Personal Data Privacy vs Public Interest
Covid-19 Data Gathering Brings a Personal Data Protection Policy Rethink
DOI:
https://doi.org/10.25007/ajnu.v1n1a1940Keywords:
Privacy; Public Interest; COVID-19; Sensitive Personal Data; Data Processing; Right to be Forgotten.Abstract
Governments around the world have gathered masses of personal information on their citizens as part of the fight against the Covid pandemic. Citizens, willingly for the most part, yielded such data in order to protect the public good and safety of society. Focusing on personal data gathering, processing and protection for public good, the authors consider how far citizens are willing to accept that their personal data can be collected by governments during a public health crisis. The situation in Europe and in China shall be compared, showing how the “public interest” during Covid-19 was understood very differently in different jurisdictions.
Downloads
References
FOOTNOTES
Ram, N. and Gray, D., 2020.
Latemore, G., 2021.
Bond, J.W., 2009.
Moujahdi, C. and Assad, N., 2019.
Ienca, M. and Vayena, E., 2020.
Gvili, Y., 2020.
do Carmo Barriga, A., Martins, A.F., Simões, M.J. and Faustino, D., 2020.
European Convention on Human Rights (ECHR, 2013), Art. 8(2).
European General Data Protection Regulation (GDPR, 2018), Recital. 54.
Guglielmetti, P., Coulombier, D., Thinus, G., Van Loock, F. and Schreck, S., 2006.
European Centre for Disease Prevention and Control. 2018.
Forman, R. and Mossialos, E., 2021.
European Council. 2023.
Warren, G.W. and Lofstedt, R., 2022.
Huang, J.J., 2020.
Schwartz, P.M., 2019.
PIPL 2021, Art. 13(4).
PIPL 2021, Art. 47(1).
Whether private or public agencies.
PIPL 2021, Art. 47(1).
The General Data Protection Regulation (GDPR, 2018), Art.17 regulates the right to be forgotten which includes (1) individuals have the right to have personal data erased; (2) data “controller should take reasonable steps, taking into account available technology and the means available to the controller, including technical measures, to inform the controllers which are processing the personal data of the data subject’s request.”
PIPL 2021, Art. 47 states individuals have the right to have personal data erased.
Almeida, B.D.A., Doneda, D., Ichihara, M.Y., Barral-Netto, M., Matta, G.C., Rabello, E.T., Gouveia, F.C. and Barreto, M., 2020.
Kędzior, M., 2021.
Lanzing, M., Lievevrouw, E. and Siffels, L., 2022.
Guo, Y., Chen, J. and Liu, Z., 2022.
Zhang, Z., 2022.
Bradford, L., Aboy, M. and Liddell, K., 2020.
GDPR 2018, Art. 4(1).
PIPL 2021, Art. 4(1).
GDPR 2018, Art. 9(1); PIPL 2021, Art. 28(1).
GDPR 2018, Art. 9(1).
GDPR 2018, Art. 9(2)(g).
PIPL 2021, Art. 4(2).
GDPR 2018, Art. 9(1); PIPL 2021, Art. 28(1).
EDPB, based in Brussels, was established under the GDPR as an independent European body contributing to the consistent application of data protection rules throughout the EU, and promoting cooperation between the EU’s data protection authorities.
European Data Protection Board, 2020.
Cong, W., 2021.
Trestian, R., Celeste, E., Xie, G., Lohar, P., Bendechache, M., Brennan, R. and Ta, I., 2022.
Zhang, Z., 2022; Gasser, U., Ienca, M., Scheibner, J., Sleigh, J. and Vayena, E., 2020.
Hernández-Orallo, E., Manzoni, P., Calafate, C.T. and Cano, J.C., 2022.
Alshawi, A., Al-Razgan, M., AlKallas, F.H., Suhaim, R.A.B., Al-Tamimi, R., Alharbi, N. and AlSaif, S.O., 2022.
GDPR 2018, Art. 4(1); PIPL 2021, Art. 4(1).
Cristani, F.. 2021.
Civil Liberties Union for Europe. 2021.
Euronews. 2021(B).
Euronews. 2021(A).
Blade, T. 2022.
Euronews. 2022.
Civil Liberties Union for Europe. 2021.
Mandatory means use by everyone living in China unless they were too young or too old to access mobile devices.
Kostka, G. and Habich-Sobiegalla, S., 2022.
Zhou, S.L., Jia, X., Skinner, S.P., Yang, W. and Claude, I., 2021.
Gambarelli, G. and Gangemi, A., 2022.
