Privacy / Surveillance / Data Protection

Ada Lovelace Institute, 'No Green Lights, No Red Lines: Public Perspectives on COVID-19 Technologies' (July 2020)
Abstract: How to contain the COVID-19 virus swiftly and effectively, with minimum impact on health, economies, societies and individuals, is the defining question of 2020. As lockdown eases after the first wave, we are at a moment when Government and policymakers can consider how to balance risk and shape freedoms at a local, or even individual, level. Novel and intrusive technologies are likely to play a part in that, but - as we have seen with contact tracing - it will be a challenge to navigate the risks and trade-offs. In this report, we articulate lessons from public engagement to assist Government and policymakers navigating difficult dilemmas when deploying data-driven technologies to manage the pandemic, and when judging what risks are acceptable to incur for the sake of greater public health.

Allman, Kate, 'Privacy Concerns over Mobile Tracing App' (2020) 66 LSJ: Law Society of NSW Journal 22
Abstract: Legal bodies have sounded alarm bells over the federal government's plan to release a mobile-tracing app that would help track the contacts and movement of people infected with COVID-19.

Allman, Kate, 'Technology: NSW Allows Witnessing Documents via Video Call - but Are There Privacy Risks?' (2020) 67 LSJ: Law Society of NSW Journal 14
Abstract: As office spaces have been forced shut by COVID-19, many law firms have shifted the bulk of their legal work online in the space of a few weeks. Some have been left wondering whether this rapid transition could introduce previously not-contemplated privacy and security risks for lawyers and their clients.

Almada, Marco and Juliano Maranhao, 'Voice-Based Diagnosis of Covid-19: Ethical and Legal Challenges' (2021) International Data Privacy Law Article ipab004, published 28 January 2021
Jurisdiction: Brazil
Key Points: Ongoing research projects, among them the Brazilian SPIRA and SoundCov initiatives, seek to diagnose Covid-19 and severe respiratory insufficiency through the analysis of voice recordings. The voice recordings may also be used to infer information about various personal traits, including some considered as sensitive by data protection law. The deployment of such apps may promote significant benefits in the context of a pandemic, since telemedicine avoids the risks of infection, both to potential patients and to the health-care professionals, as compared to presential consultation; those benefits, however, must be evaluated in light of the ethical and data protection concerns mapped in this article. The operation of voice-based medical apps involves various kinds of personal data, which means that those apps must follow the requirements imposed by Brazil's General Data Protection Law (LGPD), such as the need for a legal basis for data processing and the purpose limitation of processing. The LGPD also provides a series of rights to users and other data subjects, such as the right to erasure and the right to information about the processing, which must be implemented by any diagnosis app.

Amit, Moran et al, 'Mass-Surveillance Technologies to Fight Coronavirus Spread: The Case of Israel' (2020) 26(8) Nature Medicine 1167-1169
Abstract: As the COVID-19 pandemic escalates, teams around the world are now advocating for a new approach to monitoring transmission: tapping into cellphone location data to track infection spread and warn people who may have been exposed. Here we present data collected in Israel through this approach so far and discuss the privacy concerns, alternatives and different 'flavors' of cellphone surveillance. We also propose safeguards needed to minimize the risk for civil rights.

Amram, Denise, 'The Role of the GDPR in Designing the European Strategy on Artificial Intelligence: Law-Making Potentialities of a Recurrent Synecdoche' [2020] Opinio Juris in Comparatione (pre-print)
Abstract: Starting from an analysis of the EU Reg. n. 2016/679 on General Data Protection Regulation (GDPR), the Author deals with the opportunity to translate the current strategies on Artificial Intelligence into a possible general risk-based framework that combines hard and soft law instruments with the practical needs emerging in different sectors where AI technologies find application (i.e. healthcare, industrial innovation and robotics, workplace, etc.). This analysis allows the Author to provide a notion of 'AI Controller', whose main roles, responsibilities, and obligations are listed in a 'General AI Regulation' proposal, illustrated in the last paragraphs.

Angiolini, Chiara et al, 'Remote Teaching During the Emergency and Beyond: Four Open Privacy and Data Protection Issues of "Platformised" Education' (2020) 1(1) Opinio Juris in Comparatione 45-72
Abstract: Due to the spread of Covid-19 in the first months of 2020, almost all Universities across Europe had to close their buildings and migrate online. This rapid shift towards the provision of education online has been characterized by the externalization to and use of third-party service providers, such as Zoom, for ensuring the continuity of learning. The 'platformisation' of education, however, raises several concerns, especially from a privacy and data protection perspective. The aim of this paper is to map the possible data protection risks emerging from the platformisation of education by focusing on the most pressing points of friction with the European data privacy regime: 1) allocation of roles and responsibilities of the actors involved; 2) transparency of the processing and possibility to effectively exercise data subjects' rights; 3) extra-EU data transfers after Schrems II; 4) challenges of e-proctoring systems. The paper argues that the implementation of the right to privacy and data protection in remote teaching is not merely an issue of compliance, but a substantial measure that Universities shall ensure to guarantee the fundamental rights of our students and colleagues. The paper concludes with recommendations for ensuring a safer and fairer remote teaching experience, also discussing long-term strategies beyond the emergency and beyond the mere compliance with the General Data Protection Regulation.

Aragao, Alexandra, 'Mobile Apps for the Epidemiological Surveillance of COVID-19: A European Perspective on Reliable Digital Technology' in Ewoud et al Hondius (ed), Coronavirus and the Law in Europe (Intersentia, 2020)
Abstract: The COVID-19 pandemic in 2020 posed unprecedented challenges to healthcare systems, to economic stability, to the normal way of life and social values. A challenge of such magnitude requires a proportionate response. Mobile applications that produce anonymous and aggregated mobility data to assist health authorities and other competent public authorities in their efforts to contain the spread of the virus, seem to be the answer that we were looking for. The benefits of using new communication technologies of geolocation to reach one of the most important social purposes, such as health protection, are indisputable. What is still to be discussed is the security of the production, access and use of the information produced, processed, stored, and transmitted. The Recommendation (EU) 2020/518 of the European Commission is fundamental to develop trustworthy digital technology.

de Azevedo, Leonardo Neri Candido and Angus Young, 'Zoom: Data Protection in Light of COVID-19' (2020) 26(6) Computer and Telecommunications Law Review 151-152
Abstract: Considers how the coronavirus pandemic has expanded the use of Zoom communications software by individuals and businesses, and the cybersecurity implications. Reviews the data protection shortcomings associated with its use, including hacking and the unauthorised sending of information to Facebook, and discusses the company's data protection obligations, the need for consent to data sharing, and the implications of Zoom being based in Brazil.

Baker, Alison et al, 'Online Privacy: What's at Risk?' (2020) 22 Internet Law Bulletin 30-31
Abstract: The necessity for remote working during the COVID-19 pandemic has meant that understanding privacy law obligations is more important than ever. There has been increased activity from cybercriminals looking to take advantage of and exploit privacy gaps in business identified during the crisis. With the foreseeable future likely focusing on a hybrid model of office work and work from home, businesses need to put in place appropriate cyber risk mitigation strategies to protect the personal information they hold.

Banner, Natalie F, 'The Human Side of Health Data' (2020) 26(7) Nature Medicine 995
Abstract: Reuse of patient data for research purposes could be very fruitful. However, too seldom are those whom the data are from--the patients--involved in how their data should be used.

Barry, Stephen, 'Data Protection Guidance on the "Return to Work Safely Protocol"' (2020) 25(6) Health & Safety Review 25-26
Abstract: Analyses the implications of Data Protection Commission (DPC) guidance on employers' obligations as data controllers as they implement the Irish Government's Return to Work Safely Protocol following the COVID-19 pandemic. Examines the DPC's recommendations on: contact tracing logs; return to work forms; temperature testing; and the legal basis for data processing.

Becker, Regina et al, 'COVID-19 Research: Navigating the European General Data Protection Regulation' (SSRN Scholarly Paper No ID 3593579, 5 May 2020)
Abstract: Researchers must collaborate globally in order to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires 1) a legal basis for the processing, 2) an additional justification for the processing of sensitive data and 3) a basis for any transfer outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if these measures are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to determination by individual Member States, who have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork displaying insufficient clarity and impeding joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws, which consider the related practical challenges and support collaborative global research in the public interest.

Bennett Moses, Lyria et al, 'COVIDSafe App - Submission to the Parliamentary Joint Committee on Human Rights' (SSRN Scholarly Paper No ID 3595109, 7 May 2020)
Abstract: This submission to the Parliamentary Joint Committee on Human Rights sets out how the Australian government's scheme around the COVIDSafe app can better align with the human right to privacy. We recognise the app pursues a legitimate objective and that the Biosecurity (Human Biosecurity Emergency) (Human Coronavirus with Pandemic Potential) (Emergency Requirements--Public Health Contact Information) Determination 2020 (Cth) and exposure draft of Privacy Amendment (Public Health Contact Information) Bill 2020 provide important protections. Nevertheless, we make a series of recommendations that would improve the transparency of the scheme and better protect the privacy of those downloading and using the app.

Berman, Emily, Leah Fowler and Jessica L Roberts, 'COVID-19 Surveillance' (SSRN Scholarly Paper No ID 3666300, 3 August 2020)
Abstract: Any successful pandemic response involves tracking the spread of disease. In this regard, contact tracing is nothing new. What differentiates COVID-19 surveillance is its unprecedented use of technology. The potential for continuous and near-universal digital contact tracing has raised concerns about privacy and civil liberties more readily associated with national security surveillance, chilling the uptake of disease-tracking technologies in the United States. Yet public health surveillance and national security surveillance are two distinct paradigms with different values and governing norms. Ideally, public health surveillance is cooperative, minimizes data collection, and limits subsequent use. National security surveillance, by contrast, operates coercively, maximizes data collection, and imposes relatively few limits on the use of lawfully collected data. At first blush, digital contact tracing resembles national security surveillance because both depend heavily on technology. Yet despite these superficial similarities, COVID-19 surveillance is a public health initiative. This Article asks the important and novel question: Can we use technological tools similar to those found in national security surveillance while cultivating the trust necessary for successful public health surveillance? We respond with a cautiously optimistic yes and offer our recommendations.

Bigg, Carolyn et al, 'Facial Recognition Technology: Supporting a Sustainable Lockdown Exit Strategy?' [2020] (June) Computers and Law 23-32
Abstract: Considers the key aspects of data protection law concerning the adoption of facial recognition technology (FRT) as part of measures to help businesses restart following the COVID-19 pandemic lockdown, focusing in particular on examples in Ireland, Denmark and China. Discusses the more established use cases for FRT and the key considerations on whether its use is lawful.

Birnhack, Michael, 'Who Controls COVID-Related Medical Data? Copyright and Personal Data' (2021) International Review of Intellectual Property and Competition Law (forthcoming)
Abstract: Who controls big medical data of relating to COVID-19 vaccines? The January 2021 Real-World Epidemiological Evidence Collaboration Agreement between Pfizer and the Israeli Ministry of Health highlights the interrelationship between two modes of protecting data: data protection law and copyright law. The former provides legal protection to data subjects and limits the data controller, but generally speaking, allows the data to be processed for the benefit of public health; the latter awards the databases' controller with rights regarding the dataset, a control which may hinder others' access to highly important data. This editorial unpacks this relationship. Under the Agreement, the Ministry shares 'aggregate project data' with Pfizer, meaning 'any de-identified data.' 'Project data' are owned by the MoH or Israeli Health Maintenance Organizations. The data are about millions of people from a variety of sources and are used as they are collected. Combining copyright law and the obligations imposed by data protection law, pushes the parties to protect data under both copyright law and additional layers of protection, such as trade secret law. This result means that other parties may have access to outcomes but not to raw data. To facilitate broad access to crucial data during a global health crisis, we need to address both bodies of law in an integrated manner.

Blasimme, Alessandro and Effy Vayena, 'What's next for COVID-19 Apps? Governance and Oversight' (2020) 370(6518) Science 760-762
Abstract: Many governments have seen digital health technologies as a promising tool to address coronavirus disease 2019 (COVID-19), particularly digital contact tracing (DCT) apps such as Bluetooth-based exposure notification apps that trace proximity to other devices ( 1 ) and GPS-based apps that collect geolocation data. But deploying these systems is fraught with challenges, and most national DCT apps have not yet had the expected rate of uptake. This can be attributed to a number of uncertainties regarding general awareness of DCT apps, privacy risks, and the actual effectiveness of DCT, as well as public attitudes toward a potentially pervasive form of digital surveillance. DCT thus appears to face a typical social control dilemma. On one hand, pending widespread uptake, assessing DCT effectiveness is extremely difficult; on the other hand, until DCT effectiveness is proven, its widespread use at a population scale is hard to justify. Recognizing that technological uptake is an open-ended process reliant upon social learning and the piecemeal creation of public trust, we suggest that policy-makers set up mechanisms to test effectiveness, oversee the use of DCT apps, monitor public attitudes, and adapt technological design to socially perceived risks and expectations.

Bloomberg, Scott, 'The Development and Future of Privacy Law in Maine' (SSRN Scholarly Paper No ID 3647386, 9 July 2020)
Abstract: In the United States, privacy law has traditionally developed in concert with intrusions created by newfangled technologies. This pattern has held true in Maine. Beginning in the late 1960s, the state has experienced three eras of privacy reform that track the technological advances of the mid-century, the internet era, and the new era of social media and big data. This Article details these three eras of reform and advances several proposals for responding to the challenges posed by the era that we are living through today. Indeed, at the beginning of the 2020s, there is much work on the horizon to ensure that Maine's privacy laws keep up with new technological and social developments. The coronavirus pandemic looms large over all facets of society and privacy law is no exception. The pandemic had made us even more reliant on online services that collect, use, and share previously unfathomable quantities of data, leaving residents' personal information vulnerable to misuse. Increased attention to racial injustice and over-policing in the wake of George Floyd's tragic murder have likewise highlighted privacy issues with which Maine must continue to grapple. Finally, Northeastern University recently opened the Roux Institute in Portland, offering various graduate-level degrees pertaining to the practical application of artificial intelligence and machine learning in the digital and life sciences. This development offers exciting educational and economic opportunities for the state, but also indicates that regulating AI and machine-learning technologies will be important to preserving Mainers' privacy rights in the near future. All of these recent challenges, moreover, have emerged against the backdrop of the existing privacy threats posed by social media, big data, mass surveillance, and more. This Article is thus well-timed to inform those who will be tasked with shaping Maine privacy law in the coming years and decades. In Part I of the Article, I detail the three eras of reform highlighted above. In Part II, I propose that Maine enact a general consumer privacy law endowing Mainers with certain rights to their personal information, vesting consumer privacy rulemaking authority in a state agency, regulating automated decision-making technologies, and more. After proposing the general consumer privacy law, I identify four privacy threats that warrant additional attention from the legislature: facial recognition technology; biometric information; smart-home devices; and data brokers. Part III briefly concludes the Article.

Boeing, Philipp and Yihan Wang, 'Decoding China's COVID-19 "Virus Exceptionalism": Community-Based Digital Contact Tracing in Wuhan' (ZEW - Centre for European Economic Research Discussion Paper No 21-028, 1 March 2021)
Abstract: During the COVID-19 pandemic, comprehensive, accurate, and timely digital contact tracing serves as a decisive measure in curbing viral transmission. Such a strategy integrates corporate innovation, government decision-making, citizen participation, and community coordination with big data analytics. This article explores how key stakeholders in an open innovation ecosystem interact within the digital context to overcome challenges to public health and socio-economic welfare imposed by the pandemic. To enhance the digital contact tracing effectiveness, communities are deployed to moderate the interactions between government, enterprises and citizens. As an example, we study the community-based digital contact tracing in Wuhan, a representative case of China's 'virus exceptionalism' in COVID-19 mitigation. We discuss the effectiveness of this strategy and raise critical ethical concerns regarding decision-making in R&D management.

