Written By; Ivica Stipovic
In this article, I will outline some potential impacts of the current Covid-19 pandemic on privacy.
There are two interesting provisions that the Irish Data Protection Commission formulated on the following link: https://dataprotection.ie/en/news-media/blogs/data-protection-and-covid-19.
1. “Data protection law does not stand in the way of the provision of healthcare and the management of public health issues; nevertheless there are important considerations which should be taken into account when handling personal data in these contexts, particularly health and other sensitive data.”
2. “In circumstances where organisations are acting on the guidance or directions of public health authorities, or other relevant authorities, it is likely that Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including health data, once suitable safeguards are implemented”
Thus, the above provisions seem to make perfect sense – if the science (epidemiology, mass health data analytics, etc.) have established that measuring body temperature, keeping social distance and tracking the movement of citizens can help contain the current Covid-19 pandemic, then it is only logical to implement those measures. After all, is human health not the most important priority, even if it assumes processing of personal data that would be considered excessive under “normal” circumstances?
It is also reasonable to believe that these surveillance measures should be enforced only to a justifiable extent, while the pandemic continues to threaten society.
However, this intention raises a few important questions – under what circumstances will these measures be kept in place? Who will decide when the threat is decreased sufficiently to relax these measures? Who are the “…other relevant authorities” from the above provision? Will those authorities be scientific advisories, governments, cybersecurity experts, economic analysts…?
It is becoming obvious that the definitive date when we can proclaim the world “Covid-19 free zone” will be very difficult to determine. There are different challenges across the globe. In some countries, political establishments seem to overpower scientific advisories. Some countries are facing higher mortality rates than others. Some cultures accept the mandatory behavior imposed by government easier than others.
Democratic values of Western cultures that guarantee protection of personal data (or at least try to do so) could be undermined. Future initiatives and laws might use the threat of a returning pandemic as a justification to fortify the extensive personal surveillance over an indefinite period of time.
These laws might have strong foundations in scientific evidence that Covid-19 behaves as a seasonal flu virus, therefore, it will continue coming in the waves every year. Will such a situation justify violation of privacy over a long period of time, and if so, will this setup be sustainable?
And even more importantly – are we ready to give up privacy protection if scientific evidence indicates that extensive surveillance is a way to protect peoples’ lives?
As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:
Contact your normal account manager for sales or firstname.lastname@example.org
Contact our orders department at email@example.com
Contact our service delivery office at firstname.lastname@example.org
Contact our Security Operations centre at SOC@ward.ie
Contact our Network Operation centre at NOC@ward.ie
Contact our finance department at Finance@ward.ie