The proliferation of mobile devices, and the rapid advancement of technology in general, is impacting individual lifestyle choices. As evidenced across areas most notably in communication, transportation, workplace, public health, and governance. It could have given rise to the advent of various regional and national privacy regulations as societies attempt to balance the trade-offs between data utility and individual privacy.
However, the effect of these regulations vis-à-vis COVID-19 epidemic seems to portray the obvious gaps in the existing and emerging technologies in handling health emergencies. To learn more about privacy techniques in the future, please follow Callis Ezenwaka and OpenMined on twitter.
The difficulty in utilizing technology for effective tracking, tracing and/ or testing during the COVID-19 pandemic across jurisdictions, developed and developing countries inclusive, underscored this. Unlike the tracking and isolation method during the Flu epidemic of the late 19th and early 20th century or the Ebola outbreak in Sub Saharan Africa about decade ago.
There were high expectations that the use of health records, cell tower tracking, and travel history could have ultimately helped to plateau the COVID-19 curve. Even though privacy regulations appear to pose considerable hindrances in curtailing the spike due to the lack of existing compliant policy documents and/ or frameworks.
Digital Tracking and Tracing
There were potential digital tracking possibilities and cards on the table. However, the inability to implement them could be based on previous historical experiences; among them being the misapplication of data. A common historical example is the profiling of the Jews of Marseille, France in 1943 or the most recent example of the genocide in Rwanda, about 25 years ago.
There are justifications about the effectiveness of data anonymity that ensures data privacy or the use of automated notifications for contact tracing. Other proposed methods were cell phone usage frequency or eavesdropping to conversations using smart devices like Alexa to determine if someone is down with COVID.
Despite these possibilities, there are more technologies that could have been potential leads for contact tracking and tracing. However, some of these proposals were intrusive and posed a breach of personal privacy. There are legitimate reasons to be wary about the potential abuse of such processes that infringes on the user's privacy.
In most developed countries, while privacy laws exist, most privacy regulations however do not cover probable cases i.e., regulation lagging behind technology. Conversely, for most developing countries, privacy regulations are either nonexistent or recently enacted. Beyond this, there is a great need for tracing and testing to determine the direction a pandemic wave was swinging to and areas where it was already predominantly prevalent.
The Use of Notification Applications
The exposure notification application was convenient for letting cell phone users know if they were in the vicinity of someone who has tested positive for COVID. It works by cell phones exchanging messages to contacts that have been in proximity of someone that came down with COVID. The duration at which a person is at risk of exposure was typically 15 minutes.
While this seemed to have succeeded, it had inherent drawbacks for a couple of reasons. The data was still decentralized and resides within the user’s cell phone. The owner has full custody and could decide to erase it or disable the application completely. The application could not be repurposed and reused. Finally, one may need a privileged permission or be certified to access the API.
The implementation of the application was never a bug but a design feature. The already mentioned drawbacks were precautionary steps taken with the intent to prevent data misuse and safeguard privacy. The team of developers that deployed the application was aware of the repercussions for violating antitrust laws. So also, are leaders in the most advanced economy who oftentimes cite such regulations as constraints when accessing certain records.
One might argue that this claim cannot be substantiated considering the large pool of data many sovereign nations have on their citizens. For instance, in many countries, governmental institutions are the sole custodian of census data, health records, tax data, voting records, etc.
The Collision of Interest
Therefore, it appears that the privacy laws exist to scrutinize big organizations and corporations who could be utilizing the data for public good. Before proceeding, one should not lose sight of our subject matter, that the whole world was in a pandemic with an extensive mortality rate. Track and trace notification applications were vital technology with potential to save lives and prevent widespread infections.
As has always been the case, the debate was between ensuring individual privacy and delivering public health. At the intersection of this dilemma or collision of interest was the government inability to disclose how long the data from tracing would be retained.
To add to that, there were no reasonable justifications about the benefits of withholding the data or the techniques for preserving the privacy of the data. Neither was there any risk assessment on the impact of track and trace on existing laws. The latter could be excused by the fact that no one anticipated the epidemic.
Worthy to mention is that in a bid not to meddle with privacy issues, some countries adopted the self-reporting system which could have been inaccurate. A technology-based track and trace system could have provided automatic monitoring and would have presented more reliable data.
The core of this problem is a matter of trust and institutions, as everything converges at three elements of legitimacy, interest, and adherence to regulations. The definition of sovereign ownership around the data with severe penalties as deterrents and the initiative driven through public private partnership could have brought in Competency, accountability, and transparency. It could have somehow solved the lack of trust around the deployed technology and douse all the concerns on privacy about the institutions that utilize it.
Special thanks to Gatha Varma for thorough editing and holistic review of this article.