Booher, Kimberly Dempsey and Martin Robins, 'American Privacy Law at the Dawn of a New Decade (and the CCPA and COVID-19): Overview and Practitioner Critique' (SSRN Scholarly Paper No ID 3658495, 22 July 2020)
Abstract: This article has been prepared by experienced practitioners in the privacy area, who are interested in not only the 'how' of privacy law, but also the 'why', namely whether existing authority serves a valid social purpose and whether it does so efficiently relative to the cost that it imposes. The article was prompted by the effectiveness of the California Consumer Privacy Act. It also includes substantial discussion of the major privacy considerations associated with actual and potential responses to the COVID-19 situation, and how such considerations must be weighed against the public health considerations. The discussion encompasses all aspects of US privacy law from breach notice obligations to limitations on tracking internet use of children and the CCPA and similar law and informal guidance. It touches upon the EU's GDPR.Two of the unique attributes of the piece are the presentation of various informal sources of authority such as Federal Trade Commission consent orders and handbooks and the extensive granular author critique from both a theoretical and practical point of view of the various authorities, as well as a separate discussion of the optimal manner for policy-makers to give effect to privacy considerations in connection with mandated COVID-19 responses.

Botero Arcila, Beatriz, 'A Human Centric Framework to Evaluate the Risks Raised by Contact-Tracing Applications' (ICT4Peace, 22 April 2020)
Abstract: Digital technologies and data-gathering and analytics are gaining prominence in the strategies adopted by governments all over the world as they address many of the challenges associated with the COVID-19 pandemic. Contact-tracing applications, in particular, promise to help contain the spread of the virus and allow societies to slowly relax social distancing measures. However, digital solutions pose a variety of risks to the security of individuals, and the enjoyment of human rights. This document proposes a framework to analyze how technical design and governance interplay in contact-tracing applications and how this interplay balances the safety needs of individuals and society at large. The document focuses on the two most prominent models at the time of writing, the Google-Apple protocol, announced on April 10, 2020, and the Decentralized PrivacyPreserving Proximity Tracing protocol (DP3T), proposed by a group of technologists, legal experts, engineers and epidemiologists. It also considers the EU toolbox for the use of mobile applications for contact tracing. This document evaluates the two above mentioned protocols, and what is known about their governance and design at the time of writing. The document should be useful for policy-makers and members of civil society currently looking to evaluate these two different contact-tracing applications as a means to ease the lockdown imposed on most of the world to flatten the curve of infection of COVID-19. Similarly, understanding on how the enjoyment of a variety of human rights interacts vis-a-vis the voluntary adoption of these applications, should offer guidance for policymakers, civil society and developers to decide whether to promote these options, and how these applications should be deployed, and when they should be dismantled.

Bradford, Laura, Mateo Aboy and Kathleen Liddell, 'COVID-19 Contact Tracing Apps: A Stress Test for Privacy, the GDPR, and Data Protection Regimes' (2020) 7(1) Journal of Law and the Biosciences Article lsaa034
Abstract: Digital surveillance has played a key role in containing the COVID-19 outbreak in China, Singapore, Israel, and South Korea. Google and Apple recently announced the intention to build interfaces to allow Bluetooth contact tracking using Android and iPhone devices. In this article, we look at the compatibility of the proposed Apple/Google Bluetooth exposure notification system with Western privacy and data protection regimes and principles, including the General Data Protection Regulation (GDPR). Somewhat counter-intuitively, the GDPR's expansive scope is not a hindrance, but rather an advantage in conditions of uncertainty such as a pandemic. Its principle-based approach offers a functional blueprint for system design that is compatible with fundamental rights. By contrast, narrower, sector-specific rules such as the US Health Insurance Portability and Accountability Act (HIPAA), and even the new California Consumer Privacy Act (CCPA), leave gaps that may prove difficult to bridge in the middle of an emergency.

Brown, Elizabeth, 'Supercharged Sexism: The Triple Threat of Workplace Monitoring for Women' (SSRN Scholarly Paper No ID 3680861, 1 August 2020)
Abstract: As biometric monitoring becomes increasingly common in workplace wellness programs, there are three reasons to believe that women will suffer disproportionately from the data collection associated with it. First, many forms of biometric monitoring are subject to gender bias, among other potential biases, because of assumptions inherent in the design and algorithms interpreting the collected data. Second, the expansion of femtech in particular creates a gender-imbalanced data source that may feed into existing workplace biases against women unless more effective safeguards emerge. Finally, many femtech platforms encourage the kind of information sharing that may reduce women's reasonable expectations of privacy, especially with regard to fertility data, thus increasing the risk of health data privacy invasion. This triple threat to female workers may be offset somewhat by the benefits of health data collection at work and may be remedied at least in part by both legislative and non-legislative means. The current trend toward greater health data collection in the wake of COVID-19 should provoke a reexamination of how employers collect and analyze women's health data in order to reduce the impact of these new gender bias drivers.

Budd, Jobie et al, 'Digital Technologies in the Public-Health Response to COVID-19' (2020) 26(8) Nature Medicine 1183-1192
Abstract: Digital technologies are being harnessed to support the public-health response to COVID-19 worldwide, including population surveillance, case identification, contact tracing and evaluation of interventions on the basis of mobility data and communication with the public. These rapid responses leverage billions of mobile phones, large online datasets, connected devices, relatively low-cost computing resources and advances in machine learning and natural language processing. This Review aims to capture the breadth of digital innovations for the public-health response to COVID-19 worldwide and their limitations, and barriers to their implementation, including legal, ethical and privacy barriers, as well as organizational and workforce barriers. The future of public health is likely to become increasingly digital, and we review the need for the alignment of international strategies for the regulation, evaluation and use of digital technologies to strengthen pandemic management, and future preparedness for COVID-19 and other infectious diseases.

Cahane, Amir, 'Israel's SIGINT Oversight Ecosystem: COVID-19 Secret Service Location Tracking as a Test Case' (SSRN Scholarly Paper No ID 3748401, 30 November 2020)
Abstract: By mid March 2020, Israel had experienced the first wave of the COVID-19 pandemic. Within a fortnight confirmed coronavirus cases surged from half a dozen to 178 cases. The government responded to the challenge of identifying potential carriers by tasking the Israeli Security Agency (the ISA, or Shin Bet) with cellphone location tracking of the routes of confirmed coronavirus patients and the identifications of individuals with whom they had been in close contact. Israel's ISA communications metadata collection measures have been shrouded in veil of secrecy. The debate - in parliament and in court - regarding the use of the country's secret service counterterrorism mass surveillance measures to contain the spread of the pandemic, is a rare opportunity to assess whether the institutional oversight mechanisms on SIGINT collection activities are sufficient and effective. The paper will (1) describe the existing SIGINT oversight regime in Israel; (2) describe its response to COVID-19 location tracking in Israel; and, (3) in light of existing literature, will provide an analysis of that response.

Calvo, Rafael A, Sebastian Deterding and Richard M Ryan, 'Health Surveillance during Covid-19 Pandemic' (2020) 369 BMJ (advance article, published 6 April 2020)
Abstract: US government and state agencies are talking to companies such as Google, Facebook, and controversial startup Clearview AI about using location data mining or facial recognition to trace infected people and to monitor and enforce isolation. Around the globe, governments are rapidly following in implementing digital contact tracing of people with covid-19.

Calzada, Igor, 'Europe Needs a Revolution in the Administration' (SSRN Scholarly Paper No ID 3619407, 4 June 2020)
Abstract: In the current global digital realm, localised privacy policies that protect the data and digital rights of citizens will inevitably emerge as timely in the aftermath of the social disruption caused by Covid-19. The European Union's General Data Protection Regulation (GDPR) provides a thorough framework for organisations to adhere to, with hefty fines that can run into hundreds of thousands of euros for those who do not comply with the rules.

Castets-Renard, Celine and Eleonore Fournier-Tombs, 'COVID-19 and Accountable Artificial Intelligence in a Global Context' in Colleen M Flood et al (eds), Vulnerable: The Law, Policy and Ethics of COVID-19 (University of Ottawa Press, 2020) 571
Abstract: This chapter identifies two of the key elements in accountable artificial intelligence infrastructure globally--ethical modelling and responsible data. The chapter takes a global perspective and highlights issues of particular relevance to countries that were already in humanitarian crises, such as food insecurity and conflict, explaining how these play into the way that epidemiological models should be constructed. Furthermore, it examines vulnerability from the perspective of aid recipients and migrants, to evoke the type of guidelines and laws that should be taken into account for data protection and privacy.

Chaplin, David, 'Covid-19: Stress Testing Data and Justice' [2020] (June) Computers and Law 3
Abstract: Discusses the debate surrounding the data protection risks arising from the use of centralised COVID-19 contact tracing applications software, particularly where these may start to include facial recognition.

Charbonneau, Etienne and Carey Doberstein, 'An Empirical Assessment of the Intrusiveness and Reasonableness of Emerging Work Surveillance Technologies in the Public Sector' (2020) 80(5) Public Administration Review 780-791
Abstract:As public sector work environments continue to embrace the digital governance revolution, questions of work surveillance practices and its relationship to performance management continue to evolve, but even more dramatically in the contemporary period of many public servants being forced to shift to remote work from home in response to the COVID-19 pandemic. This article presents the results of three surveys, two of them population-based survey experiments, all conducted during the onset of the COVID-19 pandemic in Canada that compare public servant (n = 346) and citizen (n = 1,008 phone; n = 2,001 web) attitudes to various cutting-edge--though no doubt controversial among some--digital surveillance tools that can be used in the public sector to monitor employee work patterns, often targeted toward remote working conditions. The findings represent data that can help governments and public service associations navigate difficult questions of reasonable privacy intrusions in an increasing digitally connected workforce. Evidence for Practice New work surveillance technologies are available to use within the public sector and will present acceptability challenges to public managers as they contemplate the introduction of these technologies. Multimodal survey data from Canada reveals that public servants and citizens find these emerging work surveillance technologies to be quite intrusive and unreasonable but show relatively more tolerance for digital surveillance over physical surveillance practices. Understanding surveillance anxieties among targeted employees will be key to finding a balance between employee privacy rights and employer desires to manage employees in a remote or digital environment.

Chawla, Ajay, 'Coronavirus (COVID-19): "Zoom" Application Boon or Bane' (SSRN Scholarly Paper No ID 3606716, 20 May 2020)
Abstract: Advances in communication technologies offer new opportunities for the conduct of qualitative research. Among these, Zoom--an innovative videoconferencing platform--has a number of unique features that enhance its potential appeal to qualitative and mixed-methods researchers. Zoom has become nearly synonymous with office meetings and socializing as people around the world have adapted to life at home amid the coronavirus outbreak. That has put the roughly 9-year-old company in the spotlight more than ever before - for both the good and the bad, as an onslaught of security issues have come to light.As the coronavirus pandemic forced millions of people to stay home over the past month, Zoom suddenly became the video meeting service of choice: Daily meeting participants on the platform surged from 10 million in December to 200 million in March.Many Cybersecurity research companies research says that it found security flaws in videoconferencing platform Zoom that would have allowed a potential hacker to join a video meeting uninvited and listen in, potentially accessing any files or information shared during the meeting. While Zoom has addressed the issue, the report raises deeper concerns about the safety of videoconferencing apps that require access to microphones and cameras.

Churches, Genna and Monika Zalnieriute, 'The Instrumentality of Metadata Access Regime For Suppressing Political Protests In Australia' (UNSW Law Research Paper No 20-50, 2020)
Abstract: Australians, just like many other people around the world, are taking to the streets to oppose racial and environmental injustice, despite the COVID-19 risk of mass gatherings. Australian politicians have expressed strong disdain, and even threats, at protesters. Government's desire to silence critics is not new, however today's tracking technologies and Australia's lax federal metadata laws give the government unprecedented tools to take action against protesters. Accessing metadata requires no warrant or reporting and enables government to draw links and amass schemes of connections between people who were organising, attending, intending or speaking at the protests. These tools, coupled with new COVID-19 powers to surveil citizens, have seriously impaired the right to protest anonymously in Australia. In this post we are not disputing the need for restrictions on mass gatherings or social distancing -- to the opposite, we think they are crucial to stop the spread of virus. Instead, we are exposing the instrumentality of metadata, including location data, for the government to clamp down on peaceful protests. We propose one small step towards securing the right t protest anonymously during a time when Australians need it most: reforming the laws so that our metadata can only be accessed with a judicial warrant and further protected with detailed public reporting requirements.

Cohen, I Glenn, Lawrence O Gostin and Daniel J Weitzner, 'Digital Smartphone Tracking for COVID-19: Public Health and Civil Liberties in Tension' (2020) 323(23) Journal of the American Medical Association (JAMA) 2371-2372
Abstract: This Viewpoint compares manual and digital strategies for coronavirus disease 2019 (COVID-19) contact tracing, describes how countries in Asia and Europe have used smartphone tracking, and discusses privacy and discrimination concerns and strategies for balancing public health and civil liberties in the

Comande, Giovanni, Denise Amram and Gianclaudio Malgieri, 'The Democracy of Emergency at the Time of the Coronavirus: The Virtues of Privacy' (2020) 1(1) Opinio Juris in Comparatione 1-7
Abstract: The emergency of the Coronavirus imposes a cultural debate on the balancing of rights, freedoms and social responsibilities, finalized to the protection of individual and collective health. So much and rightly has been written in these days about strategic errors of the past, and authoritarian and social control risks exploiting the fear of contagion to further compress individual freedoms. A lot has been said about the futility of privacy as well.But is there a democratic way that respects fundamental rights in an emergency? Is there a model that can turn respect for democratic freedoms into a tool for effective common struggle in an emergency?

Daskal, Jennifer, 'Good Health and Good Privacy Go Hand-in-Hand' (2020) 11(1) Journal of National Security Law & Policy 131-156
Abstract: Without a vaccine, writes Jennifer Daskal, the United States and other countries are struggling with different tools to stem COVID-19. A critically important one is health surveillance. Previous crises, such as 9/11, also led to restrictions--but often secret--on civil liberties. A pandemic's surveillance response has a different goal: to educate and inform. Health surveillance provides officials and the public with valuable information on rising hotspots, when to test after exposure, and monitoring compliance with quarantine orders. Daskal adds to this topical debate by outlining various types of surveillance schemes and associated technology--public or private, universal or targeted, mandated or consent-based--as well as the U.S. legal and policy considerations that each system will face. Professor Daskal argues that, despite the challenges, good health and good privacy can and should go hand in hand.

Du, Li, Vera Lucia Raposo and Meng Wang, 'COVID-19 Contact Tracing Apps: A Technologic Tower of Babel and the Gap for International Pandemic Control' (2020) 8(11) JMIR mHealth and uHealth e23194
Abstract: As the world struggles with the new COVID-19 pandemic, contact tracing apps of various types have been adopted in many jurisdictions for combating the spread of the SARS-CoV-2 virus. However, even if they are successful in containing the virus within national borders, these apps are becoming ineffective as international travel is gradually resumed. The problem rests in the plurality of apps and their inability to operate in a synchronized manner, as well as the absence of an international entity with the power to coordinate and analyze the information collected by the disparate apps. The risk of creating a useless Tower of Babel of COVID-19 contact tracing apps is very real, endangering global health. This paper analyzes legal barriers for realizing the interoperability of contact tracing apps and emphasizes the need for developing coordinated solutions to promote safe international travel and global pandemic control.

Dubov, Alex and Steven Shoptaw, 'The Value and Ethics of Using Technology to Contain the COVID-19 Epidemic' (2020) 20(7) The American Journal of Bioethics W7-W11
Abstract: As the world grapples with COVID-19, experts are calling for better identification and isolation of new cases. In this paper, we argue that these tasks can be scaled up with the use of technology. Digital contact tracing can accelerate identifying newly diagnosed patients, instantly informing past contacts about their risk of infection, and supporting social distancing efforts. Geolocation data can be used to enforce quarantine measures. Social media data can be used to predict outbreak clusters and trace the spread of misinformation online. These technology tools have played a role in turning the tide of the epidemic and easing lockdown measures in China, South Korea, and Singapore. There is a growing interest in the US in digital contact-tracing tools that may help rein in contagion and relax lockdown measures. This paper provides an overview of the ways in which technology can support non-pharmaceutical interventions during the COVID-19 epidemic and outlines the ethical challenges associated with these approaches.

