Government bodies in the U.S. and Europe have spent years debating or advancing tighter safeguards on the handling of peoples personal data, driven by revelations of abuses by intelligence agencies and big tech companies.
But now privacy concerns on both sides of the Atlantic are at risk amid the urgent fight against the coronavirus pandemic. In some cases, its with at least grudging acceptance from privacy advocates.
The shift has been most pronounced in Europe, home of some of the worlds strictest privacy regulations, where national governments and EU leaders have told wireless carriers to hand over huge stores of data on peoples movements to help predict the virus spread. Polands government has gone even further, ordering people who may be infected to download a smartphone app that monitors whether they are complying with quarantine orders.
The situation is far murkier and ad-hoc in the U.S., where companies such as Google, mobile data businesses and a manufacturer of internet-connected smart thermometers have used their troves of granular information to track broad patterns such as the spread of Covid-19 or the effectiveness of social distancing. State and federal agencies are also teaming up with Silicon Valley to help triage potential patients, direct users to testing clinics and dole out information about the pandemic, raising hackles among privacy advocates about what will happen to the reams of data they collect along the way.
The responses on both continents are raising questions about whether either Europe or America will preserve their bulwarks against snooping governments and intrusive corporations in a time of crisis, and they create a tricky dynamic for tech companies still bruised by past privacy flaps.
The pandemic has also had a more practical impact on privacy efforts in the U.S. — by disrupting Congress routines, it has pushed years of bipartisan efforts to craft new federal consumer data protections to the back-burner indefinitely. That campaign had gained new life on Capitol Hill in 2018 after Facebooks Cambridge Analytica scandal, but the negotiations sputtered in recent months amid partisan disagreements over whether a law should override state protections or give consumers the right to sue. Now, with Congress unable to perform essential legislative functions due to the virus, lawmakers are rapidly running out on time to finish that bill this year.
The broad picture worries some privacy advocates.
“You have this tremendous increase in data collection and what I think you have is the government looking the other way,” said Jeffrey Chester, executive director of the Washington, D.C.-based consumer group Center for Digital Democracy.
“We dont want the Chinese style of authoritarian mass surveillance to take hold in democratic countries, and theres some risk that that could happen,” said Marc Rotenberg, president of the Washington-based Electronic Privacy Information Center. “If people are asked to trade public health versus privacy, they will invariably say, Well obviously public health is more important.”
But some advocates are expressing a willingness to make trade-offs, at least during the crisis.
“This is a time for drastic actions and some of that may involve more invasive data processing than at other times,” said Justin Brookman, director of consumer privacy and technology policy for Consumer Reports.
Maciej Ceglowski, founder of the California-based group Tech Solidarity, went further in an essay last month, writing that its time to take a serious look at “massive” surveillance to curb the disease. That could include using tech and telecom companies detailed location-tracking data to retroactively trace days worth of movements and contacts of people diagnosed with the virus, he said.
That data already exists, Ceglowski said, but isnt being put to use to save lives.
“I am a privacy activist, typing this through gritted teeth, but I am also a human being like you, watching a global calamity unfold around us,” he wrote. “What is the point of building this surveillance architecture if we cant use it to save lives in a scary emergency like this one?”
It seems that people are overreacting
European data collection is “far away” from the Chinese-style mass surveillance that some advocates fear, said Max Schrems, a prominent Austrian activist who has campaigned against data abuses by U.S. intelligence agencies and companies like Facebook. Used well, he said, data can even lessen the virus impact on other fundamental European rights, such as freedom of movement and freedom to conduct a business.
“It seems that people are overreacting,” he said. “Interestingly, the privacy community seems to have less of an issue with certain approaches than the general public.” He said contract tracing apps, for instance, can be a good solution since they can be easily discontinued or deleted — but they face public backlash over their use in countries like China.
“This crisis is bringing to light some of this surveillance capability to the public and showing the concrete implications that daily monitoring of movements have on your life and rights.” — Estelle Massé
Similarly, Estelle Massé, the global data protection lead at the civil rights group Access Now, cautioned against tarring each data-driven scheme with the same brush — noting that some governments have promised to rely on anonymous, “aggregated” information that cannot be traced back to any individual person.
“We cannot put every measure in the same bag. Some countries are actively engaging with their data protection authorities, trying to provide safeguards by relying on anonymized data as much as possible … applying sunset clauses, and more,” she said.
What governments responses to the coronavirus pandemic have done, Massé said, is shine a light on the tension between privacy and surveillance that already exists in Europe. “While the EU is a leader in data protection, many of its member states continue to have sweeping surveillance laws. This crisis is bringing to light some of this surveillance capability to the public and showing the concrete implications that daily monitoring of movements have on your life and rights.”
Google and Apple face questions from Congress
In the U.S., many of the initial privacy questions have focused on a new screening website launched by the Google affiliate company Verily, which is aimed at directing potential patients in the Bay Area to testing locations and informing them about the virus. (The site requires patients to have a Google account, privacy advocates have noted.) Senators including former presidential candidates Cory Booker and Kamala Harris have pressed the company to disclose whether the information it gathers would be shared with Google or other third parties, or used for commercial purposes beyond the scope of pandemic relief.
A spokesperson for Verily has said it “will only retain the data as long as necessary to fulfill the purposes of the Baseline COVID-19 testing program, or unless the individual separately authorizes further retention and use of information.”
Google announced a separate initiative Friday that uses data from smartphones to trace whether people in 131 counties are obeying pleas to stay home or are venturing out to places like stores or parks. But its making that data publicly available only in broad summaries that dont reveal any individual persons movements, identity, location or contacts.
The full extent of government or corporate data-tracking in the pandemic fight in the U.S. is far from clear. White House officials have denied any interest in collecting detailed information on peoples travels, despite some news reports to the contrary. The Wall Street Journal also reported that some state governments are seeking assistance from Clearview AI, a facial-recognition company that has drawn widespread criticism for allowing police agencies to tap its vast database of peoples photos scraped from the internet.
One major U.S. wirelRead More – Source