What Has US Learned from Asia’s COVID-Privacy Battle? Not Much, Experts Say

By Charles McDermid

Last of two parts.

The United States has done little to implement the data-privacy lessons learned in Asia after regional governments rolled out strict measures to control the spread of COVID-19, analysts told Digital Privacy News. 

In some Asian countries, the tough tactics — contact-tracing apps and so-called digital fencing — drew data-security concerns from an internet-savvy region long weary of hacks, leaks and enhanced surveillance. 

The backlash forced disclosures, running from China’s vaguely worded commitment to destroy collected personal data once the pandemic passed, to South Korea, where that disposal process was mandated by a 2010 law, the Infectious Disease Control and Prevention Act (IDCPA).

But privacy experts who studied data-collection methods used in Asia, said the U.S. government had yet to explain what “sunset laws” or deletion clauses would be in place to dismantle any enhanced U.S. surveillance in the post-pandemic world.

Critics point out that many surveillance methods deployed after 9/11 remain in place.

Now Seeking Assurances

Analysts told Digital Privacy News that many people across Asia willingly had given up certain privacy rights as the pandemic erupted. But those people, they said, were now demanding certain assurances about the collected data. 

“This is one of the reasons why I think the U.S. has suffered the highest casualties anywhere in the world,” said Dev Lewis, program lead at the Hong Kong-based Digital Asia Hub. “So far, we’ve seen very little evidence of the U.S. attempting to incorporate learnings from Asia.”

“We’ve seen very little evidence of the U.S. attempting to incorporate learnings from Asia.”

Dev Lewis, Digital Asia Hub.

On Wednesday, the U.S. experienced its biggest one-day total of new confirmed COVID-19 cases, 34,700, the highest since late April, according to a count kept by Johns Hopkins University. The daily number peaked then at 36,400.

Several other states set single-day records this week, including Arizona, California, Mississippi, Nevada, Texas and Oklahoma, The Associated Press reports.

COVID has been blamed for over 120,000 U.S. deaths, the highest toll in the world, and more than 2.3 million confirmed infections nationwide. The widely cited University of Washington computer model of the outbreak Wednesday projected nearly 180,000 U.S. deaths by Oct. 1.

Praise But No Action

Kyung-Sin Park, director of the American Law Center at Korea University and head of Open Net Korea, said South Korea’s IDCPA was unprecedented for allowing authorities to “identify ‘worthwhile’ targets of test or quarantine and either alert (them) or require them to get tested or quarantined.” 

But he questioned whether data-privacy concerns in the U.S. might derail any legal measure by the government.

“The U.S. Constitutional law has a strong, though (inconsistent), tradition of allowing nonjudicial, nonconsensual search for administrative noncriminal purposes — the administrative search exception,” he told Digital Privacy News. “So, the potential justification is there.

“The spread of COVID-19 in the U.S. is so wide that I just don’t know the … marginal benefit of tracking patients and suspects individually.”

Kyung-Sin Park, Korea University.

“The problem is that the spread of COVID-19 in the U.S. is so wide that I just don’t know the scope of marginal benefit of tracking patients and suspects individually,” he added. “In Korea, where the new number daily is less than 100 in a country of 50 million, it is feasible.”

Park said many Asian nations were trying innovative ways to balance privacy and public health but added that he was “doubtful” the methods would be replicated in the West. 

“Take the U.S. for now,” he posed. “I see politician after politician praising Korea, but I don’t see any sign of the U.S. adopting Korea’s nonconsensual, nonjudicial tracking of patients, patient-suspects, contactees and contact-suspects,” as would be required by South Korea’s IDCPA.

No ‘Coherent’ Model

Some observers now question what leadership role the U.S. might provide in the global privacy debate, especially as China and the European Union race to develop and strengthen their own data-protection standards.

“Today, the U.S. does not have a coherent model.”

Emmanuel Pernot-Leplay, expert on China’s data-protection laws.

“As a tech pioneer and home of Silicon Valley, the U.S. has the potential to shape data-protection rules globally,” Emmanuel Pernot-Leplay, an expert on China’s data-protection laws, told Digital Privacy News. “Yet, this role is currently assumed by the E.U.

“The U.S. framework is seen as complicated and providing low protection. China initially followed the U.S. way (with many sector-specific laws with less protection), but now wants to strengthen its framework and shows signs of E.U. influence in its new rules.

“Today, the U.S. does not have a coherent model,” Pernot-Leplay said. “To do that, it would need to enact a nationwide data-protection law that would clearly show the U.S. direction on data protection.”

Charles McDermid is a writer based in Asia.

Sources (external sources):