'EDPB Adopts Statements on Schrems, PSD2 and Responds to MEP on Contact Tracing' [2020] (August) Computers and Law 37-38
Abstract: Summarises the outcomes of the European Data Protection Board (EDPB)'s 34th plenary session during which it adopted: a statement on Schrems v Facebook Ireland Ltd (C-498/16) (ECJ); guidelines on the relationship between Directive 2007/64 (PSD2) and Regulation 2016/679 (GDPR); and a letter in response to MEP Duris Nicholsonova's questions on contact tracing, interoperability of applications software and data protection impact assessments.

'EDPB: '"Even in These Exceptional Times, the Protection of Personal Data Must Be Upheld in All Emergency Measures"' [2020] (August) Computers and Law 7-8
Abstract: Highlights a statement by the European Data Protection Board (EDPB) clarifying the interpretation of data subjects' rights under Regulation 2016/679 art.23 in relation to the emergency situation surrounding COVID-19 in response to concerns raised following the Hungarian Government's Decree 179/2020 of 4 May 2020, which suspended Regulation 2016/679 (GDPR) in relation to dealing with the pandemic.

Eliot, Lance, 'Contact Tracing Apps: The Latest Efforts in the US' [2020] (June) Computers and Law 53-57
Abstract: Examines the approach of US state and federal governments to addressing problems associated with COVID-19-related digital contact tracing applications software. Outlines the precepts underlying the Exposure Notification Privacy Act released by the US Congress. Discusses the unanswered concerns that remain regarding the governance of such applications and the risks associated with the use of contact tracers.

Etteldorf, Christina, 'EU Member State Data Protection Authorities Deal with Covid-19: An Overview' (2020) 6(2) European Data Protection Law Review 265-280
Extract from Introduction: Governments, health ministries and medical research institutes are looking for technical solutions to track the spread of the virus and thus contain it. However, this also raises questions about the compatibility of these measures with (European) data protection law.

Falletti, Elena, 'Privacy Protection, Big Data Gathering and Public Health Issues: COVID-19 Tracking App Use in Italy' (SSRN Scholarly Paper ID 3758800, 2 January 2021)
Abstract: The COVID-19 global outbreak showed that big data gathering is an issue of international and national public health. According to comparative experience carried out especially in Taiwan, Hong Kong and South Korea contagion containment action should take place through the coordinated use of tests and tracking of infected contacts. From the end of March 2020, the Italian authorities started to prepare preparations for non-pharmaceutical interventions in order to be able to reactivate economic life and prevent the spread of COVID-19 in the country.From this perspective, the massive collection of personal data related to COVID-19 could present a possible opportunity for the elaboration of predictive models, especially after an open discussion involving experts and public opinion about the effectiveness of the enforcement of AI models. The main challenge here was to persuade people to download and use the app, showing trust in public policies and strategies planned by the Italian Government against the COVID-19 outbreak.In order to collect massive personal data according to the relevant constitutional and legal provisions, the Italian Government promoted a Law-decree No. 28/2020 regarding urgent measures for the introduction of a national COVID-19 alert system. It was called 'Immuni'. This regulation disciplines the collection and management of big data through a black box. Regarding privacy protection, this law establishes some guarantees for users, and for this purpose any person, on a voluntary basis, can download a special software application, respecting the transparency principle and providing the proper information regarding the legal framework of this data collection.According to the Italian government, privacy protection, individual consent, and local data management were considered preferable to mandatory traceability and centralised management of the same data. However, first empirical analysis underlined that Italian people did not seem confident in the Immuni app since only 10 million people (over 60 million people of Italian population) downloaded it. Some questions about its public dissemination among citizens could emerge.

Fazlioglu, Muge, 'Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing' (International Association of Privacy Professionals, iapp Report, May 2020) 1-38
Abstract: Introduction: Considering the rapid and massive changes underway, the IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. It also looks at the unique economic impact of the crisis on the privacy profession. A total of 933 respondents completed the survey, and responses were collected between April 8 and 20.

Fazlioglu, Muge, 'Privacy Risks to Individuals in the Wake of COVID-19' (International Association of Privacy Professionals, iapp White Paper, June 2020) 1-38
Abstract: Introduction: Considering the rapid and massive changes underway, the IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. It also looks at the unique economic impact of the crisis on the privacy profession. A total of 933 respondents completed the survey, and responses were collected between April 8 and 20.

Findlay, Mark and Nydia Remolina, 'Regulating Personal Data Usage in COVID-19 Control Conditions' (SMU Centre for AI & Data Governance Research Paper No 2020/04, 22 May 2020)

Abstract: As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology can be shown to be fit for purpose), the paper argues that this technological infrastructure for surveillance can have serious ethical and regulatory implications in the medium and long term when reflected against human dignity, civil liberties, transparency, data aggregation, explainability and other governance fundamentals. The paper commences with the case for regulation recognising crisis exigencies, after which it reiterates personal data challenges, then surveys policy and regulatory options to equitably address these challenges.

Findlay, Mark et al, 'Ethics, AI, Mass Data and Pandemic Challenges: Responsible Data Use and Infrastructure Application for Surveillance and Pre-Emptive Tracing Post-Crisis' (Singapore Management University, SMU Centre for AI & Data Governance, Research Paper No 2020/02, May 2020)
Abstract: As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure application for surveillance has serious ethical and regulatory implications in the medium and long term in relation to individual dignity, civil liberties, transparency, data aggregation, explainability and other governance challenges. To conduct this analysis, the paper presents the Singapore and China case studies, and offers a comparative description based on the many more initiatives implemented worldwide in order to understand the purpose, goal and risk of these infrastructures. The analysis looks at data protection and citizen integrity and reflects on other surveillance methods outside the health context, such as initiatives implemented in the financial sector, where similar challenges have arisen.

Finnegan, Matthew, 'Zoom Hit by Investor Lawsuit as Security, Privacy Concerns Mount.' [2020] Computerworld (Online Only) 4
Abstract: The article discusses video conferencing app Zoom. Topics include the challenges facing Zoom continue to mount, as the company now faces an investor lawsuit and more organizations ban the use of the video meeting app due to privacy and security concerns; company also upped efforts to improve its security and privacy practices by hiring Facebook's former CSO as a consultant; and Zoom seen a surge in use as self isolation in response to the pandemic ramps up the demand for video software.

Franks, Mary Anne, 'Protecting Privacy and Security in Online Instruction: A Guide for Students and Faculty' (SSRN Scholarly Paper No ID 3668553, 6 April 2020)
Abstract: COVID-19 forced educational institutions all over the globe to shift abruptly to online instruction. Online instruction presents many challenges to both faculty and students accustomed to in-person learning. Among those challenges are serious equity concerns, including wide variation among students and faculty in terms of technological literacy, access to reliable Internet service and related 'digital divide' issues, time zones, caretaking responsibilities, and personal situations that may make remote learning difficult or impossible (e.g. unsafe home conditions). Another serious category of concern are privacy and security issues, which are the subject of this memo. The privacy and security issues raised by this memo are not exhaustive. This memo is only a preliminary and necessarily incomplete set of concerns and recommendations.

Fulford, Nicola and Hannah Jackson, 'Returning to Work: COVID-19 and the Data Protection Perspective' (2020) 109(May) Privacy Laws & Business United Kingdom Newsletter 1-5
Abstract: Examines what procedures employers should follow after the coronavirus ban is lifted and employees return to the workplace, to provide a safe working environment while protecting employees' personal data and privacy.

Galloway, Kate, 'The COVID Cyborg: Protecting Data Status' (2020) 45(3) Alternative Law Journal 162-167
Abstract: This article examines the increasing tendency towards governance of people through their representation via data. In its most contemporary iteration, the COVID-19 pandemic has seen the release of contact tracing apps - in Australia, COVIDSafe. While public discourse about the apps has focused principally on the important issue of data privacy, there are other possible effects whereby participation in such schemes might become a prerequisite to accessing services or basic rights - either from government or from corporations. The pathway to acceptability of applying our data in this way is already paved, through fitness monitors and other technologies by which we represent ourselves. This article sets out the foundation of such technologies and their application, before outlining their effect on the recognised boundaries of governance and the conception of the holder of rights and the substance of those rights.

Gerke, Sara et al, 'Regulatory, Safety, and Privacy Concerns of Home Monitoring Technologies during COVID-19' (2020) 26(8) Nature Medicine 1176-1182
Abstract: There has been increasing interest in the use of home monitoring technologies during the COVID-19 pandemic to decrease interpersonal contacts and the resultant risks of exposure for people to the coronavirus SARS-CoV-2. This Perspective explores how the accelerated development of these technologies also raises major concerns pertaining to safety and privacy. We make recommendations for needed interventions to ensure safety and review best practices and US regulatory requirements for privacy and security. We discuss, among other topics, Emergency Use Authorizations for medical devices and privacy laws of the USA and Europe.

Gesley, Jenny, 'Regulating Electronic Means to Fight the Spread of COVID-19' (Law Library of Congress Legal Report, June 2020)
Abstract: Note: This page includes a comparative summary, and links to the full report and a COVID-19 Contact Tracing Apps world map. Extract from Introduction: This report surveys the regulation of electronic means to fight the spread of COVID-19 in 23 jurisdictions around the globe: Argentina, Australia, Brazil, China, England, France, Iceland, India, Iran, Israel, Italy, Japan, Mexico, Norway, Portugal, the Russian Federation, South Africa, South Korea, Spain, Taiwan, Turkey, the United Arab Emirates, and the European Union (EU).

Ghose, Anindya et al, 'Trading Privacy for the Greater Social Good: How Did America React During COVID-19?' (SSRN Scholarly Paper No ID 3624069, Social Science Research Network, 10 June 2020)
Abstract: Digital contact tracing and analysis of social distancing from smartphone location data are two prime examples of non-therapeutic interventions used in many countries to mitigate the impact of the COVID-19 pandemic. While many understand the importance of trading personal privacy for the public good, others have been alarmed at the potential for surveillance via measures enabled through location tracking on smartphones. In our research, we analyzed massive yet atomic individual-level location data containing over 22 billion records from ten 'Blue' (Democratic) and ten 'Red' (Republican) cities in the U.S., based on which we present, herein, some of the first evidence of how Americans responded to the increasing concerns that government authorities, the private sector, and public health experts might use individual-level location data to track the COVID-19 spread. First, we found a significant decreasing trend of mobile-app location-sharing opt out. Whereas areas with more Democrats were more privacy-concerned than areas with more Republicans before the advent of the COVID-19 pandemic, there was a significant decrease in the overall opt-out rates after COVID-19, and this effect was more salient among Democratic than Republican cities. Second, people who practiced social distancing (i.e., those who traveled less and interacted with fewer close contacts during the pandemic) were also less likely to opt out, whereas the converse was true for people who practiced less social-distancing. This relationship also was more salient among Democratic than Republican cities. Third, high-income populations and males, compared with low-income populations and females, were more privacy-conscientious and more likely to opt out of location tracking. Overall, our findings demonstrate that during COVID-19, people in both Blue and Red cities generally reacted in a consistent manner in trading their personal privacy for the greater social good but diverged in the extent of that trade-off along the lines of political affiliation, social-distancing compliance, and demographics.

Ghose, Anindya and D Daniel Sokol, 'Unlocking Platform Technology to Combat Health Pandemics' Yale Journal on Regulation, 2020 (Online 18 March 2020)
Abstract: Effective use of data from digital platforms and related technological ecosystems could be key to mitigating the spread of the COVID-19 pandemic. Data from smartphones, GPS, and wearable fitness trackers can combine with sophisticated algorithms to trace networks of contact with COVID-19 patients. This practice has already been used to successfully slow the spread of the pandemic in Korea and Taiwan warrants immediate, broader consideration. Regarding consumer concerns about data privacy, given the unusual and dire circumstances, government authorities need a set of consent exceptions that allows non-health data to be harnessed for the public health. A swift, thoughtful collaboration between the technology sector and the government could result in regulatory policy changes that have proven potential to save lives.

Goldenfein, Jake, Ben Green and Salome Viljoen, 'Privacy Versus Health Is a False Trade-Off' Jacobin 17 April 2020
Abstract: As tech firms team up with governments to fight the coronavirus pandemic, we're being asked to accept a trade-off between our digital privacy and our health. It's a false choice: we can achieve the public health benefits of data without accepting abusive and illicit surveillance.

Goodyear, Michael, 'The Dark Side of Videoconferencing: The Privacy Tribulations of Zoom and the Fragmented State of U.S. Data Privacy Law' (2020) 10(3) Houston Law Review 76-89
Abstract: COVID-19 has forced the world to increasingly rely on online services to continue daily life. Chief among these, for school, business, and fun, are videoconferencing services. Zoom has led the way, being used by millions, yet it has come to light that Zoom's data privacy practices are far from ideal. The tracking of users and the sale of personal data has enormous consequences for users' data privacy. Yet U.S. law provides poor protections for such risky behavior. U.S. data privacy law is fragmented on both the federal and state level, with federal law focusing on industry-specific protections and states each going their own ways. While this splintered framework does provide some protection for Americans against poor data privacy practices by Zoom and others, it is an unequal framework that provides different protections to different groups of Americans. Instead, Zoom's privacy tribulations should be a call for Congress to follow the precedent of Europe and enact comprehensive data privacy legislation to equally protect Americans at the federal level from the improper use and sale of consumers' data privacy.

'Government and DPC Guidance on Covid-19 Data' (2020) 25(6) Health & Safety Review 2-3
Abstract: Highlights guidance for businesses by both the Irish Department of Business, Enterprise and Innovation and the Data Protection Commission (DPC) on the Irish Government's Return to Work Safely protocol and COVID-19-related data protection. Includes a table summarising the legal basis for data processing under Regulation 2016/679 (GDPR) regs 6 and 9.

Greenleaf, Graham and Katharine Kemp, 'Australia's "COVIDSafe App": An Experiment in Surveillance, Trust and Law' (University of New South Wales Law Research Series No 999, 30 April 2020)
Abstract: The joint Australian governments' coronavirus contact tracing app, marketed as 'COVIDSafe', was released on 26 April 2020 for public download by the federal government, together with an emergency Determination under the Biosecurity Act to govern its operation, a Privacy Impact Assessment (PIA) with the Health Department's response to that PIA, and (not least) the App itself and its privacy policy. It is a package intended to create sufficient public confidence to result in downloads of the app by a sufficient percentage of the Australian mobile-phone-owning population, for it to have a significant effect on the tracing of persons infected with the COVID19 virus. In the first few days since its launch nearly 3 million Australian's have downloaded the app.When Parliament resumes, probably on May 12, it is expected that the government will introduce legislation to replace the non-disallowable Determination. This article analyses the steps that Australian governments need to take if public trust is to be justified, and aims to make a constructive contribution to the development of better legislation and greater transparency.We conclude that the conditions necessary to justify sufficient public trust in government for the Australian public to opt in voluntarily to the installation and use of the COVIDSafe app, and to not opt out, are lacking. Many of the main deficiencies we identify in this article are remediable: five deficiencies in transparency; and nine categories of improvements to the current Determination by the proposed COVIDSafe Act. However, the question of whether an individual Australian would be well advised to install and run the app remains a decision which depends on individual circumstances. Note: The Act referred to above, the Privacy Amendment (Public Health Contact Information) Act 2020 (Cth) ('the COVIDSafe Act') was assented to on 15 May 2020. The authors' analysis of that Act is G. Greenleaf & K. Kemp 'Australia's COVIDSafe experiment, Phase III: Legislation for trust in contact tracing' at https://ssrn.com/abstract=3601730.