GDPR 2018, Art. 9(1).
Ohm, P., 2014.
PIPL 2021, Art. 28.
Quinn, P. and Malgieri, G., 2021.
GDPR 2018, Art. 9; PIPL 2021, Art. 28.
Quinn, P. and Malgieri, G., 2021.
GDPR 2018, Art. 9(1).
PIPL 2021, Art. 28(1).
Matic, S., Iordanou, C., Smaragdakis, G. and Laoutaris, N., 2020.
Eisenstadt, M., Ramachandran, M., Chowdhury, N., Third, A. and Domingue, J., 2020.
Zuo, Y.T. and Wang, T.Y., 2021.
Zhang, X., 2022.
Wang, B., 2023.
GDPR 2018, Art. 1; PIPL 2021, Art. 1.
Data Protection Act (DPA, 2018), Art.6(1)(b).
GDPR 2018, Art. 6(1)(e).
PIPL 2021, Art. 13(4).
Agarwal, P., Swami, S. and Malhotra, S.K., 2022.
Information Commissioner’s Office, 2022.
GDPR 2018, Art. 4(1); PIPL 2021, Art. 4.
Yang, C., 2022.
Nageshwaran, G., Harris, R.C. and Guerche-Seblain, C.E., 2021.
Spector-Bagdady, K., 2021.
Ho, K.K., Chiu, D.K. and Sayama, K.L., 2023.
Hamza, M., Khan, A.A. and Akbar, M.A., 2022.
ECHR 2013, Art. 8(2).
Civil Liberties Union for Europe. 2021.
Ungoed-Thomas, J. 2022.
The State Information Center and the National Health Commission of China.
Zhang, Z., 2022.
Zhu, L. and Demircioglu, M.A., 2022.
Yang, F., Heemsbergen, L. and Fordyce, R., 2021.
Li, V.Q., Ma, L. and Wu, X., 2022.
Davidson, H., 2022.
Liu, J. and Zhao, H., 2021.
Greenleaf, G., 2022.
GDPR 2018, Art. 17(1)(a).
PIPL 2021, Art. 47(1).
Baidu, China’s Google equivalent, the largest and most widely used search engine in Mainland China.
‘Ren Jiayu v. Beijing Baidu Netcom Technology Co., Ltd.’, 2015.
PIPL 2021, Art. 47(1).
GDPR 2018, Art. 17(1)(a).
GDPR 2018, Art. 4(8).
GDPR 2018, Art. 17(2).
GDPR 2018, Art. 17(3)(c).
Correia, M., Rego, G. and Nunes, R., 2021.
Rajczi, A., 2016.
Schünemann, W.J. and Windwehr, J., 2021.
REFERENCES
Agarwal, P., Swami, S. and Malhotra, S.K., 2022. Artificial intelligence adoption in the post COVID-19 new-normal and role of smart technologies in transforming business: a review. Journal of Science and Technology Policy Management.
Almeida, B.D.A., Doneda, D., Ichihara, M.Y., Barral-Netto, M., Matta, G.C., Rabello, E.T., Gouveia, F.C. and Barreto, M., 2020. Personal data usage and privacy considerations in the COVID-19 global pandemic. Ciencia & saude coletiva, 25, pp.2487-2492.
Alshawi, A., Al-Razgan, M., AlKallas, F.H., Suhaim, R.A.B., Al-Tamimi, R., Alharbi, N. and AlSaif, S.O., 2022. Data privacy during pandemics: A systematic literature review of COVID-19 smartphone applications. PeerJ Computer Science, 8, p.e826.
Blade, T. 2022. Tens of thousands protest COVID vaccine pass across France Access to the comments Comments. [Online]. [Accessed 7 February 2023]. Available from: https://www.euronews.com/2022/01/09/tens-of-thousands-protest-covid-vaccine-pass-across-france.
Bond, J.W., 2009. The value of fingerprint evidence in detecting crime. International Journal of Police Science & Management, 11(1), pp.77-84.
Bradford, L., Aboy, M. and Liddell, K., 2020. COVID-19 contact tracing apps: a stress test for privacy, the GDPR, and data protection regimes. Journal of Law and the Biosciences, 7(1), p.lsaa034.
Civil Liberties Union for Europe. 2021. COVID-19 Technology in the EU: A Bittersweet Victory for Human Rights?. [Online]. [Accessed 5 February 2023]. Available from: https://dq4n3btxmr8c9.cloudfront.net/files/c-5f-T/Liberties_Research_EU_Covid19_Tracing_Apps.pdf.
