Difference between revisions of "COVID-19 Data Privacy"

Revision as of 17:48, 16 March 2021 (view source) Asterch (Talk | contribs) (added first few sentences) ← Older edit		Revision as of 09:08, 18 March 2021 (view source) Asterch (Talk | contribs) (→‎Future Potential Issues) Newer edit →
Line 29:		Line 29:
	==Future Potential Issues==		==Future Potential Issues==
−	Various factors surrounding COVID-19 data can potentially impact many individuals in the future.	+	Various factors surrounding COVID-19 data can potentially impact individuals in the future.  If data is breached by cybercriminals through databases or apps, this would create an opportunity for identity theft.  Although unknown who it would target, this could negatively impact many lives where their data and information is misused.  Criminals can also steal an individual’s identity by posting their paper vaccination card on social media.  When they have access to your date of birth and location, it’s easier for them to piece together your social security number, giving them access to all of your personal information.
		+
		+	Some countries such as Isreal have implemented a COVID-19 “vaccination passport” app created by companies like IBM and The World Economic Forum.  These apps are designed to store vaccine and health data for individuals who have been fully vaccinated.  Vaccine passes can be utilized to scan and get access to hotels, restaurants, gyms, and other open spaces.  Although this would bring back some normalcy to our everyday lives, it could also be used to track individuals’ movements without them even knowing.  Access to this proprietary information by owners of this data could reveal more than people anticipate.  It can disclose habits, sexual preferences, religion, political affiliations, and different search results people don’t know these applications have access to.
		+
		+	“Vaccine passport” apps could create a larger divide between those who have access to the vaccine and those who do not or do not plan on getting it themselves, portraying a skewed and unrealistic representation of data.
	== Legislation ==		== Legislation ==

---

Revision as of 09:08, 18 March 2021

Covid-19 data privacy concerns refer to the balance between health and privacy during the pandemic and the concerns that citizens have over their personal information. As Covid-19 caused a global emergency in March 2020, several restrictions were put in place by governments and institutions in order to save lives. Mounting evidence demonstrates that the collection, use, sharing and further processing of data can help limit the spread of the virus and aid in accelerating the recovery, especially through digital contact tracing.^[1] Data collection could include vast amounts of personal and non-personal sensitive data. As a result, there have been several concerns from the public that certain measures put in place during the Covid-19 pandemic have led to the infringement of fundamental human rights and freedoms.

Concerns by Country

China

Baidu, a Chinese search engine company, developed an algorithm for the Beijing subway police to identify commuters who were not wearing masks. Baidu also has an online consultation service, which has handled over 15 million inquiries. Chinese legislation doesn’t limit Baidu in what they can do with health information from its users. Alibaba, the world’s largest e-commerce company, launched a drug delivery service to treat people with chronic illnesses. The service entered health information from patients into an extensive database, which also tracked their online purchases.^[2]

South Korea

In South Korea, a quarantine protection tracking app worked by alerting officials if people were violating restrictions. South Korea also introduced a facial recognition app that allowed health providers to quickly identify names of patients.

Israel

When Israel ordered citizens to stay at home, it used a cell phone tracking tool, also used to track terrorists, so that the government could tell if citizens were breaking protocols. Some politicians in Israel referred to the mobile phone tracking system as an assault on the privacy of Israelis. Supercom, a biometric company headquartered in Israel, introduced an electronic monitoring and tracking platform for the population.^[4]

United States

In the US, the government worked with data mining company Palantir to model the virus outbreak. The government also worked with other companies to scrape public social media data to monitor public discussion of symptoms. The government also had active talks with Facebook and Google (among others) about using location data from Americans’ phones to map the spread of the infection.^[5]

Concerns by Practice

Contact Tracing

Contact tracing is the process of identification of persons who may have come into contact with an infected person and subsequent collection of further information about these contacts. According to the World Health Organization (WHO), data protection and privacy laws need to be in place to provide a legal basis for data processing, restrictions on data use, measures to establish oversight, and sunset clauses to dismantle certain technologies. The WHO also outlined several principles for the appropriate use of tracking technologies, which include time limitation, data minimization, and transparency.^[6]

Testing

Covid-19 testing has led to increased data collection from citizens. Personal data and test results are sometimes shared freely between health care providers and public health officials. In some cases, first responders have been given the addresses of people who have tested positive for Covid-19. Several countries, including the UK, US, and Germany, have considered using antibody test information as “immunity certificates.”^[7]