Greenleaf, Graham and Katharine Kemp, 'Australia's COVIDSafe Experiment, Phase III: Legislation for Trust in Contact Tracing' (University of New South Wales Law Research Series, 15 May 2020)
Abstract: The joint Australian governments' coronavirus contact tracing app, marketed as 'COVIDSafe', was released on 26 April 2020 for public download by the federal government, together with an emergency Determination under the Biosecurity Act to govern its operation. In a brief federal Parliamentary sitting from 12-14 May, the Parliament enacted the Privacy Amendment (Public Health Contact Information) Act 2020 (Cth) ('the COVIDSafe Act') on 14 May 2020.The COVIDSafe app is more toward the centralised than decentralised end of the spectrum in the design of such apps, but its use is voluntary, and the government claims that will continue to be the case.The Act aims to create sufficient public confidence in the privacy protections surrounding the COVIDSafe app to result in downloads and use by a sufficient percentage of the Australian mobile-phone-owning population, for it to have a significant effect on the tracing of persons infected with the COVID19 virus. In the first two and a half weeks since its launch over 5.5 million Australian's have downloaded the app, about 25% of those possible, and 20% of the population. Public trust must become more widespread, before success in uptake is likely to follow.Now that the Bill has been enacted, the purpose of this article is to provide a reasonably comprehensive explanation of the provisions of the COVIDSafe Act and important aspects of their Australian context. Significant deficiencies in both the extent of transparency around the introduction of the COVIDSafe app, and the privacy-protective provisions of the Act, are identified and improvements suggested. These extensive suggestions are made because debate over the app and the Act is not over, and opportunities to obtain improvements may arise, particularly through the operation of the two Parliamentary committees examining Australia's COVID-19 response, and the human rights implications of the Act.Many other countries are developing contact tracing apps. Australia's experiment is further advanced than most that are attempting to build a system based on voluntary uptake, protected by legislation. The results of its experiment will be of interest to many.

Grugorovych, Chystokletov Leontii et al, 'Human Rights Protection Conditions of Covid-19, Legal Principals and Administrative Barriers in Ukraine' (2020) 17(7) PalArch's Journal of Archaeology of Egypt / Egyptology 11198-11210

Guimaraes, Maria Raquel and Maria Regina Redinha, 'Through the Keyhole: Privacy in COVID-19 Times - A Portuguese Approach' in Ewoud et al Hondius (ed), Coronavirus and the Law in Europe (Intersentia, 2020)
Abstract: Time has shown that in periods of crisis the pressure on privacy and on personality rights in general has always increased. The coronavirus pandemic has not been an exception and several problems have emerged during this crisis. Compulsory confinement at home has led to the need for a new division of home 'territories' and devices, such as computers and televisions, with the ensuing compression of space, not only physical but also emotional and mental. The impact of these unique events on people's privacy has not yet been the object of a thorough study. In this paper, the authors intend to discuss some of the issues that confinement has given rise to from a privacy perspective, among family members and housemates, co-workers and employers.

Guinchard, Audrey, 'Our Digital Footprint under Covid-19: Should We Fear the UK Digital Contact Tracing App?' in Carla Ferstman and Andrew Fagan (eds), Covid-19, Law and Human Rights: Essex Dialogues (School of Law and Human Rights Centre, University of Essex, 2020) 269-276
Abstract: With the objective of controlling the spread of the coronavirus, the UK has decided to create and, since 5 May 2020, is live testing a digital contact tracing app, under the direction of NHS X, a branch of NHS Digital, and with the help of the private sector. Given the lack of details as to what the app will exactly do or not do, there are fears that the project will increase government surveillance beyond the pandemic. While I share these concerns, I argue that we need to simultaneously tackle one of the most significant, yet overlooked, contributors to the problem of government surveillance: our inflated digital footprint, stemming from our use of digital technology, and the basis of 'surveillance capitalism', a business model left largely unchallenged, which results in surveillance, and stems from the non-compliance with data protection laws. A systematic enforcement of the General Data Protection Regulation (GDPR) on the private sector would disrupt the current dynamics of surveillance which are hidden in plain sight.

Haganta, Raphael, 'Legal Protection of Personal Data as Privacy Rights of E-Commerce Consumers Amid the Covid-19 Pandemic' (2020) 4(2) Lex Scientia Law Review 77-90
Abstract: The use of e-commerce in the midst of the COVID-19 pandemic shows an increase. This is due to the publication of several regulations that limit everyone's activities outside the home, affecting conventional trading activities online by utilizing e-commerce. Although providing benefits during the pandemic, e-commerce has a vulnerability to personal data protection. Through this paper, the authors use normative legal research methods, intending to know the concept of personal data as a right of privacy and the construction of Indonesia's positive laws in legal protection of the personal data of e-commerce consumers.The use of e-commerce in the midst of the COVID-19 pandemic shows an increase. This is due to the publication of several regulations that limit everyone's activities outside the home, affecting conventional trading activities online by utilizing e-commerce. Although providing benefits during the pandemic, e-commerce has a vulnerability to personal data protection. Through this paper, the authors use normative legal research methods, intending to know the concept of personal data as a right of privacy and the construction of Indonesia's positive laws in legal protection of the personal data of e-commerce consumers.

Hardy, Jodi, 'COVID-19 Tracing and Personal Privacy' (2020) 20(4) Without Prejudice 52-53
Abstract: The National Department of Health has instituted a COVID-19 tracing database to help trace people who might have come into contact with a Person of Interest - one who has (or might have) contracted COVID-19. The move will affect all providers of electronic communication services.

Hassan, Md Tasnimul, 'Decoding Aarogya Setu: Data Protection and the Right to Privacy' (SSRN Scholarly Paper No ID 3671189, 29 July 2020)
Abstract: After the efficacy of tactics deployed by several countries to enable 'contact tracing' of individuals infected with the contagious corona virus (COVID-19), India came up with a mobile application called Aarogya Setu, which literally means 'bridge to health' in Sanskrit. The App was launched on April 2 this year, and was downloaded by more than five crore users within 13 days, albeit there are several similar applications developed and deployed by local authorities. Once you install the app, it uses the phone's Bluetooth or Wi-Fi and location data, to inform the users if they have been near a COVID-19 host, by scanning a server database owned by the government. However, without rapid testing and treatment facilities, such application, becomes a nuisance providing the threat of data breach or systematic surveillance. Thus, the app's method for tracking the infected has been under lens for being invasive and violating data privacy norms.

Hendl, Tereza, Ryoa Chung and Verina Wild, 'Pandemic Surveillance and Racialized Subpopulations: Mitigating Vulnerabilities in COVID-19 Apps' (2020) 17(4) Journal of Bioethical Inquiry 829-834
Abstract: Debates about effective responses to the COVID-19 pandemic have emphasized the paramount importance of digital tracing technology in suppressing the disease. So far, discussions about the ethics of this technology have focused on privacy concerns, efficacy, and uptake. However, important issues regarding power imbalances and vulnerability also warrant attention. As demonstrated in other forms of digital surveillance, vulnerable subpopulations pay a higher price for surveillance measures. There is reason to worry that some types of COVID-19 technology might lead to the employment of disproportionate profiling, policing, and criminalization of marginalized groups. It is, thus, of crucial importance to interrogate vulnerability in COVID-19 apps and ensure that the development, implementation, and data use of this surveillance technology avoids exacerbating vulnerability and the risk of harm to surveilled subpopulations, while maintaining the benefits of data collection across the whole population. This paper outlines the major challenges and a set of values that should be taken into account when implementing disease surveillance technology in the pandemic response.

Huang, Jie (Jeanne), 'COVID-19 and Applicable Law to Transnational Personal Data: Trends and Dynamics' (Sydney Law School Research Paper No 20/23, 2020)
Abstract: The recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveller was illegally released by Chinese media, the paper identifies that three trends have emerged at the each stage of conflict-of-laws analysis for lex causae: (1) the EU, the US, and China characterize the right to personal data differently, (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum, and (3) the EU and China strongly advocate de-Americanisation of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the forum law. Second, currently there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states' irreconcilable interests, but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organisations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

Huang, Jie (Jeanne), 'Preventing COVID-19 and Protecting Personal Information in China' (2020) 17(3) Privacy Law Bulletin 34-36
Abstract: The recent COVID-19 outbreak has pushed the tension of protecting personal information in a transnational context to an apex. Using a real case where the personal information of an international traveller is illegally released by Chinese media, the article analyses Chinese law for personal information protection in the context of the COVID-19 pandemic.

Huret, Gwendoline, 'Three Ways to Ensure What Links COVID-19 to New Regulations?: Privacy during a Pandemic' (2020) 36(4) IQ : The RIM Quarterly 16-20
Abstract: 2020 has been an interesting and challenging year, and in my conversations with executives in data management across global companies, two recurring concerns are commonly mentioned. The first is unsurprisingly the impact of Coronavirus on their company and their role.

'ICO Guidance for Employers on COVID-19 Workplace Testing' [2020] (June) Computers and Law 17-18
Abstract: Outlines Information Commissioner's Office (ICO) guidance for employers wanting to test their employees for COVID-19 or ask them for their test results, on how to ensure they are complying with Regulation 2016/679 (GDPR) and the Data Protection Act 2018.

Ienca, Marcello and Effy Vayena, 'On the Responsible Use of Digital Data to Tackle the COVID-19 Pandemic' (2020) 26(4) Nature Medicine 463-464
Abstract: Large-scale collection of data could help curb the COVID-19 pandemic, but it should not neglect privacy and public trust. Best practices should be identified to maintain responsible data-collection and data-processing standards at a global scale.

Jalabneh, Rawan et al, 'Use of Mobile Phone Apps for Contact Tracing to Control the COVID-19 Pandemic: A Literature Review' (SSRN Scholarly Paper No ID 3641961, 1 July 2020)
Abstract: Background: Contact tracing is a widely adopted surveillance system that is used to identify, evaluate, and handle people who have been exposed to novel infectious diseases. The mobile phone apps using a digital technological system, called 'proximity tracking,' is used as a surveillance system to control the COVID-19 pandemic.Objective: The aim of this review is to examine the use of mobile phone apps for contact tracing to control the COVID-19 pandemic worldwide.Method: A search of different electronic databases, such as PubMed, PubMed Central, Google Scholar, and Google, was carried out using search items 'mobile app,' 'tracing', and 'COVID-19'. The search was conducted between 18 to 31 May 2020.Findings: The search revealed that a total of 15 countries in the world developed and actively using 17 mobile apps for contact tracing to control the COVID-19 pandemic during the selected time frame. China and Malaysia were only using two apps. Out of 17 apps, three were protected by the country's data protection laws. The results indicate that the mobile apps were used to monitor self-isolated individuals, identify individuals not wearing masks, whether they had close contact with an infected person, provides exact time and place of the encounter, and possible risk of infection.Conclusion: Contact tracing is found to be an essential public health approach to fight the spread of COVID-19 pandemic and other novel infectious diseases. However, caution is warranted to generalize the usability of apps, especially in the LMICs, and to address the concerns regarding data anonymizing, data privacy and usage, and data rights.

Jalali, Mohammad, Adam Landman and William Gordon, 'Telemedicine, Privacy, and Information Security in the Age of COVID-19' (SSRN Scholarly Paper No ID 3646320, 8 July 2020)
Abstract: COVID-19 has highlighted the shortcomings of healthcare systems globally as countries struggle to meet the high demand for patient care. The spread of COVID-19 has resulted in unprecedented circumstances that necessitate a shift towards adopting infrastructure to enable care to be provided virtually. This shift is critical to minimize insufficiencies and maximize the quality of care in healthcare systems. While COVID-19 has dramatically accelerated the adoption of technology into care delivery, ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery.Telemedicine usage has substantially increased over the past decade (1), and many hospital systems have robust telemedicine programs. Yet traditional in-person visits remain the cornerstone of clinical care, despite the fact that a significant amount of these visits, including follow-ups, treatment for minor illnesses, and chronic disease management could be substituted by virtual communication. Telemedicine has previously been identified as particularly important during disasters, due to the inaccessibility of traditional care services. This is especially salient for the COVID-19 pandemic where in-person healthcare visits pose a high risk to exposure (2). Additionally, responses to COVID-19, specifically social isolation and the intensified burden on essential workers, are eliciting detrimental psychological effects on large populations, while simultaneously making mental health resources highly inaccessible (3). Overall, with the increased strain and demand on traditional medical resources, telemedicine has emerged as an essential component of clinical care delivery during the COVID-19 pandemic (4) with many healthcare organizations reporting substantial increases in telemedicine use during COVID-19. For example, NYU saw an increase in non-urgent care virtual visits from a pre-COVID-19 average of 95 daily to 4,209 post COVID-19 expansion (4,330% increase) (5).However, as we continue the shift to telemedicine, new issues unravel that need to be addressed, particularly in regard to technology infrastructure. In the US, the Department of Health and Human Services recently lifted many of the restrictions on communication apps, reducing barriers that previously prevented the use of telemedicine services for individuals. That being said, the substantial information security and privacy concerns surrounding telemedicine cannot be overlooked. For example, Zoom, currently one of the most popular video conferencing platforms, has had a 10-fold increase in usage over just a few months including increasing use in healthcare, leading to several important privacy considerations--outsiders joining video conferences, or inadequate encryption of communications (6), leading to the possibility of eavesdropping.State and federal agencies have warned of increased risk of cyberattacks towards healthcare and public health sector and organizations doing research on COVID-19 (7). Ransomware attacks--a type of cybersecurity threat that involves encrypting data and demanding payment in return for unencrypting the data--have continued unabated during the pandemic, with many targeting hospitals specifically. Recent ransomware attacks have included the Illinois Public Health District website and a medical testing facility in the UK (7). Successful cyberattacks negatively impact hospital operations, delay access to clinical services, and lead to significant economic loss (8, 9), all of which would be particularly devastating to organizations already under unprecedented economic and clinical strain during this pandemic.Therefore, while global healthcare systems should allocate significant resources towards improving telemedicine capabilities, improvements must ensure that the technology delivers care that is both safe and effective. Balancing the significant privacy and information security concerns with the enormous potential benefits of virtual care during this pandemic will remain a vital component to our continuously evolving response to COVID-19. Now more than ever, health care workers and organizations need to follow best practices to reduce cyber incidents.

Jia, Peng and Shujuan Yang, 'China Needs a National Intelligent Syndromic Surveillance System' (2020) 26(7) Nature Medicine 990

Kang, Jagvinder Singh, 'NHSX Covid-19 Tracing App: "Nothing to Fear but Fear Itself!"' [2020] (June) Computers and Law 40-44
Abstract: Discusses issues that have been raised regarding the proposed national roll-out of the NHSX COVID-19 contact tracing applications software, including: whether it is really necessary; whether it is going to be privacy intrusive; how much personal data it aims to collect; whether it will adopt a centralised or decentralised approach; and the pre-conditions that have been set by the Government's Joint Committee on Human Rights prior to its roll-out.

Kitchin, Rob, 'Civil Liberties or Public Health, or Civil Liberties and Public Health? Using Surveillance Technologies to Tackle the Spread of COVID-19' [2020] Space and Polity (advance article, published 3 June 2020)
Abstract: To help tackle the spread of COVID-19 a range of surveillance technologies - smartphone apps, facial recognition and thermal cameras, biometric wearables, smart helmets, drones, and predictive analytics - have been rapidly developed and deployed. Used for contact tracing, quarantine enforcement, travel permission, social distancing/movement monitoring, and symptom tracking, their rushed rollout has been justified by the argument that they are vital to suppressing the virus, and civil liberties have to be sacrificed for public health. I challenge these contentions, questioning the technical and practical efficacy of surveillance technologies, and examining their implications for civil liberties, governmentality, surveillance capitalism, and public health.

