COVID-19 is one of the first pandemics to occur in the digital age. Although the world has already faced SARS, H1N1 influenza, MERS, and Ebola, the global scale of the COVID-19 outbreak remains unprecedented. While the “coronacrisis” re-opened a sorely needed discussion on the possible tech-based responses to global health emergencies,2 it could also be a perfect storm to undermine key elements of the rule of law. On one hand, new technologies allow states to cooperate closer than ever to curb the global epidemiological threat. On the other, they too easily can be used as tools to threaten fundamental rights,
access to justice, and accountable governance.
The purpose of this paper is threefold. First, it summarizes how privacy and surveillance are regulated by international law in the digital age and what the specific privacy regulations applicable to health data are. Second, it seeks to provide an overview of digital surveillance measures applied in times of COVID-19. Third, it seeks to outline international legal standards against which the lawfulness of COVID-related surveillance measures should be evaluated.
The key finding of the paper is that states resorting to surveillance-based responses to a global health emergency must frame such responses as limitations of or derogations from the right to privacy. Guarantees of international human rights law do not cease to apply in a pandemic and continue to protect individual privacy. To remain compliant with international human rights obligations, states must strictly follow both procedural and substantive requirements for introducing limitations or derogations, including the principles of legality, necessity, and proportionality. Using these well-established frameworks, the new pandemic-related
surveillance measures must be assessed against these standards on a case-by-case basis.