Tracking the spread of COVID-19 with precise data is self-evidently one of the key tools needed to slow the spread of the pandemic. Unless health experts know when, where and how cases are contracted, they are effectively fighting an enemy with one hand tied behind their back.
But that doesn’t mean we throw the baby out with the bathwater. Privacy rights and the protection of personal data, in particular health information, are also important. Sadly as many civil liberties have been trampled in the name (only) of fighting the pandemic — looking at you, Viktor Orban — a backlash has also occurred claiming that data protection laws are preventing health workers and authorities from doing what is necessary.
But this is not the case. “Contrary to many reports, there is no general conflict between data protection and the use of personal data in the fight against an epidemic. Statements claiming that data protection must be ‘waived’ seem to be based on a false understanding of law,” said Max Schrems, privacy rights activist and chair of digital rights group NOYB.
Andrea Jelinek, chair of the European Data Protection Board added that the board is working on clear guidelines so that authorities can make use of data while at the same time respecting privacy laws. “The board will prioritise providing guidance on the use of location data and anonymization of data; processing of health data for scientific and research purposes; and the processing of data by technologies used to enable remote working.”
Europe’s General Data Protection Regulation even mentions epidemics in the recitals, so it’s not as though this situation has not been considered. It is worth noting here that, in principle, anonymised data is not subject to the same data protection rules as identifiable personal data.
Let that sink in. There is no reason that properly de-identified data cannot be fed into the models that health authorities are relying on to fight the pandemic. If that is not happening, it is not because of data protection laws – other reasons must be at play.
German MEP and EPP group spokesman for Industry and Research, Christian Ehler, called for an EU data centre and a common data standard to collect data on infections.
“The coronavirus pandemic has highlighted the need to create an EU data center for emergency response. We urgently have to set up a platform to collect and analyze the available data on infections and diseases of the pandemic. This also requires a common data standard and we obviously have to make full use of Artificial Intelligence tools to this end,” he said.
Any standard must come with data protection attached, but a bigger issue according to MEPs, is that different EU member states’ data “cannot be compared due to the lack of common standards.”
Ehler also wants reduced bureaucracy in research funding: “Without the hands and brains to do the research, we are going nowhere. We have to help researchers all over the European Union in a very concrete way by reducing administrative burdens and ensuring the continuity of employment and programs for researchers.”
In recent months, the European Commission has been pushing the use of big data and the sharing of non-personal data with researchers. If COVID-19 data has been properly anonymized, it falls squarely into that category.
And it IS happening on a country by country basis. For example in Finland, telco provider Telia is providing real-time, but anonymized, user movement data for the government battle with the virus.
“We collect the information from a large geographical area, which makes it impossible to identify individuals. After this, the fully anonymized and aggregated data can be expanded into views with which decision-makers can draw accurate conclusions on the movements of the masses from,” explained Petri Seppänen, Head of Business Development at Telia.
In Germany, president of the industry group Bitkom, Achim Berg pointed out: “The corona crisis has demonstrated the outstanding importance of high-value datasets for our healthcare systems, our society and our economy. The federal government should therefore implement its data strategy as quickly as possible. The urgent digital transformation of our economy can only succeed if we open up our data vaults. Our ability to comprehensively use future technologies like artificial intelligence and become a world leader will directly depend on our access to data.”
“It will be vital for the data strategy to reduce current legal uncertainty surrounding the processing of data. The federal government should also advocate according clarifications on the European level. Companies hesitate too often when it comes to using their data because they are unsure about their compliance with data protection legislation. Such uncertainties are a massive stumbling block to innovation. The data strategy should furthermore aim to make the public sector a role model for the provision of non-personal data,” he continued.
Technology with the right data analysis could be critical to suppressing COVID-19. But any analysis is only as good as the data it is based on. To encourage public trust and willingness to participate in any data gathering, authorities should be embracing privacy and anonymization policies.
European Data Protection Board is working on guidelines for using data to track COVID-19 while still respecting #privacy laws. #respectdata Click to Tweet
Don’t let the bad actors who only want to increase their own digital surveillance powers undermine the overwhelming solidarity of the public response to this health crisis. Respect the right to privacy as part of the fight against the pandemic – it’s not a zero sum game.