Kolfschooten, Hannah van and Anniek de Ruijter, 'COVID-19 and Privacy in the European Union: A Legal Perspective on Contact Tracing' (2020) 41(3) Contemporary Security Policy 478-491
Abstract: When disease becomes a threat to security, the balance between the need to fight the disease and obligation to protect the rights of individuals often changes. The COVID-19 crisis shows that the need for surveillance poses challenges to the right of privacy. We focus on the European Union (EU), which has a strong data protection regime yet requires its member states to exchange personal data gathered through contact tracing. While public authorities may limit the right to privacy in case of public health threats, the EU provides little guidance when such limitations are proportionate. To define standards, we analyze existing EU case law regarding national security measures. We conclude that on the proportionality of contact tracing in the EU it is difficult to reconcile public health measures and individual rights, but guidance can be taken from understandings of proportionality in the context of security, particularly in the current COVID-19 emergency.

Lawson-Tancred, Hugh, Henry CW Price and Alessandro Provetti, 'COVID-19 Contact Tracing: Eight Privacy Questions Explored A Reply to de Montjoye et al' (SSRN Scholarly Paper No ID 3607089, 20 May 2020)
Abstract: We respond to a recent work by de Motjoye et el. on privacy issues with COVID-19 tracking. Our discussion is structured around three 'toy' protocols for the design of an app which can maximise the utility of contact tracing information while minimising the more general risk to privacy. On this basis, the paper proceeds to introduce eight questions against which they should be assessed. The questions raised and the protocols proposed effectively amount to the creation of a game with different categories of players able to make different moves. It is therefore possible to analyse the model in terms of optimal game design.

Leonard, Peter, 'Novel Coronavirus Spawns Novel Law-Making in Australia' [2020] (June) Computers and Law 46-48
Abstract: Discusses the lessons that can be learnt from Australia's approach to drafting the Privacy Amendment (Public Health Contact Information) Bill 2020 to regulate its COVID-19 tracing applications software and aims to nurture its citizens' digital trust.

Lim, Woojin, 'Assessing the Implications of Digital Contact Tracing for COVID-19 for Human Rights and the Rule of Law in South Africa' (2020) 20(2) African Human Rights Law Journal 540-557
Abstract: The article argues that the establishment of centralised and aggregated databases and applications enabling mass digital surveillance, despite their public health merits in the containment of the COVID-19 pandemic, is likely to lead to the erosion of South Africa's constitutional human rights, including rights to equality, privacy, human dignity, as well as freedom of speech, association and movement, and security of the person. While derogation clauses have been invoked, thereby limiting International Covenant on Civil and Political Rights clauses and enabling the mass collection of location data only for contact tracing purposes under the Disaster Management Act, a sustained breach of these rights may pose an impending threat to the human rights framework in South Africa. Any proposed digital contact tracing technologies in their design, development and adoption must pass the firm legal muster and adhere to human rights prescripts relating to user-centric transparency and confidentiality, personal information, data privacy and protection that have recently been enacted through the latest development on Protection of Personal Information Act.

Lodders, Adam and Jeannie Marie Paterson, 'Scrutinising COVIDSafe: Frameworks for Evaluating Digital Contact Tracing Technologies' (2020) 45(3) Alternative Law Journal 153-161
Abstract: Digital technologies are being used to combat the coronavirus disease 2019 (COVID-19) pandemic through a variety of methods, including monitoring compliance with quarantine and contact tracing. These uses of technology are said to promote public health outcomes but risk undermining rights to privacy. In this article we focus on the use of digital technologies for contact tracing, such as the COVIDSafe app used in Australia. We explore the kind of framework that might be used for evaluating the design, deployment and governance of such technologies to ensure they operate in a manner that is proportionate to the ends to be achieved. We conclude that, in addition to issues of privacy, any use of contact tracing technology should address important considerations of efficacy, equity and accountability.

Lucivero, Federica et al, 'COVID-19 and Contact Tracing Apps: Ethical Challenges for a Social Experiment on a Global Scale' (2020) 17(4) Journal of Bioethical Inquiry 835-839
Abstract: Mobile applications are increasingly regarded as important tools for an integrated strategy of infection containment in post-lockdown societies around the globe. This paper discusses a number of questions that should be addressed when assessing the ethical challenges of mobile applications for digital contact-tracing of COVID-19: Which safeguards should be designed in the technology? Who should access data? What is a legitimate role for 'Big Tech' companies in the development and implementation of these systems? How should cultural and behavioural issues be accounted for in the design of these apps? Should use of these apps be compulsory? What does transparency and ethical oversight mean in this context? We demonstrate that responses to these questions are complex and contingent and argue that if digital contract-tracing is used, then it should be clear that this is on a trial basis and its use should be subject to independent monitoring and evaluation.

Lucivero, Federica et al, 'COVID-19 and Contact Tracing Apps: Technological Fix or Social Experiment?' (SSRN Scholarly Paper No ID 3590788, Social Science Research Network, 10 April 2020)
Abstract: Mobile applications are increasingly regarded as important tools for an integrated strategy of post-lockdown policy response around the globe. This paper explores how the use of smartphone applications for digital contact tracing is currently being framed by media, experts and policy-makers and discusses a number of questions raised by the debate on digital surveillance at the time of Covid-19: How can personal data be adequately collected and protected? Who should access data? What is a legitimate role for Big Tech companies in the development and implementation of these systems? How is the cultural and moral context taken into account in the design of these apps? Should use of these apps be compulsory? What does transparency and ethical oversight mean in this context? As we show that responses to these questions are complex and uncertain, we argue that rather than technological fixes to the current emergency these apps should be introduced in society as societal experimental trials whose effectiveness and consequences need to be closely and independently monitored the same level of precaution and safeguards that social experimentation require.

Marcus, David, 'Digital Resilience in the Age of a Global Pandemic: How Can Privacy Assist in Risk Mitigation?' (2020) 17(1/2) Privacy Law Bulletin 2-5
Abstract: The global Coronavirus disease 2019 (COVID-19) pandemic is creating unprecedented disruption to all industries globally through its direct and indirect impact on health and wellbeing, the needs of citizens, the way we work, and the needs of our clients. It is estimated that over the course of a year, the pandemic could impact the Australian economy alone by a reduction of AUD34.2 billion or an approximately 1.3% decrease in Gross Domestic Product (GDP). The challenges we face in addressing the risks of the pandemic are well-documented. Perhaps less documented however are the role of privacy frameworks in assisting with such statutory and day-to-day risk mitigation efforts, as well as the fact that we cannot avoid compliance with the 'Privacy Act 1988' (Cth) and other similar privacy frameworks including the 'General Data Protection Regulation' (GDPR).

Marks, Mason, 'Emergent Medical Data: Health Information Inferred by Artificial Intelligence' [2021] U.C. Irvine Law Review (forthcoming)
Abstract: Artificial intelligence can infer health data from people's behavior even when their behavior has no apparent connection to their health. AI can monitor one's location to track the spread of infectious disease, scrutinize retail purchases to identify pregnant customers, and analyze social media to predict who might attempt suicide. These feats are possible because in modern societies, people continuously interact with internet-enabled software and devices. Smartphones, wearables, and online platforms monitor people's actions and produce digital traces, the electronic remnants of their behavior. In their raw form, digital traces might not be very interesting or useful; one's location, retail purchases, and internet browsing habits are relatively mundane data points. However, AI can enhance their value by transforming them into something more useful--emergent medical data. EMD is health information inferred by artificial intelligence from otherwise trivial digital traces. This Article describes how EMD-based profiling is increasingly promoted as a solution to public health crises such as the COVID-19 pandemic, gun violence, and the opioid crisis. However, there is little evidence to show that EMD-based profiling works. Even worse, it can cause significant harm, and current privacy and data protection laws contain loopholes that allow public and private entities to mine EMD without people's knowledge or consent. After describing the risks and benefits of EMD mining and profiling. The Article proposes six different ways of conceptualizing these practices. It concludes with preliminary recommendations for effective regulation. Potential options include banning or restricting the collection of digital traces, regulating EMD mining algorithms, and restricting how EMD can be used once it is produced.

Mello, Michelle M and C Jason Wang, 'Ethics and Governance for Digital Disease Surveillance' (2020) 368(6494) Science 951-954
Abstract: Digital epidemiology--the use of data generated outside the public health system for disease surveillance--has been in use for more than a quarter century [see supplementary materials (SM)]. But several countries have taken digital epidemiology to the next level in responding to COVID-19. Focusing on core public health functions of case detection, contact tracing, and isolation and quarantine, we explore ethical concerns raised by digital technologies and new data sources in public health surveillance during epidemics. For example, some have voiced concern that trust and participation in such approaches may be unevenly distributed across society; others have raised privacy concerns. Yet counterbalancing such concerns is the argument that 'sometimes it is unethical not to use available data'; some trade-offs may be not only ethically justifiable but ethically obligatory. The question is not whether to use new data sources--such as cellphones, wearables, video surveillance, social media, internet searches and news, and crowd-sourced symptom self-reports--but how.

Miller, Nigel and Ben Nolan, 'The NHSX App: What Are the Privacy Concerns?' [2020] (June) Computers and Law 34-38
Abstract: Reviews how the contact tracing application software that is being developed by NHSX works and explores the steps that should be taken to address the privacy and data protection concerns that have been raised concerning its use. Questions whether there needs to be a specific NHSX regulator or legislation to ensure its necessary safeguards.

Milo, Dario et al, 'The Effect of COVID-19 on Cybersecurity and Cyber Breaches' (2020) 20(6) Without Prejudice 19-20
Abstract: With more employees working from home during the COVID-19 pandemic, the risk of cybercrime has escalated, and the need to have proper systems and procedures in place has become even more important.

Molldrem, Stephen, Mustafa I Hussain and Alexander McClelland, 'Alternatives to Sharing COVID-19 Data with Law Enforcement: Recommendations for Stakeholders' [2020] Health Policy (advance article, published 7 November 2020)
Abstract: During the COVID-19 pandemic, in some jurisdictions, police have become involved in enforcing coronavirus-related measures. Relatedly, several North American jurisdictions have established COVID-19 data sharing protocols with law enforcement. Research across a range of fields has demonstrated that involving police in matters of public health disproportionately impacts the most vulnerable and does more harm than good. This is reflected in the consensus against COVID-19 criminalization that has emerged among civil society organizations focused on HIV, human rights, and harm reduction. The European Data Protection Board has also released guidelines against re-uses of COVID-19 data for law enforcement purposes. This article offers an overview of the harms of criminalizing illnesses and strategies for health stakeholders to seek alternatives to sharing COVID-19 data with police agencies while facilitating interoperability with healthcare first responders. It also presents case studies from two North American jurisdictions - Ontario and Minnesota - that have established routine COVID-19 data sharing with police. We recommended seven alternatives, including designating COVID-19 data as sensitive and implementing segmented interoperability with first responder agencies. These guidelines can help ensure that health information technology platforms do not become vehicles for the criminalization of COVID-19, and that health data stay within the health system.

de Montjoye, Yves-Alexandre, 'Evaluating COVID-19 Contact Tracing Apps? Here Are 8 Privacy Questions We Think You Should Ask', Imperial College, Computational Privacy Group (2 April 2020)
Abstract: While governments are ramping up their efforts to slow down the spread of COVID-19, contact tracing apps are being developed to record interactions and warn users if one of their contacts is later diagnosed positive. These apps could help avoid long-term confinement, but also record fine-grained location or close-proximity data. In this blog post, we propose 8 questions one should ask to understand how protective of privacy an app is.

Morley, Jessica et al, 'Ethical Guidelines for COVID-19 Tracing Apps' (2020) 582(7810) Nature 29-31

Muhlhoff, Rainer, 'We Need to Think Data Protection Beyond Privacy: Turbo-Digitalization after COVID-19 and the Biopolitical Shift of Digital Capitalism' (SSRN Scholarly Paper No ID 3596506, 30 March 2020)
Abstract: Turbo-Digitization after Covid-19 will advance algorithmic social selection and the biopolitical shift of digital capitalism. In order to mitigate these risks, we must address the social implications of anonymous mass data.

Nabben, Kelsie, 'Trustless Approaches to Digital Infrastructure in the Crisis of COVID-19 Australia's Newest COVID App. Home-Grown Surveillance Technologies and What to Do About It' (SSRN Scholarly Paper No ID 3579220, 14 April 2020)
Abstract: This week, the Australian Government proposed a mobile phone-based tracking application to address the spread of coronavirus. The COVID-19 pandemic has demonstrated an acceleration of government-led surveillance technology around with the world. At present, the significant uptick in digital tools as a policy response to address the public health crisis are not being matched by suitable policy clauses or technology design to serve the interests of Australian citizens. This article presents the global contact-tracing phone app responses to COVID-19, outlines the key privacy concerns and presents alternative policy pathways and technical approaches towards privacy preservation and trustless (trust minimising) digital infrastructure to improve Australia's digital-political response to COVID-19.

Nabben, Kelsie, Marta Poblet and Jan Carlo Barca, 'What Is Known from a Network?: Digital Contact Tracing, Privacy, and Pandemics in the Digital Age' (Mercatus Center at George Mason University, COVID-19 Response Working Paper, October 2020)
Abstract: COVID-19 is an unprecedented crisis that has sparked unprecedented responses from governments around the world. These responses pose a threat to democratic stability and civil liberties. Digital contact tracing is just one example of a technology-based crisis response measure that has been rapidly deployed but could have far-reaching negative consequences for society. This paper explores the risks and consequences of collecting, collating, and storing digital data on people's networks of contacts as a crisis response measure. We aim to inform a discussion on the tradeoffs between the value of creating the data for public health outcomes and the risks to public trust in government and democratic stability. We ask, 'What are the privacy risks of digital contact tracing, and what consequences does this have for national security and democratic stability?' We analyze the considerations that governments are taking in designing and deploying digital responses to the crisis in the case of digital contact tracing, and we explore what information can be derived from the data on populations and how this information could be misused in ways that harm democratic principles. We argue that government collection of digital contact tracing data poses a serious threat to civil liberties owing to the potential for the data to become a geopolitical target for hacking and interference in democratic stability through information warfare. We then propose a number of technical considerations and policy settings that are transparent, temporary, and proportionate to limit data vulnerabilities and provide a framework to better safeguard civil liberties and democracy in the digital age.

Naude, Wim, 'Artificial Intelligence Against Covid-19: An Early Review' (SSRN Scholarly Paper No ID 3568314, 6 April 2020)
Abstract: Artificial Intelligence (AI) is a potentially powerful tool in the fight against the COVID- 19 pandemic. Since the outbreak of the pandemic, there has been a scramble to use AI. This article provides an early, and necessarily selective review, discussing the contribution of AI to the fight against COVID-19, as well as the current constraints on these contributions. Six areas where AI can contribute to the fight against COVID-19 are discussed, namely i) early warnings and alerts, ii) tracking and prediction, iii) data dashboards, iv) diagnosis and prognosis, v) treatments and cures, and vi) social control. It is concluded that AI has not yet been impactful against COVID-19. Its use is hampered by a lack of data, and by too much data. Overcoming these constraints will require a careful balance between data privacy and public health, and rigorous human-AI interaction. It is unlikely that these will be addressed in time to be of much help during the present pandemic. In the meantime, extensive gathering of diagnostic data on who is infectious will be essential to save lives, train AI, and limit economic damages.

Nesterova, Irena, 'The Global Flood of COVID-19 Contact Tracing Apps: Sailing with Human Rights and Data Protection Standards against the Wind of Mass Surveillance' (2021) 92 SHS Web of Conferences Article 01035
Abstract:
Research background: Countries all around the world are rapidly introducing contact tracing apps and other surveillance technologies to tackle the spread of COVID-19 raising serious concerns about human rights and democratic principles.
Purpose of the article: The article aims to analyse how human rights and data protection law regulate the COVID-19 contact tracing apps and reveal the biggest challenges that countries face in applying the essential requirements.
Methods: The article will analyse the legal framework and compare many guidance documents issued by the international organisations, including the Council of Europe, the OECD and many EU institutions on the data protection requirements for contact tracing tools and the main challenges the governments face in different countries.
Findings & Value added: The article will reveal that the existing human rights and data protection standards already impose significant requirements for contact tracing apps requiring to comply with such principles as legality, necessity, proportionality, transparency, purpose limitation, temporariness. Although countries tend to deviate from some of these standards a choice between effective response to crises and fundamental rights should not be made. The article argues that the global flood of digital surveillance technologies requires new regulatory framework and governance mechanisms to enable impact assessment, oversight and monitoring of these technologies both during and after the crises not only to ensure that they are lawful and ethical, but also to limit the dependency of governments on large technology companies as well as to prevent mass surveillance becoming the new normal on a global scale.

