WebFoundation on Covid-19 and data privacy

Using data to fight Covid-19 does not mean lowering the bar for privacy

Originally posted at webfoundation.org on June 15, 2020 - CC BY 4.0 - Retweet

As debate about the use of personal data in government efforts to beat Covid-19 continues, Web Foundation Policy Director Emily Sharpe argues that there is no rigid trade-off between privacy and using data for public health. Read the full policy brief on Covid-19 and data privacy.


We can and should use data in the fight against Covid-19. This is not a revolutionary idea.

In 19th century Britain, there was a widespread belief that diseases like cholera and bubonic plague were caused by polluted air. As a cholera outbreak took hold in central London, the physician John Snow challenged this theory of transmission, plotting cases and observing that they were clustered around a water pump in the Soho area of the city. Identifying the pump as the source, the handle was removed — one of the earliest examples of epidemiology.

Today, we have the potential to access data in far greater volumes and variety than John Snow had, created partly by the digital devices in our pockets, on our wrists and in our homes. The wealth of information we’re creating can be used to understand how and where Covid-19 is spreading and to develop strategies to tackle it.

But following years of scandals where our personal data has been misused — from the Snowden revelations to Cambridge Analytica — many people, quite understandably, are deeply concerned about the idea of handing off reams of personal data to companies and governments.

In our latest policy brief on data and privacy, we argue that using data in smart and innovative ways to tackle this pandemic doesn’t have to mean putting a pause on human rights or lowering the bar for privacy — so long as we have the right safeguards in place.

Privacy and public health do not have to be at odds

This debate is often framed as a “trade off” between privacy and public health. In order to beat the disease and end the crisis, the argument goes, we should accept some exceptional compromises to our privacy.

But this binary framing presents a false choice. Privacy should always be prioritised when data is collected and used. And effective privacy laws and frameworks are designed to allow for the use of data when essential to public health and in the public interest, while guarding against improper intrusions to our privacy.

In other words, privacy rules are designed to work in exceptional circumstances, not just business as usual. Countries that have robust privacy frameworks on the books, and who enforce those laws effectively, are not in unchartered territory.

Now is no time to relax privacy laws

We should push back on governments or companies who seek to use Covid-19 as an excuse to collect and use people’s data in ways that are inconsistent with human rights and the rule of law.

At the same time, when critics and advocates argue against the use of data on the basis that there are no or few legal, policy or technical principles and protections for people’s data, we should point to the frameworks that exist to facilitate data sharing while protecting privacy.

Good privacy frameworks provide guidance for the safe and appropriate use of data when it’s most needed. And Covid-19 has underlined the importance for all countries to adopt strong privacy rules.

Of course, many countries — including the United States — do not. They should pass comprehensive privacy frameworks as an urgent priority.

In the meantime, there are a number of global and regional privacy frameworks and principles that governments, companies and civil society can look to, such as the APEC Cross-Border Privacy Rules, the OECD Privacy Guidelines, the General Data Protection Regulation (GDPR) or Convention 108 (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data).

Let’s make our data work for us

We live in a world where the digital products and services we use every day gather huge amounts of data on who we are, where we go and what we do. There are good reasons to be uneasy about the ways in which companies and governments gather and use our data, and along with many other organisations, we’re fighting for the data rights of individuals.

But as long as this data exists, let’s make sure it does more than serve us ever more targeted online ads. At a moment like this, where our data really can benefit ourselves and others, let’s make sure it’s as useful as possible — while ensuring our privacy remains protected.

Of course, good use of data is just one part of a response that must also include sound policies, clear communication, well-resourced healthcare systems, manual contact tracing and much besides. But “good” data — including personal data — can give health authorities, doctors and researchers critical insight to inform strategies to limit the spread of the disease.


Republished here to stimulate discussion. Does any recommendation in the article or policy brief stand out for you? How do you see public policy in your country evolving in regards to Covid-19 data? Contrast this with the April statement „Why an open future has never been more important“ from Open Knowledge Foundation. How do you think we as a community should respond?