COVID-19 and the privacy problem

Like many facets of business and life, the crisis is showing us what needs to be fixed, and it's no different with privacy

Coronavirus tracing apps, temperature sensing drones, phone apps to monitor social distancing, tech giants sharing smartphone location and mobility data - the COVID-19 pandemic is revealing the many ways technology and data can be used to protect human health. But at what cost to privacy?

Collecting information about people is nothing new - governments have long conducted population data gathering in the form of a census. But now technology has enabled granular personal details on a minute-by-minute basis, both offline and online, to be collected in great swathes. It’s gold for the businesses who compete for our attention and our dollars and hunger for intelligence to guide their activities.

“It shows us something that has always been true, but that we are increasingly aware of - data is power,” Ethics Centre fellow, Dr Matt Beard, told CMO. “We have always collected data and information as a way of obtaining power. And we're continuing to do that. Now it's just there are more forms of data we can collect in a measurable, quantifiable way that we can analyse, store and process.

“There are loads of other kinds of data available to us. And we're trying to collect them at the moment because we want some level of control so that we can secure public health."

That doesn't necessarily mean we shouldn't ask questions about the way in which that is trying to be achieved, however. Dr Beard noted particular questions around the risks that arise from that, who those risks flow to and who is left out of the solution.

Selling the COVIDSafe app

The big questions right now are around the COVIDSafe app. Can the nation’s chief marketer sell the benefits over the perceived risks of a tracing app?

The government has been at pains to reassure citizens their data will be protected and their privacy assured if they use the COVIDSafe app. It has introduced new public health information legislation to protect privacy, which comes on top of protections under the Biosecurity Act, and published a privacy impact assessment. Yet it has not released any of the source code as promised.

Legal and privacy experts, such as UNSW faculty of law senior lecturer, Katharine Kemp, and UNSW professor of law and information systems, Graham Greenleaf, have written the app collects far more data than the government has admitted.

They point out the Privacy Impact Assessment found the app records and shares to the central data store – if a user who tests positive consents – data about other users who were in range of Bluetooth even for a minute within the preceding 21 days. Ministers have said the app would only collect data of other app users within 1.5 metres, for at least 15 minutes. When a user tests positive, the app would allow the user to consent to the upload of only those contacts.

For Dr Beard, privacy concerns about the COVIDSafe app show the enormous trust required for people to adopt the app, like they have accepted severe Covid-related restrictions. The intended goal is for the greater good of limiting the spread of the virus and keeping people safe. But the app is requiring a big public marketing campaign, official reassurances and new laws.

"There are absolutely obligations we have to the group and times when we have to set aside our individual convenience and self-interest in order for the group to benefit," he said. "That’s what it means to be a citizen.

“In principle that makes sense, but when you look at the context and specifics, the framing of this has been problematic. It’s ‘are you willing to do this or not’ without necessarily providing people with enough information to make a reasonable choice."

The lack of information includes selling the app as though it were protection “like sunscreen', giving the impression it has preventative powers from virus infection. It’s presented as a solution to a problem, rather than a tool with a specific purpose. Beard stressed it’s crucial to think about the value that can be conveyed by the tracing app, and to have an appropriate mode of communication to secure reasonable trust.

“The important thing to think about is what kind of conversation needs to take place and what kind of messaging needs to take place from the government so that we could say that the people who either are using the app or are not using the app are doing so with good justification for that decision,” he said.

“In an ideal world, we would be more willing to hand over information to government as a more trusted institution that should be acting in our interest. But what we're seeing here, in terms of reluctance, is just how far government has to go in order to demonstrate that sort of trust so we can say ‘Yes, we believe you have good intentions and systems and processes and accountability and transparency. And that means we can have confidence to hand over information to you and trust it is only going to be used for the ends that have been stipulated’."

Will COVID-19 spur on privacy regulations?

It’s still early days, but one of the wider implications is whether the heightened focus on privacy will usher in new regulations when it comes to personal information, data collection and privacy. Imagine, for example, if these kinds of actions had been taken with the introduction of the MyHealth record system, the metadata laws and the proposed facial recognition database. Again, the virus has an uncomfortable way of revealing what might have been done differently.

Dentsu executive director, data and analytics, John Price, anticipated the COVID-19 outbreak will be a catalyst that accelerates development of ethics and regulations around consumer data use.

“Much of the debate about the implementation of the Australian Government’s COVID-19 tracking application has been driven by consumer fear of the worst possible outcomes,” said Price. “As legislators and consumers become better informed about the mechanics of relevant technologies, we will see increased willingness by the market to adapt ethics and regulations that make sense where there is a clear societal or consumer benefit to evolve."

In Dentsu’s Data Consciousness Project research conducted during late 2019, 49 per cent of Australian consumers agreed sharing personal data is a necessary part of the modern economy. In addition, three quarters believed government needed to play a bigger role in regulation of its usage. 

“As we improve education and awareness of data security and data privacy in the market, we will see public responses shift focus from prevention and blockage of data use toward identifying how to reap the benefits of personal data sharing while ensuring there are relevant circuit breakers to apply appropriate limitations,” said Price.

“Moving forward, brands and government organisations working with consumer data will need to provide upfront transparency with their consumers and constituents. Doing this via extended terms and conditions is also not the answer."

Price cited a recently an assessment that found the average time it takes to read terms and conditions of major technology platforms ranges from 10 minutes to more than an hour.

“Consumers are generally aware the use of their data is part of improving their customer experience, so being clear with them in simple ways on how you are using their data will help establish and maintain their trust in your brand,” he said.

According to LogRhythm CMO, Cindy Zhou, the COVID-19 pandemic has resulted in many businesses facing data privacy questions as they monitor the impact of the virus on their organisation.

“In response to these concerns, we have seen international authorities take action to encourage, and in some instances require organisations to monitor and respond to these evolving cybersecurity and data privacy issues,” she told CMO.

“Marketers are faced with more regulation and stricter guidelines on our ability to procure contacts, yet the lead generation expectations are high. The idea of a worldwide privacy framework is hard to fathom right now, but I believe is needed to ensure consistency in how we manage privacy and consent. The current landscape of GDPR in Europe, California's CCPA, and Canada's CASL have nuances in the text that creates confusion for global marketers.”

Beyond the current period, Zhou saw the need for a clear and accurate public statement from authorities about what personal data is being collected, why it is being collected, with whom (if anyone) it will be shared, how it will be secured, and how long it will be retained.

However, there are those who believe a world-wide privacy framework is exponentially more complex. Attivo Networks CMO, Carolyn Crandall, said a framework detailing minimum handling and safety measures could help protect our personal information, yet creating a centralised database that attackers would aggressively target in order to modify, steal or destroy data is extremely risky.

“It could also create opportunities for violating an individual’s privacy - having all the data in one place might allow for undesired correlation of information and its potential misuse by adversaries or portions of government overstepping their intended boundaries,” she warned.

Avoiding the ‘honey pot’ risk may entail common requirements over a common storehouse of data. There are precedents for regional compliance structures that enable the free flow of data while imposing uniform data protection requirements such as the APEC Privacy Framework and EU-US and Swiss-US Privacy Shield Framework. These could serve as a model, according to CrowdStrike VP and counsel, privacy and cyber policy, Drew Bagley.

He noted recent legislative developments globally have included common requirements such as incorporating privacy-by-design, implementing cybersecurity, and reporting data breaches if they are likely to pose a risk to individuals. “Accordingly, a global framework focused on these common requirements could provide a practical means to incentivise the adoption of more uniform data protection practices,” he said.

Bagley explained a global policy framework could include a flexible, principles-based approach, rather than prescriptive requirements, an acknowledgement that not all data is created equal. Some data types, for instance, are more sensitive than others. Then there are other considerations such as data processing transparency, incentives to adopt new safeguards as threats evolve, and support for global data flows needed for innovative technologies often dependent on dynamic cross-border data transfers.

Up next: Redefining privacy as a human right

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

More Videos

More Brand Posts

What are Chris Riddell's qualifications to talk about technology? What are the awards that Chris Riddell has won? I cannot seem to find ...

Tareq

Digital disruption isn’t disruption anymore: Why it’s time to refocus your business

Read more

Enterprisetalk

Mark

CMO's top 10 martech stories for the week - 9 June

Read more

Great e-commerce article!

Vadim Frost

CMO’s State of CX Leadership 2022 report finds the CX striving to align to business outcomes

Read more

Are you searching something related to Lottery and Lottery App then Agnito Technologies can be a help for you Agnito comes out as a true ...

jackson13

The Lottery Office CEO details journey into next-gen cross-channel campaign orchestration

Read more

Thorough testing and quality assurance are required for a bug-free Lottery Platform. I'm looking forward to dependability.

Ella Hall

The Lottery Office CEO details journey into next-gen cross-channel campaign orchestration

Read more

Blog Posts

Marketing prowess versus the enigma of the metaverse

Flash back to the classic film, Willy Wonka and the Chocolate Factory. Television-obsessed Mike insists on becoming the first person to be ‘sent by Wonkavision’, dematerialising on one end, pixel by pixel, and materialising in another space. His cinematic dreams are realised thanks to rash decisions as he is shrunken down to fit the digital universe, followed by a trip to the taffy puller to return to normal size.

Liz Miller

VP, Constellation Research

Why Excellent Leadership Begins with Vertical Growth

Why is it there is no shortage of leadership development materials, yet outstanding leadership is so rare? Despite having access to so many leadership principles, tools, systems and processes, why is it so hard to develop and improve as a leader?

Michael Bunting

Author, leadership expert

More than money talks in sports sponsorship

As a nation united by sport, brands are beginning to learn money alone won’t talk without aligned values and action. If recent events with major leagues and their players have shown us anything, it’s the next generation of athletes are standing by what they believe in – and they won’t let their values be superseded by money.

Simone Waugh

Managing Director, Publicis Queensland

Sign in