Privacy and Mass Electronic Surveillance in Times of COVID-19

Covid-19 (Google, Apple) contact detection app on smartphone; Photo by Markus Winkler via Unsplash

In a new research paper, WJP's Tatsiana Ziniakova explores the implications for privacy and mass electronic surveillance in times of COVID-19. Read the full paper here, and review a summary and highlights below.

COVID-19 is one of the first pandemics to occur in the digital age. Although the world has already faced SARS, H1N1 influenza, MERS, and Ebola, the global scale of the COVID-19 outbreak remains unprecedented, claiming hundreds of thousands lives worldwide. While some technologies allow the quarantined world to remain present virtually in classrooms and conference rooms, digital surveillance and other tech-based responses to the pandemic raise a host of complex human rights issues, including new threats to the right to privacy.

States across the globe are resorting to drone surveillance, facial recognition technologies, contact tracing and quarantine-enforcement apps to contain COVID-19. The Chinese Alipay Health Code app rates users' health status to determine who is or is not allowed to board public transport. A Russian Social Monitoring app demands selfies from users as proof of following self-isolation rules, issuing automatic fines to those failing to react promptly. Mobile applications for contact tracing are rolling out in dozens of countries—from highly controversial ones in India and Iran to more privacy-oriented ones in South Africa and Austria. Drone and camera surveillance is extensively used worldwide. Now that masks have become the new normal, facial recognition technologies are evolving to identify mask-wearing individuals, spurring privacy concerns further.

While the COVID-19 crisis exacerbates threats to a number of fundamental rights, pandemic-related surveillance does not exist in a law-free zone. The right to privacy, enshrined in international human rights instruments and fully applicable in the digital age, does not cease to be protected in times of a pandemic. International human rights law already provides states the toolkit for regulating emergencies through derogations from and limitations of the right to privacy. States resorting to tech-based surveillance measures during the pandemic are expected to use this toolkit responsibly.

The derogation mechanism presupposes the existence of a life-threatening and nation-wide emergency and requires the derogating state to follow certain procedural steps of declaring the derogation. Derogations are a mechanism to be employed in extraordinary circumstances and only for as long as such circumstances continue to prevent states from fully implementing human rights. Derogating states are expected to proclaim a state of emergency; make a formal notification of their intent to derogate; ensure that derogation measures meet strict tests of necessity and proportionality; guarantee that derogation measures do not interfere with other international human rights obligations; guarantee that derogation measures are applied in a non discriminatory manner; and uphold non-derogable rights.

While the COVID-19 pandemic can clearly qualify as a life-threatening emergency, at least in states most critically affected by the outbreak, the adherence to a derogation mechanism often remains unrealistic. Even states that announce a state of national emergency often do not opt for going through the fairly complicated procedure of derogating from human rights on the international level. Derogations are a useful tool of ensuring that limitations on human rights are time-bound and limited to the pandemic emergency, rather than routine intrusive practices. However, the failure of states to make use of the derogation mechanism does not mean that the pandemic responses, including those affecting privacy, are not subject to international human rights law regulation.

Limitations on human rights is another mechanism that could be employed by states when regulating their COVID-19 responses. The threshold of using limitations is lower than that of derogations. Human rights can be lawfully limited even in times where no pressing life-threatening emergency exists. That does not mean that limitations on human rights have no reasonable boundaries. To the contrary, surveillance measures introduced to fight COVID-19 must cumulatively satisfy the following criteria to be considered lawful:

Legality
The measures in question must be adopted in accordance with law. This means that surveillance must be clearly sanctioned by domestic law of the state practicing it. However, merely documenting the surveillance measures on paper will not be enough to satisfy this criterion. The law introducing surveillance measures must be foreseeable—that is, sufficiently precise to give citizens an adequate indication as to the circumstances in which public authorities are empowered to resort to any surveillance measures. In the COVID-19 context, this means that individuals targeted by surveillance are entitled to know what information about them or their contacts will be collected, who will be able to access the information collected, and what are the limits on data retention.
Necessity
The necessity criterion implies that any surveillance measures must address a pressing social need. While there is hardly a disagreement as to whether the COVID-19 pandemic would qualify as such, the necessity of keeping surveillance measures in place post-COVID to prevent future pandemics is more debatable.
Proportionality
The balance between the ends and means of surveillance is critical. If surveillance measures are ineffective in handling the pandemic and detrimental to individual privacy, they would not satisfy the proportionality criterion. Massive privacy intrusions must not be justified by marginal improvements in containing the pandemic. The limitations on the right to privacy must represent the least intrusive option among those that might achieve the desired result.

Emergency situations, as unpredictable and destructive as they are, should not be used as windows of opportunity to strengthen states' grip on fundamental rights. The attempts to enhance surveillance measures to the detriment of privacy should be met with scrutiny and skepticism. The rhetoric of "extreme times requiring extreme measures" may be easily used to justify Orwellian approaches of handling the pandemic. Perhaps, it is indeed naive to think that "once the smoke is cleared," the surveillance will cease completely. After all, the practice of mass electronic surveillance was a pressing issue long before COVID 19. The pre-pandemic world, as famously revealed by Edward Snowden, was far from a privacy haven. The post-pandemic world may escalate privacy concerns even further.

To avoid this scenario, states and corporate entities developing surveillance capabilities should be held accountable to human rights standards of legality, necessity, and proportionality. The transparency and oversight of surveillance measures by domestic and international actors are crucial. The inherently false trade-off between privacy and health, where only one option could be chosen, should be rejected. Citizens should not settle for anything less than fully effective pandemic surveillance systems that also respect privacy.

The rule of law in any given country rests on the notion of trust in the government. The ability to handle a public health emergency without sliding into a Surveillance State Panopticon is an essential element of such trust. Decisions states are currently making on how to proceed in fighting this digital age pandemic will undoubtedly shape the rule of law landscape of the future.