Human rights groups warn governments of privacy laws when tracking COVID-19

110 organisations have set out eight conditions proposed for governments worldwide to adhere to if they are using surveillance technology to combat the pandemic.
Written by Aimee Chanthadavong, Contributor

Some 110 human rights and civil society organisations from around the world have jointly called for all governments to adhere to human rights laws when using digital surveillance technologies to track and monitor individuals and populations to combat the spread of the novel coronavirus.

Signatories of the joint statement include Amnesty International, Algorithm Watch, Australian Privacy Foundation, Digital Rights Watch, European Digital Rights, Foundation for Information Policy Research, Human Rights Watch, International Service for Human Rights, and World Wide Web Foundation.

"An increase in state digital surveillance powers, such as obtaining access to mobile phone location data, threatens privacy, freedom of expression, and freedom of association, in ways that could violate rights and degrade trust in public authorities -- undermining the effectiveness of any public health response. Such measures also pose a risk of discrimination and may disproportionately harm already marginalized communities," the joint statement said.

"These are extraordinary times, but human rights law still applies. Indeed, the human rights framework is designed to ensure that different rights can be carefully balanced to protect individuals and wider societies.

"States cannot simply disregard rights such as privacy and freedom of expression in the name of tackling a public health crisis. On the contrary, protecting human rights also promotes public health. Now more than ever, governments must rigorously ensure that any restrictions to these rights is in line with long-established human rights safeguards."

As part of the statement, the signatories set out eight proposed conditions for all governments to adhere to if increased digital surveillance is used to respond to the COVID-19 pandemic.

See also: How smart city tech is being used to control the coronavirus outbreak (TechRepublic)

Specifically, it proposes that any surveillance measures adopted for addressing the pandemic are to be lawful; any response must incorporate accountability protections and safeguards against abuse; any expanded surveillance and monitoring powers used by government to address the current pandemic are time-bound; and any increased collection, retention, and aggregation of personal data, including health data, are to be used only for the purpose of responding to the COVID-19 pandemic.

In addition, the signatories said the use of any digital surveillance technologies, including big data and artificial intelligence, must address risks in relation to discrimination against racial minorities and marginalised populations; any data sharing between government and other entities is to be done based on existing laws; and any COVID-19 related data collection efforts should include free and active participation from relevant stakeholders, such as experts from the public health sector.

The Office of the Australian Information Commissioner (OAIC) previously issued similar warnings to employers across the country about the need to still be mindful of their obligations under the Privacy Act 1988 when handling information related to the COVID-19 coronavirus outbreak. 

The OAIC said that while it appreciated that employers are facing unprecedented challenges when addressing the spread of the virus, they are still obligated to maintain a safe workplace for staff and visitors and must handle personal information appropriately. 

"In order to manage the pandemic while respecting privacy, agencies, and private sector employers should aim to limit the collection, use, and disclosure of personal information to what is necessary to prevent and manage COVID-19, and take reasonable steps to keep personal information secure," the OAIC wrote

Last month, the Information Commissioner's Office in the UK assured that it was okay for the government to use smartphone location tracking data to help fight and monitor the spread of coronavirus so long as the data remains anonymised.

The UK government had reportedly held talks with mobile phone operators to use location and usage data to track the movements of UK citizens in an effort to identify patterns, track the spread of the virus, and ensure social distancing and lockdowns were being adhered to.

"Generalised location data trend analysis is helping to tackle the coronavirus crisis. Where this data is properly anonymised and aggregated, it does not fall under data protection law because no individual is identified," said ICO deputy commissioner Steve Wood.

"In these circumstances, privacy laws are not breached as long as the appropriate safeguards are in place," he added.

While the US and the UK are examining the prospect of using surveillance technology to track the spread of coronavirus, countries such as Brazil, Singapore, Israel, China, and South Korea are already tracing location data in an effort to combat the spread.

Meanwhile, Amazon, Microsoft, and Palantir are reportedly joining forces to help the UK's National Health Service (NHS) analyse data to determine where resources such as ventilators, hospital beds, and doctors are most needed.

In turn, NHS England will create a data store from multiple data sources, such as 111 online/call centre data from NHS Digital and COVID-19 test result data from Public Health England.

The NHS said all records would be destroyed when the crisis is over.

Editorial standards