Ng, Yee-Fui and Stephen Gray, 'Wars, Pandemics and Emergencies: What Can History Tell Us about Executive Power and Surveillance in Times of Crisis?' (2021) 44(1) UNSW Law Journal 227-266
Abstract: In the fight against coronavirus, the Australian government has enacted a series of measures that represent an expansion of executive powers. These include the use of smartphone contact-tracing technology, mandatory isolation arrangements, and the closure of businesses. Critics have expressed concerns about the long-term implications of these measures upon individual rights. This article will analyse the validity of such concerns in the context of other historical uses of executive power in Australia in times of crisis: during the Spanish Flu pandemic of 1918, the First and Second World Wars, and the 'War on Terror' post-September 2001. Drawing its conclusions from these historical precedents, the article argues that clear legislative safeguards are a minimum necessary step both to prevent police and governmental abuse of privacy, and to foster and maintain trust in the government's ability to manage their 'emergency' powers in a manner consistent with human rights.

Ni Loideain, Nora, 'Regulating Health Research and Respecting Data Protection: A Global Dialogue' (2020) 10(2) International Data Privacy Law 115
Abstract: The global COVID-19 pandemic has focused minds sharply on the valuable role to be played by data collection and analysis for advancing health research, especially how it may help in informing and developing policy responses.Modern health research requires vast collections of data. Ensuring open access and wide sharing of these huge data sets that contain highly sensitive personal in-formation within the international scientific community is also essential to the development of medical treatments and research breakthroughs. The importance of all of these factors drastically increases in times of emergency when rapid responses are urgently needed from the scientific community (such as the development of a vaccine). However, as the European Commission and academic commentators point out, any such measures must also be lawful and proportionate, comply with data protection law, and respect the fundamental rights of those who have shared their health data.

Nicol, Dianne et al, 'Australian Perspectives on the Ethical and Regulatory Considerations for Responsible Data Sharing in Response to the COVID-19 Pandemic' (2020) 27(4) Journal of Law and Medicine 829
Abstract: As the rush to understand and find solutions to the coronavirus disease 2019 pandemic continues, it is timely to re-examine the legal, social and ethical drivers for sharing health-related data from individuals around the globe. International collaboration and data sharing will be essential to the research effort. This raises the question of whether the urgent imperative to find therapies and vaccines may justify some temporary rebalancing of existing ethical and regulatory standards. The Global Alliance for Genomic Health is playing a leading role in collecting information about national approaches to these challenging questions. In this section, we examine some of the initiatives being taken in Australia against this global backdrop.

Nijsingh, Niels, Anne van Bergen and Verina Wild, 'Applying a Precautionary Approach to Mobile Contact Tracing for COVID-19: The Value of Reversibility' (2020) 17(4) Journal of Bioethical Inquiry 823-827
Abstract: The COVID-19 pandemic presents unprecedented challenges to public health decision-making. Specifically, the lack of evidence and the urgency with which a response is called for, raise the ethical challenge of assessing how much (and what kind of) evidence is required for the justification of interventions in response to the various threats we face. Here we discuss the intervention of introducing technology that aims to trace and alert contacts of infected persons--contact tracing (CT) technology. Determining whether such an intervention is proportional is complicated by complex trade-offs and feedback loops. We suggest that the resulting uncertainties necessitate a precautionary approach. On the one hand, precautionary reasons support CT technology as a means to contribute to the prevention of harms caused by alternative interventions, or COVID-19 itself. On the other hand, however, both the extent to which such technology itself present risks of serious harm, as well as its effectiveness, remain unclear. We therefore argue that a precautionary approach should put reversibility of CT technology at the forefront. We outline several practical implications.

Oliva, Jennifer D, 'Public Health Surveillance in the Context of COVID-19' (2021) 18(1) Indiana Health Law Review 107-122
Extract: Today, we are talking about public health surveillance in the context of COVID-19. My presentation will focus on contact tracing, so let me give you a roadmap for today's discussion. I am going to start out by providing some background on traditional contact tracing, including its genesis, efficacy, and benefits. I will also highlight some of the significant challenges with contact tracing and disease surveillance with a focus on COVID-19 and the current state of track-and-trace in the United States. I will then explain the various digital track and trace technologies that have been developed or are under development to supplement traditional contact tracing to make the process more effective. I will also point out the strengths and weaknesses that attend to the current technologies that are available in the United States and abroad. I will then provide a survey of health data privacy laws. One of the themes that I want to emphasize today is that we do not have a federal-level general data protection law in the United States. Therefore, once we start talking about the collection of sensitive health care data outside the traditional health care system, we start to run into huge gaps in the law. I will touch on the California Consumer Privacy Act as well as the recent bills that have been introduced in Congress to protect health data captured by contact tracing applications. I will also give an overview of one of the most misunderstood laws in the United States--the Health Insurance Portability and Accountability Act of 1996 ('HIPAA').

Oliva, Jennifer D, 'Surveillance, Privacy, and App Tracking' in Scott Burris et al (eds), Assessing Legal Responses to COVID-19 (Public Health Law Watch, 2020) 40-46
Abstract: Over the last several months, global innovators have developed a heterogenous array of 'smart' technology protocols and applications aimed at tracking, tracing, and containing the spread of the novel coronavirus, SARS-CoV-2, which causes the disease COVID-19. The United States, which has left it to the states to acquire or build their own automated track and trace platforms, currently lags behind other countries. However, technology companies Apple and Google have announced co-production of a digital tracing platform for their phones. As this Chapter details, the United States lacks a comprehensive federal health data privacy law that protects the privacy of sensitive information collected and stored by digital contact tracking applications. The Chapter also explains how digital COVID-19 surveillance applications work, assesses their effectiveness from a public health perspective, and enumerates the legal and ethical issues they implicate. It concludes with proposals aimed at maximizing the public health benefits of COVID-19 surveillance technology while minimizing its inherent and conceivable threats to privacy, civil liberties, and vulnerable populations.

Ong, Ee-Ing and Wee Ling Loo, 'Gauging the Acceptance of Contact Tracing Technology: An Empirical Study of Singapore Residents' Concerns and Trust in Information Sharing' (SSRN Scholarly Paper ID 3817972, 2 April 2021)
Abstract: In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore's implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with the government as compared to a business collecting most forms of personal data. Nonetheless, they still had a moderately high level of concern about sharing such data with the government. We further found that income, education and perceived self-exposure to AI are associated with higher levels of concern with the government collecting personal data relevant to contact tracing, namely health history, location and social network friends' information. This has implications for Singapore residents' trust in government collecting data and hence the success of such projects, not just for contact tracing purposes but for other government-related data collection undertakings.

Ouyang, Weimin, 'Research on the Legal Regulation of Personal Information Protection and Utilization in the Prevention and Control of COVID-19 Epidemic' in 2020 6th International Conference on Social Science and Higher Education (ICSSHE 2020) (2020) 748-752
Abstract: In the prevention and control of COVID-19 epidemic in China, big data technology provides crucial scientific and technological support. Big data technology, on the one hand, played a huge role in the key issues of the prevention and control of COVID-19 epidemic that quickly identify potential infections, on the other hand, because China's laws and regulations are not sound on the protection and utilization of personal information, there are legal obstacles in the collection, utilization and sharing of personal information. It is not conducive to making full use of personal information in prevention and control of COVID-19 epidemic. To this end, this paper combed the relevant laws and regulations on the protection and utilization of personal information in China, especially the laws and regulations on the protection and utilization of personal information under the situation of epidemic prevention and control, studied the complex legal relationship between them, and proposed promulgating the Personal Information Protection Law, as a long-term mechanism, to construct China's legal standard system for the protection and utilization of personal information, and proposed that the National People's Congress of China should issue an emergency bill according to the work needs, giving the government the power to deal with emergencies.

Park, Sangchul, Gina Jeehyun Choi and Haksoo Ko, 'Information Technology-Based Tracing Strategy in Response to COVID-19 in South Korea: Privacy Controversies' (2020) 323(21) Journal of the American Medical Association (JAMA) 2129-2130
Abstract: Introduction: Amid the global coronavirus disease 2019 (COVID-19) outbreak, South Korea was one of the next countries after China to be affected by the disease. Confirmed cases in Korea were first reported on January 20, 2020, and spiked from February 20 to 29, 2020. Instead of deploying aggressive measures such as immigration control, lockdown, or roadblocks, South Korea mounted a trace, test, and treat strategy. This was made possible by the preparations that the country had made after the Middle East respiratory syndrome (MERS) outbreak of 2015. South Korea extensively utilized the country's advanced information technology (IT) system for tracing individuals suspected to be infected or who had been in contact with an infected person. Such measures helped flatten the curve of newly confirmed cases and deaths around mid-March. As of April 21, 2020, there had been 10 683 confirmed cases of COVID-19 in South Korea, with a total of 2233 patients who are in isolation because of hospitalization or quarantine, and a total of 237 deaths. However, important concerns have been raised over privacy involving the tracing strategy.

Parker, Michael J et al, 'Ethics of Instantaneous Contact Tracing Using Mobile Phone Apps in the Control of the COVID-19 Pandemic' (2020) 46(7) Journal of Medical Ethics 427-431
Abstract: In this paper we discuss ethical implications of the use of mobile phone apps in the control of the COVID-19 pandemic. Contact tracing is a well-established feature of public health practice during infectious disease outbreaks and epidemics. However, the high proportion of pre-symptomatic transmission in COVID-19 means that standard contact tracing methods are too slow to stop the progression of infection through the population. To address this problem, many countries around the world have deployed or are developing mobile phone apps capable of supporting instantaneous contact tracing. Informed by the on-going mapping of 'proximity events' these apps are intended both to inform public health policy and to provide alerts to individuals who have been in contact with a person with the infection. The proposed use of mobile phone data for 'intelligent physical distancing' in such contexts raises a number of important ethical questions. In our paper, we outline some ethical considerations that need to be addressed in any deployment of this kind of approach as part of a multidimensional public health response. We also, briefly, explore the implications for its use in future infectious disease outbreaks.

Ponce, Aida, 'COVID-19 Contact-Tracing Apps: How to Prevent Privacy from Becoming the Next Victim' (ETUI Research Paper - Policy Brief No 5/2020, 2020)
Abstract: Contact-tracing apps to combat the COVID-19 pandemic have increasingly been mentioned as useful tools to accompany and contribute to a return to normality despite the many ethical and legal questions they raise. The pressure exerted by business circles and lobbies to restart and 'save the economy' has been intense. What started as a public health crisis morphed into an economic crisis and we are now faced with a 'trick-or-treat' choice: accept to 'pay the price' and use invasive tracing apps, and by so doing facilitate a gradual reopening of business, or fight for privacy and delay the return to normality.

'Privacy Is Protected, Even during a Pandemic: Research' (2020) 113(6) Servamus Community-based Safety and Security Magazine 58-58
Abstract: Many South Africans have expressed valid concerns about the potential for abuse of personal information collected by government as part of tracking and tracing those exposed to COVID-19 infection. Yet, the approach taken appears to be well-balanced, even though the Protection of Personal Information Act of 2013 (POPI) has not yet come fully into operation. Electronic Communication Service Providers (ECSPs) such as Internet Service Providers (ISPs) can only provide personal information required to combat COVID-19 to the Director-General of the Department of Health for inclusion in a database which is subject to several restrictions.

Puri, Anuj, 'A Theory of Privacy' [2020] Cornell Journal of Law and Public Policy (forthcoming)
Abstract: In the age of Big Data Analytics and COVID-19 Apps, the conventional conception of privacy that focuses excessively on the identification of the individual is inadequate to safeguard the identity and autonomy of the individual. An individual's autonomy can be impaired and her control over her social identity diminished, even without infringing the anonymity surrounding her personal identity. A century old individualistic conception of privacy that was designed to safeguard a person from unwarranted social interference is incapable of protecting her autonomy and identity when she is being targeted on the basis her interdependent social and algorithmic group affiliations. In order to overcome these limitations, in this paper, I develop a theoretical framework in form of a triumvirate model of group right to privacy (GRP), which is based on privacy as a social value (Pv). An individual has an interest in protecting her social identity arising out of her participation in social groups. The panoptic sorting of individuals by Big Data Analytics for behavioral targeting purposes gives rise to epistemic bubbles and echo chambers that impede the formation of an individual's social identity. I construct the formulation of GRP1 to protect an individual's interest in her social identity and her socially embedded autonomous self. Thereafter, I emphasize an individual's right to informational self-determination and against algorithmic grouping in GRP2. Lastly, I highlight instances where an organized group may be entitled to privacy in its own right as GRP3. I develop a Razian formulation to state that the constant surveillance and monetization of human existence by Big Data Analytics is an infringement of individual autonomy. I highlight that the violation of GRP subjects an individual to behavioral targeting including hyper-targeted political advertising and distorts her weltanschauung. As regards the COVID-19 Apps, I assert that the extraordinary circumstances surrounding the pandemic do not provide an everlasting justification for reducing the identity of an individual to a potential disease carrier. I argue that the ambivalence regarding existence of surveillance surrounding an individual's social identity can leave her in a perpetual state of simulated surveillance (simveillance). I further assert that it is in the long-term best interests of the BigTech corporations to respect privacy. In conclusion, I highlight that our privacy is not only interdependent in nature, it is existentially cumulatively interlinked. It increases in force with each successive protection. The privacy challenge posed by COVID-19 Apps has helped us realize that while limited exceptions to privacy maybe carved out in grave emergencies, there is no justification for round the clock surveillance of an individual's existence by Big Data Analytics. Similarly, the threat to privacy posed by Big Data Analytics has helped us realize that privacy has been wrongly focusing on the distinguishing aspects of the individual. It is our similarities that are truly worth protecting. In order to protect these similarities, I formulate the concept of mutual or companion privacy, which counter-intuitively states that in the age of Big Data Analytics we have more privacy together rather than individually.

Ram, Natalie and David Gray, 'Mass Surveillance in the Age of COVID-19' (2020) 7(1) Journal of Law and the Biosciences Article lsaa023
Abstract: Epidemiological surveillance programs such as digital contact tracing have been touted as a silver bullet that will free the American public from the strictures of social distancing, enabling a return to school, work, and socializing. This Article assesses whether and under what circumstances the United States ought to embrace such programs. Part I analyzes the constitutionality of programs like digital contact tracing, arguing that the Fourth Amendment's protection against unreasonable searches and seizures may well regulate the use of location data for epidemiological purposes, but that the legislative and executive branches have significant latitude to develop these programs within the broad constraints of the ``special needs'' doctrine elaborated by the courts in parallel circumstances. Part II cautions that the absence of a firm warrant requirement for digital contact tracing should not serve as a green light for unregulated and mass digital location tracking. In light of substantial risks to privacy, policy makers must ask hard questions about efficacy and the comparative advantages of location tracking versus more traditional means of controlling epidemic contagions, take seriously threats to privacy, tailor programs parsimoniously, establish clear metrics for determining success, and set clear plans for decommissioning surveillance programs.

