A ‘New Normal’?

What Does COVID-19 Surveillance Portend for Privacy?

By Charles McDermid

The COVID-19 pandemic has intensified fears of a stricter surveillance environment in a world already troubled by huge data breaches and privacy violations, as well as the increasing power of Big Tech. 

Experts now hope the new reality brought on by coronavirus includes heightened awareness and stronger government protections, rather than apathy from a public possibly frustrated by the slow burn of constant data-privacy fears.

“My sense is that while everyone wants to stop the spread of COVID-19, and people understand that some sacrifice of personal privacy or liberties may be necessary to do so, they are still not OK with unnecessary or extensive invasions of their privacy,” Lauren Sarkesian, senior policy counsel for New America’s Open Technology Institute, told Digital Privacy News.

“Recent data suggests that even in the face of ongoing isolation and public-health threats, people still value their privacy, though they are split and understandably varying on whom they trust, with what information and for what specific purpose.”

The Pew Research Center found last year that nearly 80% of Americans said they were at least somewhat concerned about how companies were using their data. In another Pew study last month, only 37% found it acceptable to track locations to enforce social distancing.

Also last month, a poll by The Washington Post and the University of Maryland found that 60% of Americans were unable or unwilling to use the infection-alert system being built into cellphones by Google and Apple.  

“While everyone wants to stop the spread of COVID-19 …, they are still not OK with unnecessary or extensive invasions of their privacy.”

Lauren Sarkesian, New America’s Open Technology Institute.

‘Re-Opening’ Concerns

Pam Dixon, executive director of the nonprofit World Privacy Forum (WPF), said the storyline around COVID-19’s impact on data privacy would involve a “nuanced continuum of opinion.”

“My sense of things is that at the beginning of the crisis, people were very willing to forgive a lot of overstepping of privacy boundaries in order to respond to a serious and life-threatening crisis,” Dixon told Digital Privacy News.

“But now that the country is re-opening in stages, people are now turning increasingly to concerns about employer use of private health data, especially information about sensitive health conditions.”

Kyung-Sin Park, director of the American Law Center at Korea University and head of Open Net Korea, said it was too early to assume that mass data-collection and surveillance tools would be maintained as they were after the 9/11 attacks.

“The data-acquisition stage is more critical than the data disclosure-sharing stage for prevention purposes,” he told Digital Privacy News. “I don’t see ‘privacy fatigue’ at this point, but a collective willingness to play the part.”

Park supports “sunset” laws that would enforce the destruction of all personal data once a public emergency is over. 

But he said the post-pandemic reality could look much differently for privacy advocates in the U.S., where data regulations are thin or non-existent. 

“Culturally, the acquisition of private data by the state has been allowed more generously in Asian contexts than in Western contexts,” Park said. “But the public disclosure or sharing of private data has been frowned upon more severely in Asian countries than in the West.”

“Now that the country is re-opening in stages, people are now turning increasingly to concerns about employer use of private health data.”

Pam Dixon, World Privacy Forum.

Push for Laws

The barrage of data breaches in recent years — including those from eBay, Yahoo, LinkedIn and other heavyweights — has led to public resentment that was escalating well before COVID-19. 

“People are more attuned to the reality that data breaches happen and that many tech companies’ business models rely on the collection and sale of our data — but they seem to resist letting lack of privacy be the ‘new normal,’” said Sarkesian, of the Open Technology Institute.

“People may hesitate to use an app aimed at stopping the spread of COVID-19 due to skepticism regarding Big Tech’s handling of data today,” she explained, “whereas five years ago, they may not have been equipped with the information to even be skeptical.”

Sarkesian said the current public-health crisis could provide urgency to the contentious debate around data protection in Washington. 

“This pandemic points back to what advocates have been saying for a long time: We need comprehensive data privacy legislation — and we needed it years ago, actually,” she told Digital Privacy News.

“The pandemic demonstrates how important it is that legislation really be comprehensive, and shows that current laws are not enough,” Sarkesian said. “Lots of data that does not appear health-related on its face is now being used to inform serious public-health decisions.”

The next steps, she said, largely remained in the hands of U.S. lawmakers.

“In the near-term, Congress must work to pass some, likely narrow, privacy legislation on an emergency basis to address the immediate concerns that contact-tracing apps and other health-data collection raise — but in the post-pandemic world, more comprehensive privacy legislation remains crucial.”

“I don’t see ‘privacy fatigue’ at this point, but a collective willingness to play the part.”

Kyung-Sin Park, Open Net Korea.

Taking a Toll

As it stands, the momentum for data privacy laws in the U.S. has mostly gone nowhere. What might have been a crucial issue in the 2020 presidential race has been pushed to the sidelines.

For most Americans, another data breach or privacy scandal very well could be overshadowed by more pressing concerns.

“Privacy matters to people within specific contexts,” said WPF’s Dixon. “Health privacy and employment are two very meaningful areas that people care about, and data-breach fatigue has not inured people from these concerns.”

But the frequency and severity of recent privacy violations have taken a toll on the public and privacy activists, she said.

“Trust is perhaps the greatest casualty of privacy breaches of recent years, from corporate breaches to government overreaches,” Dixon told Digital Privacy News. “A lot of people think that privacy is about opting in or opting out, or about controlling our own information.

“It can include those activities. But in the end, privacy is about trust.

“Can we trust this company or a government with our data and inferences about us?” Dixon posed. “What ensures transparency and accountability, so that the trust is earned on an ongoing basis?

“Our digital world has become so complex, it is not possible to control all of our data anymore. 

“What we most need is to ensure that excellent baseline privacy rules are in place, so that there is reliability and trustworthiness in how our information and inferences based on that information are handled,” she told Digital Privacy News. “Privacy is about ensuring that data uses do no harm and create a public good — and do so consistently.” 

Charles McDermid is a writer based in Asia.

Sources (external links):