Europe has traditionally been a leader in the area of data protection and privacy. For example, the General Data Protection Regulation (GDPR) has demonstrated this leadership by completely changing the legal landscape of data collection, data processing and data protection; significantly, it has been used as the basis for similar regulations in other jurisdictions. The regulation reflects the values held dear by European citizens – values that govern their everyday lives and shape their future.
Building on top of these values and the strong legal foundation, now, more than ever, we need to support novel technologies in the area of privacy. Indeed, the COVID-19 outbreak shows that we need to find a way to share location data in order to identify people who have come in contact with COVID-19 cases and help them to stay healthy. At the same time, it was clearly expressed that such sharing of location data must be carried out in a privacy-preserving way; otherwise, we run the danger of creating a surveillance society, an ever-present panopticon that would monitor the whereabouts of all citizens at all times – a virtual jail that would allow virtual “guards” to monitor European citizens as they come and go. The goal would be noble: to protect citizens’ health; the means could end up being a little better than digital slavery.
Privacy-preserving COVID-19 contact tracing seems like a contradiction: we want to know whether people have contacted other people with COVID-19 but we do not want anyone to know who contacted whom. This sounds like an impossible trade-off, an unsolvable problem. Fortunately, such problems do have solutions – even better, numerous European research activities are addressing them. Having realised the impact that data sharing can have during a pandemic, we believe that we should support scientific endeavours in this challenging field. To be more specific we need to support:
• Privacy-preserving data sharing could be used for medical/health purposes, such as COVID-19 contact tracing. Such sharing may also be needed in other fields, including scientific processing, research, secondary processing, epidemiology, etc.
• Privacy-by-design technological approaches. Do not let privacy be an afterthought. It should be included in the production process from the first design phases on. Such emphasis on privacy should also be taken seriously even in times of emergency, when privacy can easily fall prey to fear or demagogy.
• Privacy-enhancing technologies. Help European citizens protect their privacy when online. When people are online they leave digital “crumbs” that can be used to follow citizens all over the Internet. Like it or not, citizens frequently have no other choice: they need to provide their IP address in order to communicate, have to accept a cookie if they want to receive decent service from the web server, and have to be subjected to device fingerprinting if they want to access an online service, etc. Privacy-enhancing technologies can help users protect their IP address, protect their devices, protect their identity.
For more detailed insights:
• Deliverable D10.1: Clustering Results and SU-ICT-03 Project Concertation Conference Year 1
Target audience: • European Commission (DG CNECT) • ENISA