The Use of Digital Health Technology during the Covid-19 Pandemic: Risk assessment in data privacy rights
Index
- Introduction
- Insights on Italy – Was the country legally prepared?
- The Italian legal basis for protecting fundamental rights in the use of digital data health
- Insights on Switzerland
- Legal Basis for the contact tracing app
- Insights on China
- Types of digital health technology used in China
- Comments on data privacy Rights
- Conclusion and recommendations: looking forward
Introduction
The COVID-19 pandemic prompted States to employ digital health solutions to mitigate the virus's spread, driven by the urgent need to minimize harm to citizens and the economy. However, amidst this rapid implementation, despite the existing legal framework, a gap in international governance has emerged, together with the lack of transparency and regulation in the international framework for digital health.
This issue needs discussion to identify gaps and establish equitable policies for safeguarding data privacy as a fundamental human right. The pandemic forced us into new scenarios where the regulation of Digital Health is still evolving and will become apparent with the utilization of new technologies. The implications of these developments will only become clear over the years and with clear analysis of its impacts. Consequently, in the aim to provide protection, the legal framework must adapt to prevent data breaches and other violations.
In this context of the rapid evolution of technology and the emergence in attending to the needs during the pandemic, it showed us that the legal framework should have been more robust in data privacy protection as a fundamental right. This holds not only at the national level within the EU but also on the international stage, where establishing standardized regulations remains challenging.
An essential part of this discourse is understanding how both States and private companies handle citizens' data, and what has been done to improve policy and regulation. This understanding is crucial for society to find solutions that protect data privacy and contribute to a more resilient and secure legal framework. This article intends to shed light on the countries of China, Italy, and Switzerland, explaining the main findings on regulations and likely gaps regarding new digital technologies in digital health and it impacts in data privacy.
Insights on Italy – Was the country legally prepared?
The despair of the pandemic, the lack of regulation was indeed a strike on different governments, as the population was heavily affected by the virus, the country urged to build protection and implement different strategies to stop the spreading of the COVID- 19. The number of deaths was increasing so fast that there was no place to bury the corpses, which is why some of them were lined up waiting for coffins to be buried.
In June 2020, Italy launched the "Immuni" mobile app as part of its pandemic response. This app, developed by the public company Sogei S.p.A., leverages Bluetooth technology for exposure notifications, without the need for geolocation. To maintain data integrity, only healthcare providers can authorize individuals who have tested positive for COVID-19 to upload their keys into the app, preventing fraud.
The Italian legal basis for protecting fundamental rights in the use of digital data health
The Italian Law enshrines basic rules to be followed based on well-known principles that can guarantee the legit use and the process of health data during the pandemic. Having the Health Minister as the controller of the data certainly upholds more confidence in the citizens.
However, the Italian Garante per la Protezione dei Dati Personali has published an evaluation of the app considering both technical and legal perspectives that were also mentioned in the Report of the European Union Agency for Fundamental Rights that assessed some potential measures that should be taken by the state to guarantee fundamental rights in the use of digital data health.
The GDPR is clear concerning the prerogatives the countries have in applying the restrictions to the fundamental rights, grounded in the public interest and in respect of the independence principle. The legal basis for the app's use is established in "Decreto legge 30 aprile 2020, n. 2830," Article 6, and the Health Minister's Impact Evaluation of Data Protection. It stipulates that the app serves the sole purpose of notifying individuals who may have been in contact with COVID-19-positive individuals, ensuring user health.
Moreover, the public interest in using health data for pandemic control must be demonstrated, aligning with the GDPR, which requires EU countries to define their specific public interest provisions for data privacy. Italy has modified data privacy usage per "Decreto Legge 110/2018," in line with GDPR recital 46, allowing data processing based on vital interests.
The government, in general, responded to the principles and well designed transparency in the use of the app, providing the code source, however during the launch, the regulation lacked a mechanism of redress procedures in the event of data misuse or leaks during the COVID-19 response. On 31/12/2022 the app was discontinued by the Government.
Insights on Switzerland
Switzerland, located at the heart of Europe, not only shares borders with EU countries but also maintains socio-economic ties that necessitate its collaboration with EU legislation, ensuring the free movement of people and goods. Being a part of the EFTA, Switzerland prioritizes its relations with the EU through various subject-specific agreements.
