As economies gradually open up and more tracking efforts are launched, the members and observers of the Global Privacy Assembly’s (GPA) COVID-19 Taskforce, which the National Privacy Commission (NPC) chairs, has flagged contact-tracing as “the biggest area of challenge for data regulators around the world.”
In the recent joint webinar of the Taskforce and the Centre for Information Policy Leadership (CIPL), NPC Commissioner Raymund Liboro said that a survey conducted by the Taskforce showed contact-tracing and location tracking ranked as the most pressing privacy issue for many jurisdictions and organizations globally.
“As one of the new emerging challenges confronting us, contact-tracing applications pose questions on proportionality and transparency requirements, privacy issues on location tracking and surveillance, and whether privacy by design approach figured in the development of these applications,” Liboro said.
NPC: Data Privacy Act is not a hindrance to contact tracing
NPC works with DOH on COVID-19 contact tracing, issues privacy guidelines
“Our data subjects need us now more than ever. Our roles as data privacy authorities are significant in protecting individuals’ personal information and fostering privacy rights, especially during this time,” Liboro added.
Impact on data subjects
The country’s privacy watchdog chief emphasized that the regulators must understand the contact-tracing’s effectiveness and impact on data subjects.
Liboro said that the NPC is closely watching local and international privacy-related developments.
“We are here to provide them with the most relevant bulletins, guidelines, and best practices for emerging data privacy concerns,” he added.
Dr. Caroline Buckee, associate professor for epidemiology at Harvard University, who joined the CIPL-GPA joint meeting, underscored the need for policymakers to have more understanding of how to translate raw data into useful insights, narrowing the need for more data to only the important bits.
Source of data
Citing the increased source of data such as from credit cards transactions and from the burgeoning ad tech industry, Buckee said, “We’ve seen a really interesting sea change where from January onwards, there were companies who really want to share data and policymakers want all the insights.”
Buckee said that the data must be rounded “in a very clear epidemiological goal” because there is a “massive disconnect” as more data is “not always good.”
“And we need to understand how policy makers can use it and there’s a huge heterogeneity in the capacity of policy makers to take in data and use it in a sensible way. And we’ve seen that everywhere in low-and high-income settings where there’s this capacity issue on the policy end,” she said.
Meanwhile, Singapore’s Personal Data Protection Commission Assistant Chief Executive Zee Kin Yeong, also among the discussants, urged governments to reexamine data protection principles, particularly the accuracy obligation, and find ways to make it more relevant for businesses.
“We need to spend some time thinking of the importance of accurate data and encouraging businesses to use the right business intelligence tools to be able to get the correct insights. And how do we translate this accuracy obligation in a way that will resonate with the companies in this point in time who are trying to make good business decisions… so that they are able to get to the road of recovery and stay on the road of recovery,” Zee Kin said.
Cross-border data
Zee Kin also told governments to begin looking at how to go about cross-border data exchanges in anticipation of international travels.
“As economies repower, and international travel comes to mind, what we need to start considering is how do we facilitate the exchange of data, a collaboration of contact-tracing efforts for international travelers, so that we can assist the recovery of our economies,” he added.
Liboro reiterated that public trust is vital in effectively rolling out contact-tracing mechanisms and other digital solutions.
“Trust will only happen if our citizens are convinced that their data is processed fairly, lawfully and securely,” he said.
The NPC chief pointed out that the collectors of data must abide by the agreed terms and seek new consent for future changes to have a transparent data ecosystem.
The COVID-19 Task Force chair also said that the privacy regulators should hold authorities and other authorized controllers accountable.
Liboro also called on intensified collaboration as data privacy challenges were expected to rise amid the gradual opening up of the economy.
“We must continue creating knowledge and share best practices as a global community, and develop the confidence to declare to our governments and citizens that public health and personal data protection are on the same side in this time of pandemic,” he said.