Cong, W., 2021. From pandemic control to data-driven governance: The case of China’s health code. Frontiers in Political Science, 3.
Correia, M., Rego, G. and Nunes, R., 2021. The right to be forgotten and COVID-19: Privacy versus public interest. Acta Bioethica, 27(1), pp.59-67.
Cristani, F.. 2021. Protecting privacy and data while tracking COVID-19 in Europe: which cooperation? A focus on Italy and the Czech Republic. 2021 Czernin Security Forum: Digital Transformation in Europe after 2020: Adaptation in Cyberspace, 20 November, Prague.
Data Protection Act (DPA, 2018).
Davidson, H., 2022. China scraps tracking app as zero-Covid policy is dismantled. The Guardian. [Online]. [Accessed 24 January 2023]. Available from: https://www.theguardian.com/world/2022/dec/12/china-scraps-tracking-app-amid-widespread-dismantling-of-zero-covid-policy.
do Carmo Barriga, A., Martins, A.F., Simões, M.J. and Faustino, D., 2020. The COVID-19 pandemic: Yet another catalyst for governmental mass surveillance?. Social Sciences & Humanities Open, 2(1), p.100096.
Eisenstadt, M., Ramachandran, M., Chowdhury, N., Third, A. and Domingue, J., 2020. COVID-19 antibody test/vaccination certification: there’s an app for that. IEEE Open Journal of Engineering in Medicine and Biology, 1, pp.148-155.
Euronews. 2021(A). France: Tens of thousands protest against COVID pass, vaccination. [Online]. [Accessed 7 February 2023]. Available from: https://www.euronews.com/my-europe/2021/07/17/france-tens-of-thousands-protest-against-covid-pass-vaccination.
Euronews. 2021(B). Protesters march against COVID-19 health pass in Barcelona. [Online]. [Accessed 7 February 2023]. Available from: https://www.euronews.com/2021/12/11/protesters-march-against-covid-19-health-pass-in-barcelona.
Euronews. 2022. COVID-19 vaccine passport protests in Europe draw thousands of people. [Online]. [Accessed 7 February 2023]. Available from: https://www.euronews.com/2022/01/22/covid-19-vaccine-passport-protests-in-europe-draw-thousands-of-peopl.
European Centre for Disease Prevention and Control. 2018. Early Warning and Response System of the European Union (EWRS). [Online]. [Accessed 4 February 2023]. Available from: https://www.ecdc.europa.eu/en/publications-data/early-warning-and-response-system-european-union-ewrs.
European Convention on Human Rights (ECHR, 2013).
European Council. 2023. EU digital COVID certificate: how it works. [Online]. [Accessed 14 February 2023]. Available from: https://www.consilium.europa.eu/en/policies/coronavirus/eu-digital-covid-certificate/.
European Data Protection Board, 2020, Statement on the processing of personal data in the context of the COVID-19 outbreak.
European General Data Protection Regulation (GDPR, 2018).
Forman, R. and Mossialos, E., The EU Response to COVID—19: From Reactive Policies to Strategic Decision—Making, Journal of Common Market Studies (2021).
Gambarelli, G. and Gangemi, A., 2022. PRIVAFRAME: A Frame-Based Knowledge Graph for Sensitive Personal Data. Big Data and Cognitive Computing, 6(3), p.90.
Gasser, U., Ienca, M., Scheibner, J., Sleigh, J. and Vayena, E., 2020. Digital tools against COVID-19: taxonomy, ethical challenges, and navigation aid. The Lancet, Digital Health, 2(8), pp.e425-e434.
Greenleaf, G., 2022. Now 157 Countries: Twelve Data Privacy Laws in 2021/22. Privacy Laws & Business International Report, 17(6), pp.3-8.
Guglielmetti, P., Coulombier, D., Thinus, G., Van Loock, F. and Schreck, S., 2006. The early warning and response system for communicable diseases in the EU: an overview from 1999 to 2005. Eurosurveillance, 11(12), pp.7-8.
Guo, Y., Chen, J. and Liu, Z., 2022. Government responsiveness and public acceptance of big-data technology in urban governance: Evidence from China during the COVID-19 pandemic. Cities, 122, p.103536.
Gvili, Y., 2020. Security analysis of the COVID-19 contact tracing specifications by Apple Inc. and Google Inc. Cryptology ePrint Archive.
Hamza, M., Khan, A.A. and Akbar, M.A., 2022, June. Toward a secure global contact tracing app for COVID-19. In Proceedings of the International Conference on Evaluation and Assessment in Software, pp. 453-460.
