Data protection, coronavirus and public health
Ana Segovia, from BBVA's Digital Regulation, analyzesthe COVID-19 crisis implications regarding data protection for citizens. "Some governments are applying other measures that could interfere in people’s privacy more clearly, such as geolocation apps that identify specific individuals," she says.
The critical situation caused by the COVID-19 pandemic has forced governments and institutions to act in record time with unprecedented measures that put the strength of our laws and institutions to the test.
In the digital world, responses have also been multiplied to try to help save lives. Data, of growing relevance in the digital economy field, is also becoming a key asset and a fundamental tool in the fight against the virus. Now, more than ever before, its use in the scientific field is demonstrating its effectiveness in the rapid search for treatments and vaccinations.
In addition, data analysis is allowing authorities to extract conclusions on the evolution of the pandemic, which are key for making strategic decisions on lockdown measures, the creation of field hospitals, or the massive purchase of healthcare supplies.
The application of big data techniques also helps to study the population’s mobility patterns, analyzing the frequency of movement and locating the places with the highest concentration of people. At least in Spain, these studies use anonymous data provided by telecommunications operators and individuals cannot be identified.
However, some governments are applying other measures that could interfere in people’s privacy more clearly, such as geolocation apps that identify specific individuals. Once again, the solutions vary among countries and greatly depend on their level of democratization and the protection of individual rights. In Europe, where data protection is a fundamental right, the measures encompass much more guarantees and those that are potentially more intrusive are generally voluntary.
In Spain, several days ago, the government announced the launch of computer software that would allow the user to self-evaluate the probability that he or she is infected with COVID-19. It would also allow for geolocation for the sole purpose of verifying the region in which they say they are. Similar measures have been announced in the U.K. and Germany and the creation of a sort of ‘immunological passport’ has been proposed in order to allow those who are immune to go back to work. This obviously involves the processing of health data.
China, the origin of the virus, is at the other extreme with a much more lax system for the protection of individual rights. For example, infrared sensors and thermometers have been installed in public places, locating and remotely identifying individuals with a fever, thanks to their access to mobile phone data. Taiwan and South Korea have taken similar action.
In Europe, data protection authorities are closely following all measures adopted by governments and companies, stressing at all times that the legislation allows the processing that has taken place so far on the continent, such as big data studies or the apps mentioned above. Europe’s data protection regulation, in force since 2016, foresaw the processing of health data, which are considered sensitive, for reasons of public interest, public health or vital interest without the user’s consent. But agencies do warn that is is not a suspension of the right to data protection, as they can only be used for these purposes and after publicly informing citizens of their use, always taking appropriate protective measures.
The Spanish Data Protection Agency (AEPD) also stresses that the principle of proportionality must be applied, and data protection regulations cannot be used to hinder the effectiveness of decisions made in these circumstances. The measure must be appropriate and necessary in an emergency situation in order to prevent the virus from spreading, and in this case, the right to life and health prevails over the right to data protection.
Other interesting stories