In the United States, that could be one of the big questions when the Senate Commerce Committee meets Thursday for a hearing titled “Enlisting Big Data in the Fight Against Coronavirus.”

According to a government statement, the committee will “examine how consumers’ privacy rights are being protected and what the U.S. government plans to do with COVID-related data collected at the end of this national emergency.”

A look at the policies in place in other countries to handle this collected information could prove a road map for the United States, where none presently exist.

Discontent in China

The Chinese government deployed extreme data-harvesting measures, including a cellphone-tracking app that helped enforce quarantines and required people to have bar codes scanned at health checkpoints.

Digital Privacy News spoke to Dev Lewis, a China tech expert at Digital Asia Hub who scours local Chinese media for trends in data protection. He said he has already seen grumblings from the public.

“It appears the health crises will change the dynamics between individual privacy and protecting public health, especially as there is pressure to restart the Chinese economy,” he said.  “There seems to be an understanding that it will be deleted ‘when the epidemic ends.'”

But Lewis’ research unearthed little in the way of Chinese government guidelines for destroying or storing the data, a process known as “sunsetting.”

“Even if that is indeed the plan, what does ‘the end’ look like?” he asked. “Deleting all that data would definitely be complicated.

“Right now, the fear of coronavirus trumps all,” Lewis continued. “But going forward, there may be greater attention, especially if any data breach comes to light.

“There is a data-protection standard, but it’s unclear if government departments can be legally held liable.”

Non-Consensual, Non-Judicial   

South Korea is generally praised for its efforts during the COVID-19 outbreak, but its use of location data also led to complaints of privacy invasions.

Kyung Sin Park, a professor at the Korea University School in Seoul, told Digital Privacy News that the law authorizing the “non-consensual, non-judicial seizure” of location data also required the information be destroyed “without delay” when the crisis was over.

 “I have not seen any sign that the government will do otherwise, but some civil-society organizations have issued a statement demanding that the government abides by this provision,” he said in an email. 

“South Korea and Singapore are the only two countries that I know have ‘stable’ legislation that authorizes non-consensual, non-judicial acquisition of location data of people infected or suspected to be infected.

“So far, Europe has not adopted Korea-Singapore method and has used only anonymized proximity data or prospective tracking data of the infected [Slovakia], which has much less privacy concern,” Kyung continued.

“Israel has enacted an emergency order authorizing non-consensual, non-judicial acquisition of location data, but it has a sunset provision.”

‘We Don’t Know’

To learn how the U.S. government is collecting data to fight the pandemic, Digital Privacy News turned to the Electronic Frontier Foundation (EFF), a San Francisco-based nonprofit that has defended user privacy and other digital freedoms for 30 years.

With the issue gathering importance by the second, the response was troubling.

“We don’t know,” an EFF spokesperson said. “We know from news reports that the government is in talks with Google and Facebook about possibly using location data from smartphones to track the virus.

“But no details have been made public, so we don’t know what’s being collected or who is collecting and storing it.”

The foundation has called for “limitations and sunsetting of COVID-related data collection programs,” the representative said, but it remains to be seen if these concerns will be brought up at the Senate committee hearing this week.

Lewis, of Digital Asia Hub, pointed to the situation in China as a potential scenario for Americans whose data is collected by the government.

“There’s not much in the way of protecting the individual from government access, but it’s critical this information does not make its way into the black market and in the hands of companies,” he told Digital Privacy News. 

“The implications could be felt for years to come.”

Charles McDermid is a writer based in Asia.

Sources (all links are external):