Restrepo-Amariles, David, 'From Computational Indicators to Law into Technologies: The Internet of Things, Data Analytics and Encoding in COVID-19 Contact Tracing Apps' [2021] International Journal of Law in Context (forthcoming)
Abstract: COVID-19 has revealed the critical role data is playing and will increasingly play in the exercise of social control. This article investigates the data life cycle of Contact Tracing Apps--namely, the collection, collation and analysis of data--as a tool of epidemiological surveillance in light of the International Health Regulations (IHR). It highlights the socio-legal implications resulting from the design and technology choices that software developers inevitably make. These choices are often neglected by policy makers due to the inherent technical complexity of the systems and to certain naive belief in technological solutionism. In particular, this article shows, first, that technology-harvest data does not reflect an objective representation of reality, and therefore requires additional context to be understood and interpreted for policy and legal purposes, and second, that the use of data analytics to extract insights from this data makes possible the production of computational indicators, which in turn, enable the development of novel computational applications in the legal domain (law into technologies). In particular, it illustrates how encoding and data representation enable novel computational forms of social control, for instance, through the use of social graphs. By looking at how governments use CTAs to implement pandemic mitigation restrictions (PMRs) such as lockdowns, quarantines, social distancing and testing, it brings forth the ways in which technologies--and thus their bias and ways of framing social reality--become embedded in the law.

Richardson, Eric and Colleen Devine, 'Emergencies End Eventually: How to Better Analyze Human Rights Restrictions Sparked by the COVID-19 Pandemic Under the International Covenant on Civil and Political Rights' (2020) 42 Michigan Journal of International Law (forthcoming)
Abstract: In the wake of the COVID-19 pandemic, states have been quick to adopt emergency measures aimed at curbing the spread of the virus. However, poorly constructed restrictions threaten to undermine hard won human rights protections and may in fact erode important elements of international human rights law as a result of overreaching implementation or lack of rigorous analysis in how the restrictions are put, and kept, in place. This article analyzes the International Convent on Civil and Political Rights (ICCPR) standards which apply to emergency regulation in times of public health crisis and the tangled morass of legal tests which have been used to balance human rights and emergency restrictions. We argue that in the current pandemic, human rights are best protected when states act under the Article 4 derogation mechanism to put emergency measures in place because it provides opportunities for oversight ensuring the end of emergency restrictions after the crisis subsides and provides certainty as to how states are justifying their emergency measures under the treaty regime. Given that so few states have provided notice of derogation under the ICCPR, this Article also considers what a rigorous analysis would look like when restricting freedom of movement, privacy, and freedom of assembly using the limitation language found in each article, suggesting best practices for better balancing COVID-19-related emergency measures with human rights.

Rothstein, Mark A, 'Public Health and Privacy in the Pandemic' (2020) 110(9) American Journal of Public Health 1374-1375
Abstract: In deciding whether to use certain health information technology in a pandemic, policymakers should analyze and apply the following criteria, which have been derived from principles commonly cited in the public health ethics literature related to public health powers generally and applied to privacy: (1) necessity and effectiveness; (2) proportionality and minimal infringement; (3) purpose limitations; and (4) justice.

Rozenshtein, Alan Z, 'Digital Disease Surveillance' (2021) 70 American University Law Review (forthcoming)
Abstract: Fighting the coronavirus pandemic will require digital disease surveillance: the use of digital technology to enhance traditional public-health techniques like contact tracing, isolation, and quarantine. But legal scholarship on digital disease surveillance is still in its infancy. This Article fills that gap.Part I explains why disease surveillance will play a key role in responding to coronavirus and future infectious-disease outbreaks. Part II explains how the 'special needs' exception to the Fourth Amendment's warrant requirement permits almost any rationally designed disease surveillance program. Part III suggests safeguards beyond what Fourth Amendment doctrine currently requires that could protect rights without diminishing surveillance effectiveness, including: review for effectiveness and equality, procedural requirements, and periodic legislative authorization. Part IV proposes a mixed standard for judicial review: courts should require these safeguards under an evolving understanding of Fourth Amendment reasonableness while tempering their review with deference to the political branches. Part IV concludes by outlining how the doctrinal evolution spurred by digital disease surveillance programs--the development of a 'special needs with teeth' standard--might advance a key research agenda in criminal procedure: how to apply the Fourth Amendment to modern, data-driven surveillance regimes.

Sander, Barrie and Luca Belli, 'COVID-19, Cyber Surveillance Normalisation and Human Rights Law' in Barrie Sander and Jason Rudall (eds), Opinio Juris Symposium on COVID-19 and International Law (2020)
Extract from Introduction: In this post, we focus on one set of practices in particular - cyber surveillance - and critically reflect on human rights law as a framework and a terrain of contestation for shaping the future of surveillance practices both during and in the aftermath of the COVID-19 crisis.

Savona, Maria, 'The Saga of the Covid-19 Contact Tracing Apps: Lessons for Data Governance' (University of Sussex, Science Policy Research Unit, SPRU Working Paper Series No 2020-10, July 2020)
Abstract: This note selectively unpacks the rapid evolution of the (Western) debate around the opportunity to deploy contact tracing apps, alongside other digital tools such as apps for symptoms sharing and immunity certificates to mitigate the Covid-19 pandemics. I do so from the perspective of a social scientist interested in the implications of the development of digital tools at times of emergency in terms of data governance. I argue that a more articulated reflection is needed towards the development of a healthy institutional structure that regulates the role of large tech platforms, such as Google and Apple (G&A), and public institutions, in governing data, particularly when health data and public value are involved. I unravel the saga of contact tracing apps in the UK and EU, looking at the technical, legal and ethical aspects and I attempt to draw more general lessons for data governance.

Scassa, Teresa, Jason Millar and Kelly Bronson, 'Privacy, Ethics, and Contact-Tracing Apps' in Colleen M Flood et al (eds), Vulnerable: The Law, Policy and Ethics of COVID-19 (University of Ottawa Press, 2020) 265
Abstract: Data and analytics are being enlisted to play a role in understanding and preventing the spread of COVID-19. This chapter focuses on digital 'apps,' which are being deployed by governments around the world to supplement the manual contact-tracing efforts typically performed by public health officials. Contact-tracing apps have been developed rapidly, with little time for user testing, and their adoption raises important privacy and ethical concerns. In this chapter, we outline some of these potential concerns. We begin by tracing the history of contact tracing as a pre-digital, or manual, method and then detail the current contact-tracing efforts, distinguishing among different types of apps and data use approaches. We then draw from our complementary expertise in law, ethics, and sociology to outline potential risks of contact-tracing apps along these dimensions. Risks include misuse of personal data for surveillance and insufficient uptake leading to inaccurate information for individuals, which could lead to increased infection. Risks also include differential access and thus the reproduction of vulnerability among marginalized communities. Overall, the chapter identifies issues relevant to the responsible development and use of big data and AI for COVID-19 mitigation efforts.

Segal, Eran et al, 'Building an International Consortium for Tracking Coronavirus Health Status' (2020) 26(8) Nature Medicine 1161-1165
Abstract: We call upon the research community to standardize efforts to use daily self-reported data about COVID-19 symptoms in the response to the pandemic and to form a collaborative consortium to maximize global gain while protecting participant privacy.

Sekalala, Sharifah et al and Ma 02115 +1495-1000, 'Analyzing the Human Rights Impact of Increased Digital Public Health Surveillance during the COVID-19 Crisis' (2020) 22(2) Health and Human Rights Journal 7-20
Abstract: The COVID-19 pandemic has led policy makers to expand traditional public health surveillance to take advantage of new technologies, such as tracking apps, to control the spread of SARS-CoV-2. This article explores the human rights dimensions of how these new surveillance technologies are being used and assesses the extent to which they entail legitimate restrictions to a range of human rights, including the rights to health, life, and privacy. We argue that human rights offer a crucial framework for protecting the public from regulatory overreach by ensuring that digital health surveillance does not undermine fundamental features of democratic society. First, we describe the surveillance technologies being used to address COVID-19 and reposition these technologies within the evolution of public health surveillance tools and the emergence of discussions concerning the compatibility of such tools with human rights. We then evaluate the potential human rights implications of the surveillance tools being used today by analyzing the extent to which they pass the tests of necessity and proportionality enshrined in international human rights law. We conclude by recommending ways in which the harmful human rights effects associated with these technologies might be reduced and public trust in their use enhanced.

Sessa, Carmelina, 'Coronavirus and Effects on the Rule of Law: How Fundamental Rights Live with Mass Surveillance Technologies in Democratic Systems - An Analysis of Europe and Italy in a Global View' (2021) 8(1: Covid Special Issue) IALS Student Law Review 47-56
Abstract: In the management of the Coronavirus Pandemic, law is called to play a synergistic role with the science to guarantee the public order and safety. In the European context Italy is to be examined, i.e. the first state in Europe to launch containment measures of the spread of the virus and to protect public health. Through a comparative approach, the purpose here is to examine the assumptions and the impact of the emergency legislation on the Italian democratic system. Evaluating within what limits fundamental human rights and freedoms' compression can be legitimated on a national and international basis in exceptional events allow to analyse the relative reflections on the rule of law. Finally, the discussion focuses on the compatibility of using mass surveillance technologies on the International and European regulatory framework where balancing techniques and the principle of proportionality represent the core in framing the regulatory activity. Despite undoubted short-term benefits, the concern is to safeguard both the protection of personal data and health, in the face of this 'invisible enemy', considering that the link between emergency regulation and prolonged compression of rights in technological innovation requires special attention.

Shabani, Mahsa, Tom Goffin and Heidi Mertes, 'Reporting, Recording, and Communication of COVID-19 Cases in Workplace: Data Protection as a Moving Target' (2020) 7(1) Journal of Law and the Biosciences Article lsaa008
Abstract: In response to concerns related to privacy in the context of coronavirus disease 2019 (COVID-19), recently European and national Data Protection Authorities (DPAs) issued guidelines and recommendations addressing a variety of issues related to the processing of personal data for preventive purposes. One of the recurring questions in these guidelines is related to the rights and responsibilities of employers and employees in reporting, recording, and communicating COVID-19 cases in workplace. National DPAs in some cases adopted different approaches regarding duties in reporting and communicating the COVID-19 cases; however, they unanimously stressed the importance of adopting privacy-preserving approaches to avoid raising concerns about surveillance and stigmatization. We stress that in view of the increasing use of new data collection and sharing tools such as 'tracing and warning' apps, the associated privacy-related risks should be evaluated on an ongoing manner. In addition, the intricacies of different settings where such apps may be used should be taken into consideration when assessing the associated risks and benefits.

Sharma, Tanusree and Masooda Bashir, 'Use of Apps in the COVID-19 Response and the Loss of Privacy Protection' (2020) 26(8) Nature Medicine 1165-1167 < https://www.nature.com/articles/s41591-020-0928-y >
Abstract: Mobile apps provide a convenient source of tracking and data collection to fight against the spread of COVID-19. We report our analysis of 50 COVID-19-related apps, including their use and their access to personally identifiable information, to ensure that the right to privacy and civil liberties are protected.

Sheehan, Brian, 'GDPR Rules "Do Not Hinder" Measures Taken in Covid-19 Fight' (2020) 14 Industrial Relations News 23-24
Abstract: Discusses the European Data Protection Board (EDPB)'s guidelines on the processing of personal data in the context of emergency measures taken by governments and public and private organisations throughout Europe to contain and mitigate COVID-19. Note: the Statement referred to in this article is the European Data Protection Board, 'Statement on the Processing of Personal Data in the Context of the COVID-19 Outbreak, Adopted on 19 March 2020'.

Singhh, Arunender, 'Protection of "Digital Rights" Amid Fight Against COVID-19: The Missing Responsibility of ICTs Platforms' (Afronomicslaw COVID-19 Symposium on International Economic Law in the Global South (May 2020), Symposium II: Intellectual Property, Technology and Agriculture)
Abstract: Introduction: It is often stated that the new technology is changing what it means to be human. The digital world is rapidly transforming society. On the one hand, it allows unprecedented advances in the human conditions and at the same time gives rise to profound new challenges. Social media is a dominating force in modern social life as internet technology has taken hold of our cyber-driven society. The oft-use of information and communication technology (ICT) to fight the battle against Covid-19 crisis has opened up new challenges for the governments, especially, for populous countries like India. There are genuine concerns that fake news has assumed a pernicious character that is harmful to citizens and society at large. The use of big data in the global world has come to stay with ICT corporations commonly using data analytics to forecast customer preferences, boost their productivity and improve decision-making. It appears that big data may have a huge positive effect in defeating Covid-19, by promoting efficiency, monitoring health security and enhanced services, but that it might also result in discrimination, privacy violations, and other chilling effects.... In this trying times these developments have squarely brought under the scanner the role and legal responsibility assumed by the ICTs platforms.

Sircar, Tuisha and Pranav Menon, 'Trace, for What, How and Whom? Deconstructing Aarogya Setu's Data Protection Safeguards Using Actor Network Theory' (SSRN Scholarly Paper ID 3778863, 3 February 2021)
Abstract: The COVID-19 pandemic has exacerbated the policy solutionism to deploy digital contact tracing tools. This study seeks to adopt the Actor Network Theory to dissect India's contact tracing application- The Aarogya Setu app. Using Bruno Latour's methodology this study highlights the need to locate the privacy implications that affect the users' locational and bodily integrity. There is a need to move beyond the technological determinism with which the state locates the usage of such applications, marginalising certain bodies over others. The delegation of authority to contact trace by the state to the app and subsequent actants is a facet that has been explored in this piece. Moroever, there is an aspect of choice which creates an unconditional obligation on some bodies and does not on others to download the app to access public services and fulfill other commitments like employment. This study has relied on a posthumanistic lens to argue that the anthropomorphized app exhibits the agency rooted within hindutva nationalism and self-securitization. Thus the transfer of personal information into the app not merely promulgates control over bodies but severely impacts the decisional autonomy of users who are forced to negotiate with the app. The aarogya setu application has inbuilt faulty design injustice induced in order to create inequality where there already is. The privacy element and its implications has been looked upon as the 'law of the excluded middle' that provides a way out of the obligation that the app as well as the state actant creates on users and non-users. Thus, this piece seeks to call for a resistance of such modes of e-governance and surveillance that is mediated through applications such as the Aarogya Setu.

Slinn, Ben, 'What's in Store for Contact Tracing Apps in the UK?' (2020) 110(July) Privacy Laws & Business United Kingdom Newsletter 10-12
Abstract: Examines data protection considerations relevant to the use of contact tracing apps, focusing on the position of the Information Commissioner's Office, which favours a decentralised approach with processing focused on users' devices, and the European Data Protection Board. Notes the steps taken by the European Commission in relation to contact tracing apps and the status of the UK app.

Stefoudi, Dimitria, 'Space Data in the Fight against Pandemics: Privacy Concerns and Sharing of Benefits from the Use of Space Technology for Decision-Making' (2020) 45(Special issue) Air and Space Law 108-121
Abstract: The fast and continuous collection and distribution of information are essential for decisionmaking in the first-response phase, as well as in the constant monitoring during and after the peaks of the Coronavirus Disease-2019 (COVID-19) outbreak. Particularly in times of emergency that require immediate reaction on behalf of local and global authorities, it is important that their reaction is based on reliable information. The unique features of satellite technology, which enable the steady flow of accurate near real-time data, have granted it a vital role in the fight against the COVID-19 pandemic. This article will address the uses of space data for public health and their legal implications, particularly in terms of privacy and access to data.

Stevens, Hallam and Monamie Bhadra Haines, 'TraceTogether: Pandemic Response, Democracy, and Technology' 14(3) East Asian Science, Technology and Society 523-532
Abstract: On 20 March 2020, in the midst of the COVID-19 pandemic, the Singapore government released a new app called TraceTogether. Developed by the Ministry of Health, SG United, and GovTech Singapore, the app uses the Bluetooth capability of smartphones to store information about other smartphones that have come into close proximity with your own. These data facilitate the government's process of 'contact tracing' through which they track those who have potentially come into contact with the virus and place them in quarantine. This essay attempts to understand what kinds of citizens and civic behavior might be brought into being by this technology. By examining the workings and affordances of the TraceTogether app in detail, the authors argue that its peer-to-peer and open-source technology features mobilize the rhetorics and ideals of citizens science and democratic participation. However, by deploying these within a context that centralizes data, the app turns ideals born of dissent and protest on their head, using them to build trust not within a community but rather in government power and control. Rather than building social trust, TraceTogether becomes a technological substitute for it. The significant public support for TraceTogether shows both the possibilities and limitations of citizen science in less liberal political contexts and circumstances.

