Search this website. You can use fund codes to locate specific funds

Data privacy and protection in the coronavirus pandemic

Policymakers around the globe have attempted to crack down on intrusions by technology companies into users’ data privacy, with tighter regulation and greater scrutiny. But the coronavirus pandemic has raised concerns about a similar intrusion by governments, for the greater public good. Engager Janet Wong explores the issue.

Fast reading

  • Governments look to technology to help tackle pandemic
  • Contact tracing apps and health data sharing raise civil liberties questions

This is the first global pandemic of the digital age. In China, where Covid-19 originated, some local governments launched their own health code apps and accessed users’ GPS location data to track the development of the virus. Telecommunications companies collaborated with local governments and provided users’ location data. This had human rights ramifications. For example, it was reported that Hangzhou citizens could be barred from workplaces and highways based on the colour of their health code. This raises questions about potential discrimination and the associated mental stress, as the health code algorithms are opaque.

As the coronavirus continues to spread in the UK, Continental Europe and the US, researchers and scientists in the West are now evaluating some of the methods adopted in Asia. These include contact tracing apps and health data sharing, which are common in China, Singapore and South Korea. This has far-reaching implications for civil liberties. Under new state of emergency powers, to what extent has there been independent scrutiny of the ethical and social aspects of these methods?

Data privacy intrusions

In recent years, technology companies have been castigated for their failure to respect data privacy. For example, Facebook paid a record-breaking US$5bn fine to settle Federal Trade Commission charges in relation to its violation of users’ privacy in the 2018 Cambridge Analytica scandal. Aside from the financial impact, companies have to work hard to regain customers’ trust and their social licence to operate.

China has witnessed a similar trend. In early 2018, users of Alibaba's affiliate Ant Financial criticised the company for signing them up to Zhima (Sesame) Credit, its social credit scoring system, by default. In the same year, Chinese state media widely reported an online backlash against Robin Li, Baidu's founder/CEO, for his comments that Chinese people were willing to give up data privacy for convenience. In March 2019, mainland Chinese media reported a customer’s complaints about suspected eavesdropping by Meituan, a food delivery app. And according to iiMedia Research, 97% of Chinese apps have now obtained permission to access the user’s camera by default, some 95% get access to the GPS location, 85% access voice recording, and 35% the user’s contacts.

The regulatory response

In response, regulators have sought to crack down on abuses. In Europe, the General Data Protection Regulation (GDPR) came into effect in May 2018 to enhance public awareness of data privacy as a human right. And in late December 2019, the Cyberspace Administration of China (CAC) finalised its data privacy law for mobile apps’ personal data collection. Since November it has punished at least 100 apps across e-commerce, banking and other sectors for incorrect collection of personal data, lack of privacy agreements or ambiguous rules.

However, some governments are now piggy-backing on technology companies’ offerings to manage their response to the pandemic. In the US, it is reported that a White House taskforce has reached out to health technology companies to create a national coronavirus surveillance system in order to track cases. Google and Apple are reportedly collaborating on contact tracing to help in the fight against the pandemic. Are we now seeing policymakers formally endorsing the “trade-off” between privacy and convenience/utility, in the name of national security? Health privacy laws usually grant broad exceptions for this purpose, but should users accept this?

Ongoing monitoring

Some epidemiologists argue that contact tracing apps can only be effective when the adoption rate exceeds 60%, but the desired uptake has not yet been achieved even in countries like Singapore, where a compliance culture is strong.

Meanwhile, Chinese regulators continue to monitor companies’ intrusion into users’ data privacy, especially health apps, amid the Covid-19 outbreak. In March, the CAC published an article on its official WeChat account to highlight its evaluation of health platform apps. Many fell short of the regulator’s expectations in terms of purpose limitation, user consent and data minimisation.

We will continue to engage with technology and healthcare companies globally to ensure they are aware of this complex topic and demonstrate their commitment to upholding basic human rights principles. However, as individuals, we will need to consider the tension between our personal rights to data privacy and the greater public good.

Related Insights

Burberry case study
Burberry has reaffirmed its commitment to find alternatives to incinerating surplus stock in the midst of the coronavirus pandemic and set a science-based carbon reduction target.
The coronavirus and the race for a vaccine
With the coronavirus pandemic set to continue without an effective and widely-available vaccine, all eyes are on the pharmaceutical sector.
Mizuho Financial Group case study
Mizuho has made a commitment to ending financing of new coal-fired power plants and reducing exposure to coal-fired power plants to zero by 2050, the only Japanese bank to makes such a commitment.
A voting season like no other
With many companies opting for virtual shareholder meetings, how did investors ensure their concerns about climate change, diversity and human rights risks were addressed?
Antimicrobial resistance and the challenge for pharmaceutical companies
A lack of research and development into new antibiotic classes compounds the serious threat that antimicrobial resistance poses to public health.
Repsol case study
Repsol became the first oil and gas company to commit to a net-zero goal by 2050, supported by a decarbonisation pathway with interim targets, setting a higher benchmark for the industry. EOS has engaged with the company since 2013 on its climate action and targets.

EOS Client Service and Business Development

Amy D’Eugenio,
Head of Client Service and Business Development, EOS