Privacy impact of COVID19-related shift to online activities (payments, virtual meetings, e-commerce/e-banking)
Issues of privacy and data collection emerged as a major topic in today's discussions on the impact of the internet. The global pandemic introduced a new focus on this issue, as we witnessed people’s lives and work becoming dependant on online services. In this light, the session looked at the challenges brought by the new models of global economy, education, and online work.
As Ms Olga Stepanova (WINHELLER Rechtsanwaltsgesellschaft mbH), the session moderator mentioned, a new paradigm of the use of online tools will create new practices. The session aimed to report some of the new practices and challenges, with focus on Germany and the EU General Data Protection Regulation (GDPR).
Cybersecurity concerns: remote work and a rise in number of cyberattacks
Last year was a turbulent one for all enterprises. Apart from quickly investing in conferencing and collaboration tools, many companies were implementing those tools without proper risk assessment. There were no clear guidelines in place.
The results from the TrustArc privacy survey, presented by Mr Paul Breitbarth (Director, Global Policy and EU Strategy, TrustArc) showed that less than 50% of companies updated their policies related to work from home or bringing office equipment home. Less than 40% offered employee training, which could be a great starting point for empowering the users. It is not late to start introducing such training now, Breitbarth mentioned, as this new work setup will show the significant increase in data handling, as well as pose risk to data mishandling or breach.
In the field of digital payments and online finance we witnessed a significant rise in number of cyberattacks, promoted by the fact that users were doing almost all of the payments via online banking. In words of Ms Esen Esener (Compliance/privacy Manager at the FinTech Nuri), digital literacy is important to prevent such increased attacks on users. She mentioned the evidence of various scams and attacks, from phone and SMS hijacking attempts, to phishing attacks via popular online messengers. The use of mobile phones as primary devices for online banking intensified such attacks during the period of the extensive use of online finance.
Online education: the case of Germany
The online education, and in particular online schooling for kids under 18, was not spared of disruption. According to Ms Meike Erbguth-Feldner (Teacher at a school for children with learning difficulties, Ansbach), during the first lockdown in the spring of 2020, there were no distinctive rules for the use of online tools. During the second lockdown, the schools introduced specific vendor tools which they were advised to use. However, in view of the privacy policies in Germany, the use of video feed was made optional for the pupils. In her experience, she found this to be a limiting factor for engaging kids and conveying knowledge.
Privacy and data protection concerns
Erbguth-Feldner noted that many pupils live with siblings and parents who also perform their work using online conferencing tools, which raises issues of device privacy.
The GDPR imposes a lot of rules for companies to comply with, while, on the other hand, public services are not under such level of scrutiny. Ms Teresa Widlok (Vice Chair, LOAD German Association for Liberal Network Politics) stated that we need broader multistakeholder discussions on how certain technology solutions impact our privacy.
A good example of that was a recent discussion on contact tracing apps that was conducted in Europe. Focus of this discussion was the technology behind it, which made the decision well informed. Such pattern of multistakeholder approach can be copied in future solutions. Policy makers should tap into to this base of knowledge provided by the civil society in order to produce more informed policies. With the introduction of online tools in telemedicine, online education, and the public sector, a big task will be to actively promote the idea that data protection is not an obstacle to productivity and innovation.
The pandemic led us to the core questions of the data protection issue. Our discussions need to focus more on the specifics, with better accountability of all of those who handle data. Data protection presents a different issue depending on the user.