Hernández-Orallo, E., Manzoni, P., Calafate, C.T. and Cano, J.C., 2022. A methodology for evaluating digital contact tracing apps based on the COVID-19 experience. Scientific Reports, 12(1), p.12728.
Ho, K.K., Chiu, D.K. and Sayama, K.L., 2023. When privacy, distrust, and misinformation cause worry about using COVID-19 contact-tracing apps. IEEE Internet Computing (Preprint).
Huang, J.J., 2020. Applicable law to transnational personal data: trends and dynamics. Cambridge German Law Journal, 21(6), pp.1283-1308.
Ienca, M. and Vayena, E., 2020. On the responsible use of digital data to tackle the COVID-19 pandemic. Nature medicine, 26(4), pp.463-464.
Information Commissioner’s Office, 2022. What is personal data? [Online]. [Accessed 9 February 2023]. Available from: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what -is-personal-data/.
Kędzior, M., 2021, January. The right to data protection and the COVID-19 pandemic: the European approach. In ERA forum (Vol. 21, No. 4, pp. 533-543). Berlin/Heidelberg: Springer Berlin Heidelberg.
Kostka, G. and Habich-Sobiegalla, S., 2022. In times of crisis: Public perceptions toward COVID-19 contact tracing apps in China, Germany, and the United States. New Media & Society, p.14614448221083285.
Lanzing, M., Lievevrouw, E. and Siffels, L., 2022. It takes two to techno-tango: an analysis of a close embrace between Google/Apple and the EU in fighting the pandemic through contact tracing apps. Science as Culture, 31(1), pp.136-148.
Latemore, G., 2021. COVID and the common good. Philosophy of Management, 20(3), pp.257-269.
Li, V.Q., Ma, L. and Wu, X., 2022. COVID-19, policy change, and post-pandemic data governance: a case analysis of contact tracing applications in East Asia. Policy and Society, 41(1), pp.129-142.
Liu, J. and Zhao, H., 2021. Privacy lost: Appropriating surveillance technology in China’s fight against COVID-19. Business Horizons, 64(6), pp.743-756.
Matic, S., Iordanou, C., Smaragdakis, G. and Laoutaris, N., 2020, October. Identifying sensitive urls at web-scale. Proceedings of the ACM Internet Measurement Conference, pp. 619-633.
Moujahdi, C. and Assad, N., 2019. On the security of face recognition terminals at modern airports. International Journal of Computing and Digital Systems, 8(5), pp.470-476.
Nageshwaran, G., Harris, R.C. and Guerche-Seblain, C.E., 2021. Review of the role of big data and digital technologies in controlling COVID-19 in Asia: Public health interest vs. privacy. Digital Health, 7.
Ohm, P., 2014. Sensitive information. Southern California Law Review, 88, p.1125.
Quinn, P. and Malgieri, G., 2021. The Difficulty of Defining Sensitive Data—The Concept of Sensitive Data in the EU Data Protection Framework. German Law Journal, 22(8), pp.1583-1612.
Rajczi, A., 2016. Liberalism and public health ethics. Bioethics, 30(2), pp.96-108.
Ram, N. and Gray, D., 2020. Mass surveillance in the age of COVID-19. Journal of Law and the Biosciences, 7(1), p.lsaa023.
‘Ren Jiayu v. Beijing Baidu Netcom Technology Co., Ltd.’, [2015] 09558, (Beijing’s First Intermediate People’s Court).
Schünemann, W.J. and Windwehr, J., 2021. Towards a ‘gold standard for the world’? The European General Data Protection Regulation between supranational and national norm entrepreneurship. Journal of European Integration, 43(7), pp.859-874.
Schwartz, P.M., 2019. Global data privacy: The EU way. NYUL Rev., 94, p.771.
Spector-Bagdady, K., 2021. Governing secondary research use of health data and specimens: the inequitable distribution of regulatory burden between federally funded and industry research. Journal of Law and the Biosciences, 8(1), p.lsab008.
The General Data Protection Regulation (GDPR, 2018).
The Personal Information Protection Law of China 2021 (PIPL ,2021).
Trestian, R., Celeste, E., Xie, G., Lohar, P., Bendechache, M., Brennan, R. and Ta, I., 2022, June. The privacy paradox-investigating people’s attitude towards privacy in a time of COVID-19. In 2022 14th International Conference on Communications (COMM) (pp. 1-6). IEEE.
Ungoed-Thomas, J. 2022. Controversial £360m NHS England data platform ‘lined up’ for Trump backer’s firm. [Online]. [Accessed 9 February 2023]. Available from: https://dq4n3btxmr8c9.cloudfront.net/files/c-5f-T/Liberties_Research_EU_Covid19_Tracing_Apps.pdf.
Wang, B. Celebrities’ Photos, Other Info Leaked Due to Privacy Flaw in Beijing’s Health Code. [Online]. [Accessed 17 February 2023]. Available from: https://en.pingwest.com/a/8168.
Warren, G.W. and Lofstedt, R., 2022. COVID-19 vaccine rollout management and communication in Europe: one year on. Journal of Risk Research, 25(9), pp.1098-1117.
Yang, C., 2022. Digital contact tracing in the pandemic cities: Problematizing the regime of traceability in South Korea. Big Data & Society, 9(1).
Yang, F., Heemsbergen, L. and Fordyce, R., 2021. Comparative analysis of China’s Health Code, Australia’s COVIDSafe and New Zealand’s COVID Tracer Surveillance Apps: a new corona of public health governmentality?. Media International Australia, 178(1), pp.182-197.
Zhang, X., 2022. Decoding China’s COVID-19 Health Code Apps: The Legal Challenges. Healthcare, 10, p. 1479.
Zhang, Z., 2022. Public Health vs. Personal Privacy During COVID-19 in China. In Coping with COVID-19, the Mobile Way: Experience and Expertise from China (pp. 169-185). Singapore: Springer Nature Singapore.
Zhou, S.L., Jia, X., Skinner, S.P., Yang, W. and Claude, I., 2021. Lessons on mobile apps for COVID-19 from China. Journal of Safety Science and Resilience, 2(2), pp.40-49.
Zhu, L. and Demircioglu, M.A., 2022. National approaches for citizen data management in response to COVID-19: An overview and implications of contact tracing apps in 21 countries. Information Polity (Preprint), pp.1-23.
Zuo, Y.T. and Wang, T.Y., 2021. Conflicts and solutions between the public’s right to know and citizens’ right to privacy [疫情背景下公众知情权与公民隐私权的冲突及
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Academic Journal of Nawroz University
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors retain copyright
The use of a Creative Commons License enables authors/editors to retain copyright to their work. Publications can be reused and redistributed as long as the original author is correctly attributed.
- Copyright
- The researcher(s), whether a single or joint research paper, must sell and transfer to the publisher (the Academic Journal of Nawroz University) through all the duration of the publication which starts from the date of entering this Agreement into force, the exclusive rights of the research paper/article. These rights include the translation, reuse of papers/articles, transmit or distribute, or use the material or parts(s) contained therein to be published in scientific, academic, technical, professional journals or any other periodicals including any other works derived from them, all over the world, in English and Arabic, whether in print or in electronic edition of such journals and periodicals in all types of media or formats now or that may exist in the future. Rights also include giving license (or granting permission) to a third party to use the materials and any other works derived from them and publish them in such journals and periodicals all over the world. Transfer right under this Agreement includes the right to modify such materials to be used with computer systems and software, or to reproduce or publish it in e-formats and also to incorporate them into retrieval systems.
- Reproduction, reference, transmission, distribution or any other use of the content, or any parts of the subjects included in that content in any manner permitted by this Agreement, must be accompanied by mentioning the source which is (the Academic Journal of Nawroz University) and the publisher in addition to the title of the article, the name of the author (or co-authors), journal’s name, volume or issue, publisher's copyright, and publication year.
- The Academic Journal of Nawroz University reserves all rights to publish research papers/articles issued under a “Creative Commons License (CC BY-NC-ND 4.0) which permits unrestricted use, distribution, and reproduction of the paper/article by any means, provided that the original work is correctly cited.
- Reservation of Rights
The researcher(s) preserves all intellectual property rights (except for the one transferred to the publisher under this Agreement).
- Researcher’s guarantee
The researcher(s) hereby guarantees that the content of the paper/article is original. It has been submitted only to the Academic Journal of Nawroz University and has not been previously published by any other party.
In the event that the paper/article is written jointly with other researchers, the researcher guarantees that he/she has informed the other co-authors about the terms of this agreement, as well as obtaining their signature or written permission to sign on their behalf.
The author further guarantees:
- The research paper/article does not contain any defamatory statements or illegal comments.
- The research paper/article does not violate other's rights (including but not limited to copyright, patent, and trademark rights).
This research paper/article does not contain any facts or instructions that could cause damages or harm to others, and publishing it does not lead to disclosure of any confidential information.
