The Balancing Test Between Data Privacy and Public Health in a Pandemic

By: Steven Masur and Maria Samson

The 2019 novel coronavirus “COVID” has disrupted seemingly every facet of daily life. From closing schools to altering the 9-to-5 workday, the pandemic has made us question constructs that have long been established as “the way it is,” and created a new construct; the way it is now, or “the new normal.” Organizations of all kinds have had to come up with unprecedented new solutions, such as imposing mandatory quarantines and creating contract tracing methods to flatten the curve. Unsurprisingly, governments have increased surveillance to control the spread of COVID, and have instituted tracking measures that make many people uncomfortable. How far should such surveillance go? Is your privacy at risk?

Pandemic outbreaks like COVID will likely occur again, and perhaps with more frequency.  Contact tracing practices and surveillance technology created in reaction to the current pandemic threaten individual privacy and may have long-term privacy implications.  As we shift to a new version of normal, we must find a balance between individual privacy and public health.

Companies, such as Apple and Google, are offering technology-assisted contact tracing solutions to help battle COVID. The Apple-Google solution is voluntary and allegedly anonymous, which aims to help control the spread of the virus by using Bluetooth technology. The Apple-Google solution records a user’s whereabouts, relationships, and activities. It is a good idea in theory, but in practice, such tracing technology is in its infancy and its efficacy is still in question. For instance, Norway temporarily suspended its nationwide contact tracing app due to security concerns.  The app was gathering more data than was necessary to track the virus. As a result, Norway decided to delete all data collected by the app because keeping it constituted a disproportionate intrusion in citizens’ privacy. Ultimately, because contact tracing gathers so much information about an individual’s day-to-day activities, critics say that its use at scale could roll back years of privacy protection efforts that were meant to protect sensitive location data and keep people safe from governmental as well as criminal and other potential threats.

Contact tracing apps are not narrowly tailored to only track one’s contact with COVID.  They record an individual’s location and movement, making it difficult to keep the data anonymous. The surveillance technology is more intrusive than necessary to achieve the narrow purpose of tracking the spread of COVID “hot spots”. While it may seem important to share this information now, proceeding down this slippery slope implicitly gives the government the actual data and could lead to unauthorized mass surveillance.  In addition, the data is stored in centralized and mirrored databases that are susceptible to security breaches and make it likely that the data could be obtained and used not only by the government but by criminals as well.

In time, contact tracing methods can be developed to both serve public health and protect individual privacy. While governments and institutions have yet to find a solution that successfully balances these interests, we must safeguard individual privacy and not turn a blind eye to the rise of inappropriate or illegal forms of surveillance.