Main session: Data

Event report

This main session discussed issues related to ensuring privacy and other human rights while leveraging the use of data to tackle the pandemic. It also covered policy and governance challenges for implementation of data-driven technologies and patterns of data-sharing during COVID-19. Session moderator Ms Gabriella Razzano (research fellow, Research ICT Africa, South Africa) noted that the level of efficiency of data-driven technologies and policy solutions to fight COVID-19 differs from country to country. But the trend is obvious; expanded use of data has direct implications for data governance and other principles around data. She also mentioned that COVID-19 has exposed a significant digital divide.

Ms Robyn Greene (privacy and public policy manager, Facebook) shared the experience and practices of Facebook regarding data usage for tackling crisis situations. Specifically, for COVID-19 Facebook helps to connect people, fights misinformation online, and supports efforts by public health authorities to contain the virus. Facebook has provided millions of dollars and free ad credits to governments and small businesses and supported research efforts to forecast the spread of the disease through the recently launched Data for Good surveys and maps. ‘Our support for these efforts need not and should not involve compromising people’s privacy’, said Greene.

Data for Good collects aggregated and deidentified user data to help researchers and health authorities respond to this crisis. Facebook has a framework for sharing datasets with trusted partners and research experts:

• Expert guidance (public health experts)
• Advocacy campaigns with WHO and other public health authorities
• Voluntary consent of users to collect their data for research and prediction purposes
• Transparency: clearly disclosing how they check, use, and share a person’s data
• Data minimisation: collecting, using, sharing, and storing the minimum amount of information to support COVID-19 initiatives
• Priority for human rights and due diligence to ensure that Facebook effectively identifies risks related to its COVID response and only proceeds if these can be adequately mitigated.

Greene offered several examples where Data for Good has already been used:  a cholera outbreak in Africa, apps to understand the coronavirus crisis and the effectiveness of non-pharmaceutical interventions in Taiwan, an analysis of lockdown measures in Italy for income and inequality, and targeted public health alerts in California and New York. Other cases include disease prevention maps based on travel tracking, a social connectedness index showing friends across states and countries that can help epidemiologists to forecast the likelihood of disease spread, and mobility maps that show rates of people who reduce mobility or remain in the same place. The latter can provide insights into whether preventive measures are working.

The session heard about the Uruguayan case from Mr Gonzalo Sosa Barreto (attorney, Uruguayan Electronic Government and Information and Knowledge Society Agency (AGESIC)). He noted that problems and challenges derived from the pandemic must be addressed from a human rights perspective and with respect to a state’s international obligations. The Inter-American Commission on Human Rights put in place temporary restrictions to meet the pandemic demands in a proportionate manner. Barreto then turned to the Uruguay health programme,  a collaborative effort involving the private sector, the Ministry of Public Health, and the Agency for Digital Government, which resulted in an app for citizens based on the concept of responsible freedom. This accredited scientific group has been advising the government since the onset of the pandemic. The group receives information from private and public entities and processes it in accordance with a legal framework that requires a justification of legitimate interests from the sender and receiver of the information, consent of the data subject, or an exemption to such consent, for example a legal mandate or a sanitary emergency.

Ms Carmela Troncoso (DP3T Exposure Tracking Protocol Developer Team, Switzerland) offered a new perspective to the data governance debates. She spoke about contact tracing apps, describing them as ‘data-hungry technologies’ with a huge potential for abuse, for example, by hackers, malicious actors, and governments in areas like population control, etc. Data surpluses create threats not only for individuals, but for society in general – let’s recall the Cambridge Analytica case.

Troncoso’s current work focuses on protecting not only the privacy of the end-user, but on  protecting ‘the world from information that had never existed, the information that we had gathered from the phones of everyone’. Troncoso proposed going beyond privacy by design and focusing on ‘purpose limitation by design’.  ‘When we introduce technology, we cannot solve a problem by causing a worse one,’ she said. The problem with current contact tracing apps is that public health systems are not ready to give support to applications lacking the necessary infrastructures.

During the second part of the session, Mr Clayton Hamilton (unit leader for eHealth and innovation eHealth, WHO Regional Office for Europe) provided an overview of digital health policies from 53 European states designed to improve access to healthcare. He noted that even in the most well-prepared health systems there has been wide-scale recognition of the inability of systems to access data in real time.  If we do have access to data, we are unable to effectively act on the knowledge that data brings. He added that  there is an ambiguity in how data legislation at the national level is being interpreted noting the importance of international work specifically in terms of artificial intelligence in machine learning. Some issues cannot be solved by national measures alone; international standardisation is critical when exchanging data across borders to source larger datasets. He concluded by noting that  we do not want a future where health systems are not affordable or accessible to all members of the population because of the digital divide.

Dr Rasha Abdula (Professor, Journalism and Mass Communication at the American University in Cairo (AUC)) focused on governments’ responsibilities for data governance during COVID-19.

We do not know what data governments are gathering in the name of COVID-19 and if this data is necessary to combat the situation.  Is the data being protected, encrypted?  What happens if that data is compromised?  Is it being shared with law enforcement agents? When will the gathering end?  What are they going to do with the data afterwards?  How long does it remain after the pandemic ends?  What kind of accountability exists to make sure that governments do not retain such data when it is no longer needed? ‘Unfortunately, there are more questions than answers’, she concluded.

The final remark was from Mr Amber Sinha (executive director, Center for Internet and Society, India) who noted that the pandemic has led to technosocialism solutions in large parts of the world.  Contact tracing apps have a negative impact on marginalised communities. Humanitarian crises need expedient responses. In countries like India where the Internet penetration rate is relatively low, digital solutions are not a silver bullet. Efforts to deploy a new tracing app often outweigh privacy considerations. Sinha also mentioned the work on the Indian framework for digital identity systems which should serve as guidance for digital contact tracing solutions in India.