Stock, Melissa, 'Facial Recognition and Detection Technology: Developments and Challenges' (2020) 25(3) Computer and Telecommunications Law Review 161-166
Abstract: Highlights the privacy risks posed by facial recognition and detection technology, including the potential for fraud and other criminal misuse, and errors in detection, particularly among Asian or African ethnic groups and women. Explores legal challenges relating to the use of face recognition brought in the UK, Sweden, France, Belgium, and the US. Considers the role digital surveillance has played in tackling the coronavirus pandemic.

Stoeger, Karl and Martina Schmidhuber, 'The Use of Data from Electronic Health Records in Times of a Pandemic--a Legal and Ethical Assessment' (2020) 7(1) Journal of Law and the Biosciences Article lsaa041
Introduction: National electronic health record (EHR) systems containing more or less comprehensive data on a person's medical history have recently become increasingly popular, as they enable different healthcare providers to treat a patient more accurately by sharing all available health data on this person. At the same time, this comprehensive accessibility of health data raises concerns with respect to data protection. A possible answer to these concerns is the implementation of voluntary participation, be it in the form of an opt-in or an opt-out regime. Another strategy chosen by certain EHR system operators is to limit access to personal data to health care providers treating the patients, while state institutions are usually not allowed access to personal data3in EHRs. Such EHR systems which are as a result 'controlled' by the patient (either through an opt-in or an opt-out decision concerning all or parts of the content), have been established particularly in parts of Europe. Currently, EHR systems based on an opt-in or opt-out scheme are in operation or about to be established in more than ten European states.Introduction: National electronic health record (EHR) systems containing more or less comprehensive data on a person's medical history have recently become increasingly popular, as they enable different healthcare providers to treat a patient more accurately by sharing all available health data on this person. At the same time, this comprehensive accessibility of health data raises concerns with respect to data protection. A possible answer to these concerns is the implementation of voluntary participation, be it in the form of an opt-in or an opt-out regime. Another strategy chosen by certain EHR system operators is to limit access to personal data to health care providers treating the patients, while state institutions are usually not allowed access to personal data3in EHRs. Such EHR systems which are as a result 'controlled' by the patient (either through an opt-in or an opt-out decision concerning all or parts of the content), have been established particularly in parts of Europe. Currently, EHR systems based on an opt-in or opt-out scheme are in operation or about to be established in more than ten European states.

Sweeney, Yann, 'Tracking the Debate on COVID-19 Surveillance Tools' (2020) 2(6) Nature Machine Intelligence 301-304
Abstract: Contact-tracing apps could help keep countries open before a vaccine is available. But do we have a sufficient understanding of their efficacy, and can we balance protecting public health with safeguarding civil rights? We interviewed five experts, with backgrounds in digital health ethics, internet law and social sciences.

Taylor, Mark J, '"Personal Information" and Group Data under the "Privacy Act 1988" (Cth)' (2020) 94(10) Australian Law Journal 730-740
Abstract: The 'Privacy Act 1988' (Cth) is focused on information that relates to identified or identifiable persons. If understood narrowly, this approach risks failure to acknowledge the importance of data relating to multiple persons (group data) and its appropriate control within the framework of data governance. There is an increasingly urgent need to address this risk. Indeed, the COVID-19 pandemic has already demonstrated how group data might have tangible impact: by shifting an understanding of priority and what constitutes a reasonable trade-off between individual and public interests. This article considers the extent to which governance mechanisms could, through the vehicle of existing privacy law, protect persons from potentially harmful uses of group data in a modern information economy.

Terry, Nicolas and Christine Nero Coughlin, 'A Virtuous Circle: How Health Solidarity Could Prompt Recalibration of Privacy and Improve Data and Research' (2021) Oklahoma Law Review (forthcoming)
Abstract: While data laws were given a seat with older, relationship-based health law such as tort duties, they are not seen as a crucial part of the modern healthcare regulatory system and viewed only from a distance when healthcare history and policy are discussed. However, here we argue that our healthcare data laws have a closer relationship to the healthcare law mothership than often portrayed (and that is not necessarily a compliment). The core proposition that we advance is that there is (or should be) a hydraulic relationship between healthcare and health privacy. First, if health care continues to robustly prohibit health discrimination and continues to grow closer to universal access, the need for health data protection should decrease. This is not because privacy declines as a value but because exposures of health information will be less consequential. Second, it is broadly accepted that the U.S. imprudently spends a considerably larger percentage of its 'health dollars' on clinical health rather than public health. The outsized role of social determinants, zip-code health, and institutionalized health inequities has been accentuated during the COVID-19 pandemic. Public health recognizes solidarity, social and health interdependence as a fundamental tenet. As the recovery from COVID-19 begins and we 'rebuild better,' public health and hence solidarity likely will be strengthened. Third, the movements towards universal access and more vibrant public health are likely to be premised on a shift away from health individualism to solidarity. As this shift slowly develops, it is likely to engender more sharing of personal information in order to improve the overall health of the population.

Ting, Daniel Shu Wei et al, 'Digital Technology and COVID-19' (2020) 26(4) Nature Medicine 459-461

'UK Regulator Addresses Perplexing Privacy Questions for Hospitality Sector' (2020) 20(7) Privacy & Data Protection 17-18
Abstract: Reports on the publication of guidance by the Information Commissioner's Office on the collection and retention of customer and visitor information by organisations and small businesses in the hospitality sector for the purposes of the COVID-19 Test and Trace scheme.

Unger, Wayne, 'How Disinformation Campaigns Exploit the Poor Data Privacy Regime to Erode Democracy' (SSRN Scholarly Paper No ID 3762609, 14 December 2020)
Abstract:The U.S. is under attack. It is an information war, and disinformation is the weapon. Foreign and domestic actors have launched information operations and coordinated campaigns against western democracies using dis/misinformation. While the U.S. is both a disseminator and recipient of global or regional disinformation campaigns, this article focuses on the U.S. and its people as the recipient.From Russian election interference to COVID-19 conspiracies, disinformation campaigns harm the presumptive trust in democracy, democratic institutions, and public health and safety. While dis/misinformation is not new, the rapid and widespread dissemination of dis/misinformation has only recently been made possible by technological developments that enable mass communication and persuasion never seen before.Today, social media, algorithms, personal profiling, and psychology, when mixed together, enable a new dimension of political microtargeting--a dimension that disinformers exploit for their political gain. These enablers share a root cause--the poor data privacy and security regime in the U.S.At its core, democracy requires independent thought, personal autonomy, and trust in democratic institutions because an independently thinking and acting public is the external check on power and authority. However, when the public is misinformed or disconnected from fact and truth, the fundamental concept of democracy erodes--the public is no longer informed, independently thinking, and autonomous to elect its representatives and check their power. Disinformation, not rooted in fact and truth, attacks the core of democracy, and thus, the public check on governmental power. This article addresses a root cause--the lack of data privacy protections--of the dis/misinformation dissemination and its effects on democracy. This article explains, from a technological perspective, how personal information is used for personal profiling, and how personal profiling contributes to the mass interpersonal persuasion that disinformation campaigns exploit to advance their political goals.

Van Natta, Meredith et al, 'The Rise and Regulation of Thermal Facial Recognition Technology during the COVID-19 Pandemic' (2020) 7(1) Journal of Law and the Biosciences Article lsaa038
Abstract: As the current COVID-19 pandemic sweeps the globe and dramatically alters society, governments and corporations are turning to novel uses of biometric technologies to limit contagion and maintain economic opportunities. Technologies that may have once seemed like the province of science fiction - such as thermal facial recognition, remote fever detection, or smartphone-based immunity certificates - are now not only possible but already in use. This raises important questions about the potential privacy implications of the widespread collection and use of such personal data. While multimodal biometric surveillance technologies such as these may prove useful in slowing the spread of SARS-CoV-2, we caution that the ability of governments and corporations to leverage these technologies will likely persist beyond the current public health emergency. Just as many of the privacy concessions made in the USA Patriot Act have become permanent since the emergency circumstances of September 11, 2001, the privacy-limiting technologies unleashed during this pandemic may well persist unless policies are enacted now to regulate their use and ensure responsible oversight. Recognizing that these emergent technologies may become entrenched long after this public health crisis subsides, we focus here on the case of fever checks and thermal facial recognition technology to illustrate the current state of the technology, existing policies related to its use, and suggestions for proactive policies to govern its deployment during and beyond the present pandemic.

Van Zeben, Josephine and Bart A Kamphorst, 'Tracking and Nudging through Smartphone Apps: Public Health and Decisional Privacy in a European Health Union' (2020) 11(4) European Journal of Risk Regulation 831-840
Abstract: In response to the SARS-CoV-2 pandemic, European Union (EU) Member States adopted technological solutions aimed at mitigating the effects of the virus, as well as enforcing newly adopted public health measures. Examples include apps for disseminating information, performing self-diagnosis, enforcing home quarantine orders and aiding contact tracing. This extensive use of technology for tracking and promoting public health raises important questions regarding EU citizens' privacy. Thus far, the discourse in this regard has predominantly revolved around data protection, the risk of surveillance and the right to control access over one's personal information (informational privacy). In light of the push towards a more unified approach to mitigating the current pandemic and future health crises through a European Health Union (EHU), we consider a different dimension of privacy that may be at risk when employing technology for public health, namely the right to noninterference with one's decisions (decisional privacy). In particular, this article focuses on whether the advances in health-related persuasive technology, together with a more general movement towards nudging as an individual and public health tool, will require EU legislation to further protect decisional privacy by regulating 'hypernudging' technologies and to guide the EHU in coordinating public health measures that utilise these technologies in a privacy-preserving way.

Viljoen, IM et al, 'Contact Tracing during the COVID-19 Pandemic: Protection of Personal Information in South Africa: Review' (2020) 13(1) South African Journal of Bioethics and Law 15-20
Abstract: Containing the COVID-19 pandemic necessitates the use of personal information without the consent of the person. The protection of personal information is fundamental to the rights that ensure an open and democratic society. When regulations that limit the right to privacy are issued outside of the democratic process, every effort must be made to protect personal information and privacy. The limitation of human rights must be treated as an exception to the norm, and any regulations should be drafted to ensure minimum limitation of rights, rather than to the minimum acceptable standard. The contact tracing regulations included in the COVID-19 disaster regulations include some basic principles to ensure privacy; however, other important principles are not addressed. These include principles of transparency and data security. The envisaged future use of human data for research purposes, albeit de-identified, needs to be addressed by the COVID-19 designated judge appointed under the regulations.

Watts, David, 'COVIDSafe, Australia's Digital Contact Tracing App: The Legal Issues' (SSRN Scholarly Paper No ID 3591622, 2 May 2020)
Abstract: The Australian government has developed a digital contact tracing app, COVIDsafe, accompanied by a temporary legal framework that is designed to support its deployment until a legislative framework is developed.This preliminary analysis argues that the temporary legal framework does a creditable job in addressing privacy concerns. Despite this, there are a variety of legal risks that remain. These centre on the ability of the courts to issue orders to obtain and inspect the data produced by or through the app; police warrant powers; metadata retention and its availability to local law enforcement agencies; the vulnerability of data to US law enforcement agencies through the US CLOUD Act; inaccurate assurances about proximity restrictions and more general concerns that users' consent to the use of their app data for contact tracing may not be valid.These are issues that must be addressed by government when it develops its permanent legislative framework for COVIDSafe. A failure to do so will erode the community's trust in COVIDSafe and thus undermine its efficacy as a means by which COVID-19 risks can be managed until a vaccine or an effective treatment become available.

Wee, Alicia and Mark Findlay, 'AI and Data Use: Surveillance Technology and Community Disquiet in the Age of COVID-19' (SMU Centre for AI & Data Governance Research Paper, 2020)
Abstract: The proliferation of surveillance technology during the COVID-19 pandemic has resulted in a myriad of responses from the public. This paper seeks to examine community disquiet in the context of these smart technologies. In particular, we look at sources of social responses to the different control measures and the escalated use of surveillance technologies. The concerns voiced by citizens underscore their worries surrounding infringement of their rights, liberties and integrity, which we examine through six broad themes: disquiet about the data collected; disquiet concerning authority styles confirming control responses; disquiet regarding the integral architecture of control strategies employed; disquiet surrounding infringement of rights and liberties; disquiet surrounding the role of private sector; as well as uncertainties regarding a post-pandemic world and its 'new normal'. We find that the resulting distrust of both the surveillance technology and the authorities behind these have a pronounced effect on the technology's utility and accuracy. Ultimately, we argue that public confidence in governments' control policies and the technologies that they employ can only be rebuilt through a genuine inclusion, engagement, and collaboration with citizens in the conceptualisation, development, implementation and decommissioning phases.

Winlo, Camilla and Hannah Jackson, 'Additional Security Risks Arising from Home Working' (2020) 110(July) Privacy Laws & Business United Kingdom Newsletter 8-9
Abstract: Highlights additional measures which employers might wish to adopt, in light of the coronavirus pandemic, to guarantee data security and privacy as employees work from home more regularly. Sets out steps which organisations can take to mitigate the risks posed by remote working. Notes the changing regulatory approach of Information Commissioner's Office.

Yuen, Albert and Jasmine Yung, 'Covid-19 and Data Privacy Issues in APAC and the UK: Key Guidance from Privacy Regulators' (2020) 17(1/2) Privacy Law Bulletin 26-30
Abstract: The Coronavirus disease (Covid-19) outbreak has not only caused disruptions worldwide in social, economic and political arenas, but also raises a plethora of issues in the data privacy protection arena. Government authorities and businesses around the world seek to respond to this public health emergency by using personal data and information of their employees, visitors, customers and/or suppliers, including by deploying technologies to collect individuals' health and location data to manage health and safety issues arising from the Covid-19 virus and for targeted crowd monitoring. As the increased use by health authorities and businesses/employers rise in the collection and use of personal data and health information for tracking and identifying Covid-19 carriers for public health emergency purposes, privacy discussions and concerns abound over potential personal data misuse, mishandling and a more permanent stretch of government powers for long-term privacy-intrusive monitoring even after the virus ends. At this juncture, we examine how data protection regulators in the Asia Pacific (APAC) and the UK have approached data privacy issues and guidelines in the context of Covid-19, to shed light on how privacy rights balance against the countervailing interests of public health emergency and to what extent APAC and UK data privacy laws are able to protect individuals' rights.

Zingales, Nicolo, 'A Stronger Claim to Data Protection During Pandemics? Leveraging the American Convention on Human Rights Against Governmental Inaction: A Brazilian Case-Study' [2020] Revista de Direitos Fundamentais & Justica (forthcoming)
Abstract: This article presents a case-study to illustrate the crucial importance of an effective data protection law in the fight against pandemics, and critically assess the extent to which the absence of such framework may amount to a violation of the American Convention of Human Rights. The analysis focuses on Brazil as an emblematic example, as the country has been facing the pandemic without being able to rely on a comprehensive and properly supervised data protection law, while also failing to adopt data-driven responses which could have helped to raise awareness and prevent the spread of the virus. Although the relationship between the adopted policies and the unwavering rise of contagions and deaths is one of correlation, and not necessarily causation, it is argued that an examination of the facts through the lenses of the Convention and its case-law could give sufficient grounding to a claim of responsibility for failure to ensure sufficient protection to the right to privacy, life and integrity. To substantiate such claim, the article begins by describing the Brazilian government's approach towards the health risks raised by the pandemic (Section 2), and highlighting the privacy and data protection questions raised by technological solutions that are dependent on the collection and use of personal data (Section 3). It follows with an overview of the troubled process of entry into force of a general data protection law in the country, and of a Supreme Court ruling that invalidated the government's attempt to make use of personal data in order to gather evidence for the adoption of economic measures (Section 4). Finally, having explained the nature of the positive obligations assumed by States that are parties to the Convention, the article examines whether the Brazilian data protection framework has proven fit for purpose during the pandemic (Section 5), and concludes with lessons learned from this case-study (Section 6).

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine