Page 73 - SAMENA Trends - May 2020
P. 73
ARTICLE SAMENA TRENDS
tracing app was built upon Bluetooth In addition to commitment on the above the absence of such national legislation,
connection data between devices. For principles by the entities gathering and any Telco sharing personal location data,
hard-hit Western countries, technological managing the personal data, there should even with governments, is therefore in
responses have been much slower, be a wider protection for individuals in non-compliance of the law. Questions
primarily owing to stricter data protection terms of state-level or national-level data were already being raised about data
laws and higher cultural aversion towards protection act(s). In most of the apps/ shared, or rumored to be shared by Telcos
privacy infringements. However, in light of mechanisms launched so far, all measures such as Vodafone in Italy, Telekom Austria
the success achieved by certain East Asian required for an ideal state have not been A.G. in Austria, and BT and O2 in the UK.
countries in containing the virus’s spread, observed.
the overall view seems to be changing. Whereas Telcos have a central role in
direct mobile data sharing, they are only
In line with the generally established principles around facilitators in app-based approaches,
data protection as clearly delineated in the European where the two key types of players are
governments and the large technology
General Data Protection Regulation (GDPR), in an ideal giants such as Apple and Google.
situation, any app/ mechanism built to combat COVID-19 Singapore spearheaded the government
should adhere to the principles of: Consent i.e. ensure that approach using systematic consent
through an opt-in basis for their contact
appropriate permission has been received from the data tracing app, TraceTogether. Rather than
subject, Transparency i.e. inform data subjects as to how working with Telcos’ data, this app used
Bluetooth to make devices communicate
their data will be used, Purpose limitation i.e. ensure that with each other and, ultimately with public
the gathered data is used only for the purposes indicated, health authorities. Several European
countries are trying to emulate similar
and Security standards i.e. ensure appropriate security apps for example, France’s StopCovid app,
measures will be undertaken to protect this personal data which publicly claims to be “anonymous
from getting leaked or shared outside of the original intent. and voluntary”. However, the consent
component is already being blurred in
some countries as governments, such as
Several gaps exist with respect to an ideal For example, in South Korea and Taiwan, the in India, made the app usage mandatory
state of data sharing data shared by Telcos with the government for specific parts of the population such as
The existing and new types of information can serve to identify specific cases and is for people who work in public and private
that organisations may collect to applicable to all the population, whether offices, for all train travelers and for the
combat COVID-19 cover aspects such they provide consent or not. While these ones living in high-risk areas with respect
as effectiveness of self-isolation, body measures provide a pragmatic means for to spread of the virus. Additionally, given
temperature, visitors to the premises, effective containing of the spread, they do that India does not have a national data
and device location data, all of which are raise serious privacy concerns. However, privacy law, there are concerns over the
personal data. data sharing Telcos stand on robust legal app being used in a way that violates civil
grounds for example, in South Korea, a law liberties, including as a state surveillance
In line with the generally established drafted in the wake of 2015 MERS outbreak system that could be exploited after the
principles around data protection as gives the Korea Centers for Disease app outlives its coronavirus-tracking
clearly delineated in the European General Control & Prevention (KCDC) unwarranted purpose.
Data Protection Regulation (GDPR), in an powers to require data when there is a
ideal situation, any app/ mechanism built public health emergency. Whereas Telcos have a
to combat COVID-19 should adhere to
the principles of: Consent i.e. ensure that In more protective Western countries, central role in direct mobile
appropriate permission has been received similar laws are mostly non-existing data sharing, they are only
from the data subject, Transparency however, the GDPR does allow for such data
i.e. inform data subjects as to how their processing if certain principles are met. facilitators in app-based
data will be used, Purpose limitation i.e. In normal times, the GDPR prohibits any approaches, where the two
ensure that the gathered data is used only sharing of personal data without consent. key types of players are
for the purposes indicated, and Security However, exceptional provisions exist in
standards i.e. ensure appropriate security case of epidemics to deal with personal governments and the large
measures will be undertaken to protect health data and to allow EU member states technology giants such as
this personal data from getting leaked or to introduce specific legislations for other
shared outside of the original intent. types of data such as mobile location. In Apple and Google.
73 MAY 2020
