Privacy and Pandemics

Emily Benson at the Bertelsmann Foundation: “In bucolic China, a child has braved cold temperatures for some fresh outdoors air. Overhead, a drone hovers. Its loudspeaker, a haunting combination of human direction in the machine age, chides him for being outdoors. “Hey kid! We’re in unusual times… The coronavirus is very serious… run!!” it barks. “Staying at home is contributing to society.”

The ferocious spread of COVID-19 in 2020 has revealed stark policy differences among governments. The type of actions and degrees of severity with which governments have responded varies widely, but one pressing issue the crisis raises is how COVID-19 will affect civil liberties in the digital age.

The Chinese Approach

Images of riot gear with heat-sensing cameras and temperature gun checks in metro stations have been plastered in the news since the beginning of 2020, when the Chinese government undertook drastic measures to contain the spread of COVID-19. The government quickly set about enacting strict restraints on society that dictated where people went and what they could do.

In China, Alipay, an Alibaba subsidiary and equivalent of Elon Musk’s PayPal, joined forces with Ant Financial to launch Alipay Health Code, a software for smart phones. It indicates individuals’ health in green, yellow, and red, ultimately determining where citizens can and cannot go. The government has since mandated that citizens use this software, despite inaccuracies of temperature-reading technology that has led to the confinement of otherwise healthy individuals. It also remains unclear how this data will be used going forward–whether it will be stored indefinitely or used to augment civilians’ social scores. As the New York Times noted, this Chinese gathering of data would be akin to the Centers for Disease Control (CDC) using data from Amazon, Facebook, and Google to track citizens and then share that data with law enforcement–something that no longer seems so far-fetched.

An Evolving EU

The European Union is home to what is arguably the most progressive privacy regime in the world. In May 2018, the EU implemented the General Data Protection Regulation (GDPR). While processing personal data is generally permitted in cases in which individuals have provided explicit consent to the use of their data, several exceptions to these mining prohibitions are proving problematic in the time of COVID-19. For example, GDPR Article 9 provides an exception for public interest, permitting the processing of personal data when it is necessary for reasons of substantial public interest, and on the basis of Union or Member State law which must be proportionate to the aim pursued…(More)”.