Coconet: How health security and individual privacy can go hand in hand

In Thailand, a government website updates citizens on the number of cases in the country.

By Darika Bamrungchok for Coconet

This article was originally published on the website of Coconet, a network co-organised by APC and APC member organisation EngageMedia

It has been two months since the World Health Organization (WHO) declared the COVID-19 pandemic a global health emergency. Many governments have resorted to digital measures to supplement response efforts. Privacy International has been tracking such digital surveillance, which have so far included the following measures:

More importantly, COVID-19 has raised some serious questions: Can privacy and public health security go hand in hand? Is it enough to use safeguards such as transparency and the use of intrusive technology only when absolutely necessary?

We’ll look at how some countries are answering these questions and see if Thailand can do the same.

What digital solutions have other countries done?

Technology has become a crucial part of the COVID-19 response. We are also seeing a collaboration between the public and private sectors to develop digital solutions to the public health emergency.

In South Korea, Taiwan, and Singapore, efficient government responses to COVID-19 all depended on technology, supporting other well-planned measures, to deliver swift assistance to their citizens. On top of providing adequate COVID-19 testing kits, these measures succeeded because their citizens cooperated. But to reach that point, the government must cultivate trust with their citizenry.

Here, transparency in communication is vital.

South Korea, in particular, had to learn that lesson the hard way. In January 2020, the government began posting the detailed location histories, including even personal information, of each person who tested positive for COVID-19. But internet users quickly exploited the disclosed patient data, publicly identifying and hounding these patients. The social stigma attached to the virus prompted the government to acknowledge that this measure, even if well-meaning, was an invasion of privacy that could also discourage citizens from getting tested.

To remedy this, health officials announced this month that they would refine their data-sharing guidelines to minimize patient risk. “We will balance the value of protecting individual human rights and privacy and the value of upholding public interest in preventing mass infections,” said Jung Eun-kyeong, director of the Korea Center for Disease Control and Prevention.

Privacy and health security: Can’t we have both?

Regardless of whether you trust your government with your data, there still remains the challenge of protecting public interest while protecting individual privacy during a public health crisis. Whether it’s collecting or publishing, personal health information is sensitive data. But in a crisis, ensuring public health is also essential.

But this in no way means that the government or the press have to reveal detailed personal data that’s irrelevant to stopping the virus’ spread. Governments should uphold the principle of data minimisation, identifying clear time-frames for data collection, and ensuring that collection is only to control the spread of the coronavirus. Insensitive collection and publishing of personal data might lead to stigma against those with COVID-19, and even patients under investigation.

One good recommendation to follow comes from the Electronic Frontier Foundation. In Thailand, WHO has come out with guidelines to prevent and deal with social stigmatization.

The bottom line is this: If the government cannot create trust and safety for the people, some citizens might conceal their infection to avoid discrimination and stigmatisation. This could lead to people avoiding screenings and testings, which will then lead to more, not less, infections.

Under certain circumstances, rights to privacy may be compromised for the public good. But protecting individual privacy, too, is essential to public interest.

Public health surveillance can be done for the planning, implementation, and evaluation of public health practice. In 2017, WHO published its guidelines on ethical issues in public health surveillance. The guidelines notably do not mention much on digital monitoring and collection of data, or even the use of individual digital data for purposes other than public health.

Security or privacy: What do the Thais have?

In various situations, one problem with privacy in the digital era is that we are not aware of being tracked in the first place. We do not know how much our data has been and is being collected.

This is currently the case in Thailand. After the government passed a decree on March 26, 2020 declaring a state of emergency to combat COVID-19, applications and platforms are now being used to track coronavirus carriers and suspected patients under investigation.

The Thai government announced that they will be using three main platforms to track down the infection:

  • AOT Airports is an application that has been used before, but is now being modified to screen and monitor all travellers from at-risk countries who arrive in Thailand, to track whether they are following the 14-day self-quarantine measure.

  • covid19.ddc.moph.go.th is a government website that regularly reports important information about the pandemic, such as the number of infected individuals.

  • @sabaideebot on LINE Official is a government chatbot for people who have taken a COVID-19 test. Once users have received their test result and filled in their health status, they will be connected to the platform.

The AOT Airport app, while handy for travellers, can also be used to track their whereabouts.

 

With these three platforms, there is a risk that too much personal data is being collected. AOT Airports, for example, asks for information that may be irrelevant to tracking COVID-19 cases, such as all third-party accounts from Google to Line. This data is also at risk of being shared with third parties outside the government, such as private tourism and trading agencies.

We must therefore pay very close attention: What personal data is being collected? Is it relevant to public health interest? Who has access to the data? Where do we draw the line, especially between what’s public and what’s private?

What will the world after coronavirus look like?

Once this pandemic ends, we will need to review the technology used by the Thai government under the emergency decree. We also need to monitor how other countries will review the technology they used during this crisis. also We need only look to the United States as an example, which continues to use highly secretive mass surveillance systems after the 9/11 terrorist attacks.

Yuval Noah Harari, author of the book “Sapiens: A Brief History of Humankind”, asks us to think about the world after the COVID-19 crisis. If we are not careful, the technology used to monitor citizen health will give legitimacy to a terrifying new surveillance system in the long run.

Even though we agree on the necessity of emergency measures to respond to the ongoing health crisis, such emergency measures must be truly necessary and stay only temporarily. It must not outlive the health crisis.

It is important to note that enforcement of severe measures is not the only way to make citizens follow the government’s instructions. Instead, creating trust and communicating transparently are the true keys to crisis management.

In the time of COVID-19, we have to change the question. Instead of asking whether health security and privacy can go hand in hand, we must ask: How can we prioritise both without sacrifice one for the other?

Otherwise, privacy and other human rights – both online and offline – will suffer in the long run.

The original article, which includes a version in Thai, is available here.

 

 



« Go back