Coconet: How health security and individual privacy can go hand in hand

Here, transparency in communication is vital.

South Korea, in particular, had to learn that lesson the hard way. In January 2020, the government began posting the detailed location histories, including even personal information, of each person who tested positive for COVID-19. But internet users quickly exploited the disclosed patient data, publicly identifying and hounding these patients. The social stigma attached to the virus prompted the government to acknowledge that this measure, even if well-meaning, was an invasion of privacy that could also discourage citizens from getting tested.

To remedy this, health officials announced this month that they would refine their data-sharing guidelines to minimize patient risk. “We will balance the value of protecting individual human rights and privacy and the value of upholding public interest in preventing mass infections,” said Jung Eun-kyeong, director of the Korea Center for Disease Control and Prevention.

Privacy and health security: Can’t we have both?

Regardless of whether you trust your government with your data, there still remains the challenge of protecting public interest while protecting individual privacy during a public health crisis. Whether it’s collecting or publishing, personal health information is sensitive data. But in a crisis, ensuring public health is also essential.

But this in no way means that the government or the press have to reveal detailed personal data that’s irrelevant to stopping the virus’ spread. Governments should uphold the principle of data minimisation, identifying clear time-frames for data collection, and ensuring that collection is only to control the spread of the coronavirus. Insensitive collection and publishing of personal data might lead to stigma against those with COVID-19, and even patients under investigation.

One good recommendation to follow comes from the Electronic Frontier Foundation. In Thailand, WHO has come out with guidelines to prevent and deal with social stigmatization.

The bottom line is this: If the government cannot create trust and safety for the people, some citizens might conceal their infection to avoid discrimination and stigmatisation. This could lead to people avoiding screenings and testings, which will then lead to more, not less, infections.

Under certain circumstances, rights to privacy may be compromised for the public good. But protecting individual privacy, too, is essential to public interest.

Public health surveillance can be done for the planning, implementation, and evaluation of public health practice. In 2017, WHO published its guidelines on ethical issues in public health surveillance. The guidelines notably do not mention much on digital monitoring and collection of data, or even the use of individual digital data for purposes other than public health.

Security or privacy: What do the Thais have?

In various situations, one problem with privacy in the digital era is that we are not aware of being tracked in the first place. We do not know how much our data has been and is being collected.

This is currently the case in Thailand. After the government passed a decree on March 26, 2020 declaring a state of emergency to combat COVID-19, applications and platforms are now being used to track coronavirus carriers and suspected patients under investigation.

The Thai government announced that they will be using three main platforms to track down the infection:

• AOT Airports is an application that has been used before, but is now being modified to screen and monitor all travellers from at-risk countries who arrive in Thailand, to track whether they are following the 14-day self-quarantine measure.

• covid19.ddc.moph.go.th is a government website that regularly reports important information about the pandemic, such as the number of infected individuals.

• @sabaideebot on LINE Official is a government chatbot for people who have taken a COVID-19 test. Once users have received their test result and filled in their health status, they will be connected to the platform.

The AOT Airport app, while handy for travellers, can also be used to track their whereabouts.

With these three platforms, there is a risk that too much personal data is being collected. AOT Airports, for example, asks for information that may be irrelevant to tracking COVID-19 cases, such as all third-party accounts from Google to Line. This data is also at risk of being shared with third parties outside the government, such as private tourism and trading agencies.