COVID-19 and Privacy in Asia
COVID-19—the infectious illness caused by a newly discovered coronavirus—is currently everyone’s top concern, given its alarming rate of transmission and the growing number of deaths and confirmed cases every day. As early as March 11, 2020, the World Health Organization (WHO) already declared COVID-19 a pandemic, or a global outbreak of disease. As of this writing, the virus already spread to 201 countries and infected more than 575,000 people. It has led to the imposition of travel bans, work stoppages, temporary business closures, and class suspensions, forcing people to stay at home and avoid direct physical contact (i.e., social distancing).
While the authorities of affected countries try to control the disease, they are also faced with the huge burden of keeping personal data—particularly, those of infected or suspected to be infected individuals—safe and secure. From the looks of it, they have dealt with the problem in different ways, with varying degrees of success. Below are some of the Asian countries affected by the virus and an overview of how they’ve handled it while addressing individual privacy concerns:
Singapore. In Singapore, where 732 persons have tested positive for COVID-19, the government gives a regular update on the number of cases on its website. There, it discloses the sex, nationality, and age of patients, and, when relevant, the country/ies they have been to and large gatherings they have attended. Local authorities conduct contact tracing through the digital signatures of persons suspected of having the infection. Since Singaporeans are heavy users of digital technology, it is relatively easy to track their digital transactions (e.g., use of credit cards, ATM withdrawals, etc.). Singapore’s data protection authority, the Personal Data Protection Commission (PDPC), has advised organizations that they may collect personal data of visitors for purposes of contact tracing, even without consent, since the outbreak qualifies as an emergency that threatens the life, health, or safety of other individuals. It reminded them, though, to still comply with the data protection provisions of the country’s Personal Data Protection Act. According to Dr. Leong Hoe Nam, an infectious disease doctor, they did not encounter privacy issues since people cooperated willingly with local authorities in the conduct of contact tracing.
China. China has recorded more than 82,000 COVID-19 cases. As the epicenter of this outbreak, it has managed the spread of the disease through the use of artificial intelligence (AI) and big data. For instance, apps like WeChat and Alipay are being used to track people’s activities. Devices, such as drones, have been developed by tech companies to implement temperature monitoring for large volumes of people. Residents are also being required to register their names and confirm their identities before they can avail of certain services (e.g., public transportation) or when purchasing medical supplies from pharmacies. Those who do not cooperate may be denied services. In one QR system, color coding has been implemented, such that citizens are assigned a color to indicate if he or she is allowed to travel. An app has also been developed for users to confirm if they have been on a train or plane with a person who has the virus. Meanwhile, Baidu, a Chinese search giant, created an online map showing the location of patients and suspected victims in real time. One reason the country has been able to allow the proliferation of such a wide range of technologies with different data processing capabilities is the absence of strict laws on data protection. This has promoted privacy practitioners to emphasize that data collection should always be balanced with data protection.
Indonesia. Indonesia now has more than 1,000 COVID-19 cases. The first two confirmed patients claim they have been subjected to stigma and attacks on social media after their identities were exposed. They say the attacks are worse than having the disease. Apparently, they only discovered that they had COVID-19 when President Joko Widodo announced it publicly. Their initials, age, home address, and even photos, circulated via WhatsApp groups and social media, although it is unclear where the information originated. Messages also included their symptoms and their activities since the time they supposedly contracted the virus. Reporters visited their home address, trying to take their pictures. False accounts have also been going around as regards how they supposedly acquired the disease. Indonesia does not have a privacy law providing adequate guidelines on the proper processing of personal data. In the wake of the privacy breach, Institute for Policy Research and Advocacy researcher, Wahyudi Djafar, has urged for a discussion on the drafting a data protection bill.
From these accounts, it is clear this pandemic is not only a major test of each nation’s resiliency, but also a good gauge of how they value individual privacy. So far, it appears that privacy breaches in times like this can lead to more damage, more harm on the affected population. And while it is true that massive data collection is essential to contain this type of problem, it could also pose a more significant threat in the long term if there is no transparency and significant uncertainty as to how the gathered information will be used. Strong privacy laws are therefore more crucial than ever before.
In the domestic context, local authorities will continue to deal with more unique privacy issues as it tries to rein in this health crisis. Government bodies, business owners, and other stakeholders should already anticipate what these potential issues will be, and be ready to act accordingly. Our laws may not always have a definite or concrete answer to every issue, but there are enough fundamental privacy principles in existence to help us navigate even the most difficult challenges this crisis can conjure.