Any unprecedented crisis in the U.S. ignites — or refuels — debate regarding civil liberties or more specifically to tech, privacy.
In an effort to help the coronavirus response, Alphabet subsidiary Verily launched a screening website, where users input medical history data. Governments and the Centers for Disease Control and Prevention are leveraging anonymized cell phone location data to chart where stay-home-orders are disobeyed, the Wall Street Journal reported. The data is reportedly provided by advertisement firms, not cell phone carriers.
The former is a voluntary service, the latter has no opt-out policy.
The coronavirus pandemic is creating a gray area between helping the greater good and loosening data privacy expectations. If consumers are giving up privacy rights to aid in relief, industries need to ensure collected data will only be used for the explicitly stated purpose; in this case, coronavirus response.
"You do see a lot of negotiation and horsetrading over what, under normal circumstances, we would fight very hard to protect," Jena Valdetero, data security and privacy lawyer at Bryan Cave Leighton Paisner, told CIO Dive.
"Because emotions are running so high, and we're living in this really bizarre, new normal, people are willing to lose what they care about in terms of their own privacy if it means helping the greater good," she said.
How data sharing could work in a pandemic
Companies attached to advertising or marketing, that rely on consumer data for personalization, have an obligation to be overly transparent at this time, said Valdetero. Because Verily is within the same family as Google — a personal data megahouse — there are privacy concerns. Verily has not yet responded to requests for comment.
"Perhaps the hardest part of everyone working together is working with your users and even your competitors to co-operate together," Danny O'Brien, director of strategy at the Electronic Frontier Foundation, told CIO Dive. The internet works as a medium for industries to pool efforts instead of "starting from scratch."
However, data sharing historically is a privacy red flag. One of the best — and costly — examples of poor data sharing was Facebook's Cambridge Analytica scandal.
The coronavirus is tempting how industries, including the government, can potentially benefit from relaxed privacy standards.
The data is anonymized, but geolocation through cell phones allows a person's whereabouts to be tracked, according to Valdetero. Law enforcement could follow cell phones back to disenfranchised neighborhoods and target those people. Civil liberties and rights are linked to discrimination and it's difficult to determine if human biases would surface when emotions are already running high.
Frequently, more data is shared than is necessary. "At the time it's shared, it's shared for one reason. And then once the recipient has the data, it's very easy to say, 'Oh, well, we could also do these 10 other things with all the data that we collected,'" said Valdetero.
If consumers consent to the government using private data during a crisis, the boundaries of data use have to be explicitly outlined:
-
Did the organization get people to turn over data in connection to a specific service or to assist in coronavirus research?
-
If data was submitted specifically related to coronavirus, will it be used for other reasons?
-
Will the data be shared with other entities: healthcare officials, academics, government, etc?
-
Who will store the data collected in relation to coronavirus?
-
Is the data accurate enough to create reliable databases?
-
Will the data collected for coronavirus response be destroyed after it's used?
-
If the data cannot be destroyed, how can industry guarantee it's been aggregated sufficiently to protect individual identities?
"Before you start digging into your store of private data to see if it might help the fight against the pandemic, remember: that's not your area of expertise. And it's not your personal data," said O'Brien.
While companies still have to comply with the CCPA or HIPAA, the pandemic is testing the boundaries of privacy. Even though the U.S. is facing amn unprecedented time, all data privacy regulations won't be dismantled. Companies can face legal woes for unfair or deceptive practices.
However, if those practices occurred during the outbreak in an effort to serve the greater good, it could come down to a "sympathetic judge," said Valdetero.
"That's a million dollar question," she said. "We may feel uneasy about the fact that these things have taken place. But have we actually been harmed by it?" If a consumer isn't "hurt" by a privacy incident — whether neglect or otherwise — there can't be a lawsuit brought by a consumer.