In the wake of institutional efforts to control the threat of coronavirus around the world, some privacy advocates are nervous about the extent that governments and businesses will go to in order to track users and citizens.
“Technology companies and experts are coming up with a variety of new methods, applications and tools to track the spread of COVID-19 in the United States, systems that could greatly help government plan and cope with the novel coronavirus,” writes Gopal Ratnam today at Roll Call. “But these new monitoring systems are leaving lawmakers and privacy experts worried that the result could be widespread surveillance of the health data and private movements of Americans with no federal law in place governing data privacy.”
In some ways, it seems like an intractable problem – we may legitimately need that locational data to practice coronavirus containment, but how do you preserve privacy rights at the same time?
Demographic Versus Personal Data
One of the big distinctions that the surveillance effort will hinge on is whether systems are collecting personal data on users, or simply aggregating demographic data that can be used to track the virus. There are certain trade-offs to be made, such as having the locational and identifier data, but un-tethering that from other kinds of personal data that can and should be private.
Sunset Clauses
Here’s another big question that, if solved, can help to parse out this difficult problem.
Many of the worst intrusions into our privacy as users have to do with applications that request data for immediate purposes, but keep collecting that data long after the immediate use is over. In other words, we want our applications to stop tracking us when we’re not using them.
Having clear sunset clauses in coronavirus tools would put a lot of these fears to rest by delivering a more concrete timeline and context for the data collection in question.
Self-reporting
Surveillance tools could also adopt a sophisticated approach that is sometimes seen in the financial world or in other legal wrangling between businesses and government agencies.
One of the tools in a prosecutor or federal agency’s toolbox is self reporting – the idea that the targeted party will provide the data independently, instead of being forced to expose its internal data sources.
This is why we have perjury laws and penalties for providing false information to agencies.
In analysis of the issue, Ratnam touches on the potential use of self-reporting, writing: “The ideas and proposals for the use of new technologies range from systems that would draw data from diagnostic testing labs and hospitals to mobile phone-based apps that individuals would download voluntarily to identify themselves as infected to help others avoid contact.”
To the extent that individuals and other parties may be made to self-report effectively, the intrusive surveillance isn’t needed.
These are some of the ideas that pertain to today’s big debate about Google another companies acting as data brokers for smart phone activity that will help us to combat coronavirus without compromising civil liberties.