We are living in challenging times in practically all sectors, and privacy is no exception. Some are already proclaiming that life, as we knew it before the pandemic, has ended forever. In this context, the end of the right to privacy is also starting to become a possibility.
In practically every existing norm on data protection, personal data related to health is considered sensitive data —that is, specially protected data in terms of processing, collection, and disclosure. But also, most laws establish exceptions to the right to data protection in cases of public interest, to protect vital aspects required for the correct administration of public services, particularly those related to health. These restrictions to data protection rights must be supported by law in most jurisdictions.
We are facing a pandemic with a scope never seen before in modern life, where the central paradox is that, in a highly connected world, connections put us at risk of infection. Technology can be a crucial ally in the fight against the spread of the virus, and hardly anyone could be against using it to fight the pandemic. On the contrary, this is probably the primary weapon in the battle against the virus.
Collective Interest vs. Citizens’ Privacy
However, the problem here is presented by the clash between the collective interest to avoid news infections and the citizens’ private right to privacy. Existing technologies such as thermal cameras, geolocation in our smartphones, drones, wearable devices, or even the information of our purchases with a credit card, combined with artificial intelligence tools, can be very useful in detecting patients. These technologies can help in identifying people who were potentially in contact with confirmed COVID-19 cases. Health authorities can also use them to verify compliance of health orders, such as social distancing or quarantines.
Nowadays, from a Western perspective, and a human rights respect standpoint, it could perhaps be considered that it is an unacceptable individualism to oppose that governments can use these technologies to guarantee our survival. However, it is a threat to that, by relativizing the law to privacy in times of crisis, we are opening a door that we cannot close again later.
It is of grave concern a possible scenario in which governments could begin to violate fundamental rights to stop the spread of the pandemic, with arbitrary arrests, or with the identification of risk groups that may face monitoring, isolation, discrimination, or confinement. Also, the risk that inadequate treatment of this data could end up spreading it to the community, generating situations of collective persecution or violence against the supposedly infected people. Whoever doubts that crises are always a good pretext to relativize fundamental rights, please recall what it was like to travel on a plane before 9/11.
But perhaps the most significant risk, and what worries the most privacy advocates and professionals, is what the authorities and companies will do with this immense amount of information once the pandemic ends? Will we conceptualize the right to privacy in the same way once this situation ceases, or will we have irretrievably regressed on the matter? What guarantees do we have that the data will be deleted? In cases where governments say the data was anonymized, how do we know that it really was? The answer is simple: At this point, we have no guarantee.
And the additional and probably more deep question is: Will we conceptualize the right to privacy in the same way once this situation ceases, or will we have irretrievably regressed on the matter? I would like to be positive and believe that everything will be the same as before, but today, everything seems to lead us to conclude that privacy rights will be one of the great sacrifices due to the pandemic. In this, I hope I’m wrong.