Vaccines

Vaccinations for Covid-19 require data collection from the general public. In an effort to vaccinate the population quickly, Philadelphia partnered with a nonprofit, Philly Fighting COVID. It was eventually discovered that the nonprofit changed its status to ‘for profit’ and its private policy claimed that it could sell preregistration data it collected. The data it collected included name, birthday, address, and occupation.^[8] There have also been concerns that collecting personal data could dissuade undocumented people from getting vaccinated.^[9]

Future Potential Issues

Various factors surrounding COVID-19 data can potentially impact individuals in the future. If data is breached by cybercriminals through databases or apps, this would create an opportunity for identity theft. Although unknown who it would target, this could negatively impact many lives where their data and information is misused. Criminals can also steal an individual’s identity by posting their paper vaccination card on social media. When they have access to your date of birth and location, it’s easier for them to piece together your social security number, giving them access to all of your personal information.

Some countries such as Isreal have implemented a COVID-19 “vaccination passport” app created by companies like IBM and The World Economic Forum. These apps are designed to store vaccine and health data for individuals who have been fully vaccinated. Vaccine passes can be utilized to scan and get access to hotels, restaurants, gyms, and other open spaces. Although this would bring back some normalcy to our everyday lives, it could also be used to track individuals’ movements without them even knowing. Access to this proprietary information by owners of this data could reveal more than people anticipate. It can disclose habits, sexual preferences, religion, political affiliations, and different search results people don’t know these applications have access to.

“Vaccine passport” apps could create a larger divide between those who have access to the vaccine and those who do not or do not plan on getting it themselves, portraying a skewed and unrealistic representation of data.

Legislation

Introduced in April 2020, the Covid-19 Consumer Data Protection Act,^[10] would make it unlawful for a covered entity to “collect, process, or transfer the covered data of an individual” without prior notice and express consent unless necessary to comply with a legal obligation. Covered in the bill, entities would need to provide individuals with the right to opt-out from having data collected. Entities would also be required to delete information when it is no longer useful and minimize their collection of data.^[11]

Senators are trying to pass better privacy health laws in order reassure the public that their health information stays private. The Public Health Emergency Privacy Act^[12] is one piece of legislation that would provide some legal safeguards. The act, introduced in May 2020, would do the following:

• Ensure that data collected for public health is strictly limited for use in public health;
• Explicitly prohibit the use of health data for discriminatory, unrelated, or intrusive purposes, including commercial advertising, e-commerce, or efforts to gate access to employment, finance, insurance, housing, or education opportunities;
• Prevent the potential misuse of health data by government agencies with no role in public health;
• Require meaningful data security and data integrity protections – including data minimization and accuracy – and mandate deletion by tech firms after the public health emergency;
• Protect voting rights by prohibiting conditioning the right to vote based on a medical condition or use of contact tracing apps;
• Require regular reports on the impact of digital collection tools on civil rights;
• Give the public control over their participation in these efforts by mandating meaningful transparency and requiring opt-in consent;
• Provide for robust private and public enforcement, with rulemaking from an expert agency while recognizing the continuing role of states in legislation and enforcement.

Notes

1. ↑ https://www.who.int/news/item/19-11-2020-joint-statement-on-data-protection-and-privacy-in-the-covid-19-response
2. ↑ https://businesslawtoday.org/2020/03/covid-19-data-privacy-health-vs-privacy
3. ↑ https://www.cnn.com/2020/02/28/tech/korea-coronavirus-tracking-apps/index.html
4. ↑ https://businesslawtoday.org/2020/03/covid-19-data-privacy-health-vs-privacy
5. ↑ https://www.wsj.com/articles/to-track-virus-governments-weigh-surveillance-tools-that-push-privacy-limits-11584479841
6. ↑ https://www.who.int/publications/i/item/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1
7. ↑ https://iapp.org/news/a/should-first-responders-know-the-addresses-of-those-with-covid-19/
8. ↑ https://www.vox.com/recode/22251118/vaccine-health-data-privacy-laws-philadelphia
9. ↑ https://www.beckershospitalreview.com/cybersecurity/state-officials-express-privacy-concerns-over-cdc-s-call-for-covid-19-vaccine-data-registry.html
10. ↑ https://iapp.org/news/a/republican-senators-to-introduce-the-covid-19-consumer-data-protection-act/
11. ↑ https://www.congress.gov/bill/116th-congress/senate-bill/3663
12. ↑ https://www.bennet.senate.gov/public/_cache/files/e/f/eff19960-ab72-42df-b49f-7e3dbe66c75a/87421A2A334F7DD17EE87A9F75AFA39F.public-health-emergency-privacy-act---one-pager.pdf