At the end of March, the U.K. government published an article on its healthcare technology blog titled ‘The power of data in a pandemic’. The post outlined plans to aggregate data from across the National Health Service (NHS). This included 111 online/call centre data from NHS Digital and COVID-19 test results. It intended to “integrate, clean, and harmonize [it] in order to develop the single and reliable information that is needed to support decision-making.” To achieve this it would provide ministers and public health organizations with a “live view” of the crisis. Proposals to utilize personal data, from hospital health records to contact tracing apps, in the fight against coronavirus have been unveiled across the U.S. and Europe. In numerous Asian countries, these plans are already a reality.
It is undeniable that the use of personal data is critical in organizing an effective and adaptable response to the pandemic. Personal data can enable effective policy-making, resource allocation, and limiting further spread of the disease. Indeed, the West only has to look to the success of countries such as South Korea to see how valuable personal data is in coordinating a successful reaction. However, the rush to collect and aggregate this data has sounded alarm bells in Europe and America. These regions historically prize individual privacy. Concerns surrounding the long term repercussions of data use to fight coronavirus are legitimate. Questions must be raised over data privacy laws. Can they keep up with the powers granted to tech firms to adequately protect personal information? What would happen in the case of a data breach?
By necessity, governments are working with a range of big data and tech companies. These companies already have access to vast amounts of personal data worldwide. Is it right to increase their power by essentially granting them a monopoly on health data too? Finally, the pandemic will strengthen the relationship between these companies and governments. This increased reliance on tech firms and the surveillance technology they provide may be a difficult trend to reverse after the pandemic is over.
NHSX (the NHS’s digital innovation arm overseeing the U.K.’s data pulling program) has reassured the public over privacy issues. It has stated that “all NHS data remains under NHS England and NHS Improvement control.” However, this data will be handled by two third-party data companies. These are U.S.-based Palantir and U.K.-based Faculty. Although it will be anonymized, this data is sensitive and confidential.
A source from inside Whitehall has raised concerns about the “unprecedented” volumes of confidential health data being used in the program. They claim it is being rushed through with inadequate attention paid to data protection, ethics or privacy. Moreover, the official plan on how the datastore will be launched has illustrated that documents were accessible through an unrestricted portal. While these documents did not contain any confidential information, it amounts to a “shocking data breach” according to the Whitehall source. It is therefore understandable that the speed with which these programs have been designed has left many privacy experts concerned. They fear the details will have been overlooked, and loopholes will be found in existing data protection laws.
Apple and Google, two tech giants who have historically been at loggerheads, recently announced that they are joining forces in the fight against coronavirus to create a contact tracing app. The app will rely upon Bluetooth to exchange data between phones. It will also notify those who have been near anyone who has started showing symptoms. Apple and Google have reassured concerned privacy advocates that the use of Bluetooth negates the need for location data. Hence, the technology cannot be used for tracking individuals. For the app to be effective, however, a significant proportion of any given national population must voluntarily download the app. This gives the tech giants control over vast amounts of personal health data.
Both companies have been using apps to collect first and third-party data for years. This has provided access to both law enforcement agencies and data brokers. Although their intentions may be good, it is impossible to foresee what the long-term consequences will be. This may be true, unless strict controls are implemented on what data can be collected and what tech companies can do with it. Furthermore, downloading the app will require permanent changes to device operating systems. Although Apple and Google promised that the app will be disabled at the end of the pandemic, they gave no indication of how this will be defined or a timeframe. This has raised concerns that devices may be monitored for far longer than is necessary.
Regardless of privacy issues, more questions must be asked. Is it right to give tech giants such as Apple, Google and Palantir an increased monopoly on this data globally? Especially since they already control vast amounts of personal data. The U.K. government’s relationship with Palantir in particular has raised eyebrows. The highly secretive big data company was founded in 2003 by Peter Thiel, co-founder of PayPal and one of the Silicon Valley’s most outspoken Republican supporters. In 2016, he donated $1.25 million to Trump’s election campaign.
Palantir pitches itself as a government partner. In the U.S., it already works with the Department of Defense, the Army, the Marine Corps, the FBI, and the CIA to process data, visualize trends and track people. It has been reported that Palantir’s software allows law enforcement to enter a licence plate number and quickly surveil the vehicle’s past routes. In New Orleans, the software is enabling ‘‘predictive policing,’’ which has seen a rise in the monitoring and arrest of people of colour.
Recently, Palantir has come under heavy fire for working with Immigration and Customs Enforcement (ICE). ICE uses its software to aggregate data on undocumented immigrants. It also reportedly played a role in workplace raids which saw 280 arrests. Palantir’s high profile partnerships mean that they already handle huge quantities of sensitive and confidential data. In addition to working with the U.S. and U.K. governments to tackle coronavirus, they are allegedly pitching their services to other European countries (including France and Germany). Hence, its access to confidential data is only expected to increase.
The thought that relationships between governments and tech companies will be strengthened, in the race to coordinate a response to COVID-19, is concerning. Ministers are becoming increasingly reliant on surveillance technology, and governments are being given permission to access personal data held by tech firms. With this in mind, we must seriously consider what precedent this sets for after the pandemic. The Electronic Frontier Foundation has warned that as “governments around the world demand extraordinary new surveillance powers” to fight the virus, we must act with care. Close attention must be paid to the new and reinforced relationships between public bodies and private companies. Having worked with Dominic Cummings on election modelling during the campaign, Palantir already has close ties with the U.K. Conservative Party. Thus, the crisis has the potential to solidify their position at the core of the U.K. government.
Governments worldwide have been moving toward using AI and surveillance technology for years. A 2019 report from the Carnegie Endowment for International Peace found that 75 out of 176 countries globally are actively using AI technologies for surveillance purposes. This includes safe city platforms, facial recognition systems and smart policing.
For example, Marseille in France is running the Big Data of Public Tranquility project. This aims to reduce crime through a large public surveillance network. In the French town of Valenciennes, a ‘‘safe city” model has been tested, using an intelligent command centre to detect crowd formations. Organizations, including the UN, have already cautioned that there is very little clear ethical guidance on what is acceptable governmental use of surveillance technology and AI.
Public safety is no doubt paramount. However, a balance must be struck between using data to protect citizens and violating privacy. Experts are rightly fearful that the pandemic may allow the balance to tip in a way that will be difficult to retract. This is especially true if it enables big data companies to further embed themselves within government decision-making.
In the context of a global pandemic, personal data must be used if it will save lives and limit the burden on our economy and health systems. However, given the vast power and influence that data companies already hold worldwide, safeguards must be put in place. These are essential in preventing data monopolies being created and to protect the privacy of individuals in the long term. The race to coordinate an effective response means that there is a real possibility that privacy concerns will be neglected until it is too late.
We have learned from past scandals that the law surrounding data privacy is often hazy and cannot keep up with rapid technological innovations. These scandals include both data breaches and the unauthorized commercialization of personal information. As Yale Law School’s Michael Kwet astutely remarked, companies such as Apple and Google “have come to dominate the smartphone software ecosystem, and …have spent years spying on users and enabling consumer surveillance in their app stores. In the world we built, we now have to weigh the fate of our lives and economy against trust in [these companies], the ad-tech industry they support, and government intelligence agencies … this is a nightmare.”
- SAGE And The Truth Behind ‘The Science’ - May 3, 2020
- Coronavirus Profiteers: The Pandemic And Organised Crime - April 27, 2020
- In The Philippines And Elsewhere, Coronavirus Is Enabling Human Rights Abuses - April 13, 2020