COVID-19 Crisis and Data Privacy: The Latest Updates

As government bodies across the globe scramble to slow the spread of COVID-19, leaders are struggling to find a balance between individual privacy rights and public health concerns. In the face of social and economic pressure, governments in the EU and US have turned to sophisticated surveillance tools to help in the fight against the virus. From the use of geolocation data to track community mobility to mandatory quarantine-enforcements apps, the government and private sector’s handling of the ongoing COVID-19 crisis has led to a growing number of privacy concerns.

The EU, known for its stringent privacy regulations, has been at the forefront of implementing such measures. The European Commission is calling on Europe’s telecommunication companies to hand over swaths of consumer mobile data to better understand and predict the spread of COVID-19. This move is part of the Commission’s broader appeal for a unified approach – one with a focus on transparency and privacy considerations.

Despite this recommendation, some member states have moved forward with their own efforts, leveraging technology and mobile data to curb the spread of the virus. For instance, Poland has developed a quarantine-enforcement app. The app randomly prompts users to submit a selfie, then uses facial recognition and device location data to verify the person is following quarantine orders. Users are given 20 minutes to respond before police are alerted.

In the US, federal and state-level governments are turning to Silicon Valley for help in the fight against COVID-19, using mobile location data to track infections and assess social distancing effectiveness. Google has sparked privacy concerns over its launch of Verily – a site that directs potential patients to testing sites and provides virus information – due to its requirement that users have a Google account. Although the US has yet to follow suit in the creation of a surveillance app, privacy rights activists are keeping a close eye on the government’s actions during this crisis.

On a legislative front, efforts to enact federal consumer data protections had gained momentum in recent years, following the Cambridge Analytica scandal. With focus now directed towards the ongoing public health crisis and congress’s normal routines disrupted, these efforts will likely be put on hold for the foreseeable future. At the state-level, the California Attorney General has reinforced his commitment to begin enforcement of CCPA starting July 1st, despite a growing number of calls to delay.

Although many have put aside privacy concerns to deal with the COVID crisis, questions remain regarding what comes next and when this tracking technology will be switched-off. When all is said and done, countries around the world will have amassed huge amounts of personal data. Inevitably this crisis will come to an end, and governments will be tasked with developing an exit strategy to transition back to the status quo. In order to maintain the public’s trust, transparency regarding the use and retention of this data must be treated as an essential component to US and EU exit strategies.

For further discussion around data privacy regulation, contact Kevin Behrens at kbehrens@wcapra.com.