These agreements enable Switzerland to access various facets of the EU market, including research, environmental policies, and migration. It is essential to note that Switzerland did not cede legislative power. The Federal Act on Data Protection, effective since July 1993, aims to safeguard the privacy and fundamental rights of individuals during data processing. Despite the EU's GDPR coming into force in 2016, Switzerland has led the way in regulating data protection, establishing a robust legal framework.
Switzerland's division into 26 cantons means that federal and cantonal authorities share certain decision-making competencies. The Federal Act on Data Protection applies solely to data processing by private individuals and federal bodies, with each canton having its data protection act. The Federal Act specifies the subjects regulated by the federal government, leaving others to cantonal regulation.
In 2000, the European Commission determined that the Swiss Federal Act meets all EU requirements, protecting unlawful personal data processing. It acknowledged that Switzerland covers all legal standards and principles, even with exceptions for the defense of public interests.
Legal Basis for the contact tracing app
Switzerland implemented the SwissCovid app based on the Federal Law of Epidemic's Article 60a, accompanied by an Ordinance on the proximity tracing system for Sars-CoV-2 coronavirus and the Data Protection Statement of the Federal Office of Public Health. The app's use is limited to notifying individuals of potential contact with an infected person and is not for exploitation by law enforcement or intelligence agencies.
On 25th of June, 2020 launched the Swiss Covid app and it was the first country in the world to use the API Google and Apple technology. The app was developed jointly by ETH Zurich and EPFL Lausanne on behalf of the Federal Government. It also works based on Bluetooth approximation, in a range of 100m, random IDs are stored for 14 days. If a user tests positive for COVID-19, the cantonal authorities will assign a code, so this person can activate the function of notification in the app and notify people who might have been in close contact. The ID of the infected person is anonymous and the next step is to quarantine all the people in close contact within the previous two days before starting the symptoms.
The rights of app users are protected by the Federal Constitution and the Federal Act of Data Protection, making the statement an additional safeguard. The principle of consent is emphasized as the basis for lawful data processing, with the withdrawal of consent affecting data collection. During the pandemic, the Swiss government carefully approved the SwissCovid app, providing a detailed statement that aligns with the legal framework, ensuring the transparency required by both Swiss and EU laws. To enhance transparency, the country clarified the data collected in the Epidemics Act amendment before the app's release. Any measures taken should be proportionate, focusing on virus containment rather than citizen monitoring, in line with privacy recommendations.
Historical facts have indicated that to be efficient and deliver a fast response during health emergencies, global data sharing is crucial to develop vaccines, treatments, and also standardized procedures of testing, researching, and collecting data. Aiming to improve data sharing during the pandemic, the WHO has provided COVID-19 Open data sharing and reporting protocol to be applied during the current pandemic.
In a democratic society, technology for contact tracing should respect individual freedoms and collective well-being. Switzerland could have specified sanctions for misuse, damages, and third-party liability while maintaining the app's voluntary nature. Additionally, ensuring a safe transition to app interoperability is crucial, with legal redress mechanisms for misuse.
Nevertheless, identifying the party accountable in case of hack attacks, misuse of data or even leak of information would have been more difficult if taken into account that some companies are internationally based and could be using service providers from abroad, also in an attempt to avoid the authorities.
Insights on China
In comparison with Western countries, China has a more tech-driven approach. Currently, the use of a QR code to access public spaces and also if in contact with someone who tested positive a following quarantine procedure is applied to the citizens. However the big concern is about their citizens' data privacy rights – the state continuously controls data health and also geolocation.
For many years the Chinese population has been using a tech-driven governance approach and with the pandemic, the measures have increased exponentially, strengthening the surveillance in the country. The UN already published before the pandemic, a statement with more than 50 UN experts, detailing the gross violations of human rights happening in the country regarding mass surveillance issues and threats to data privacy, however, the Chinese government just responded as this being a gross interference in their domestic affairs.
As with any measures during health emergencies, inclusiveness and proportionality should be taken into account by the governments to not create more social inequality but instead, promote equality and a state that protects its citizen's rights and freedoms. Despite it, the use of the application should be voluntary and not mandatory, otherwise, inclusiveness is not guaranteed, preventing for example, elderly people from continuing with their daily lives without disadvantages and nevertheless, imposing citizens to act in a certain way that goes against the Rule of Law and Democracy.
Despite being a basic service in developed and developing countries, only half of the world population has access to the internet which leads to the fact that any measure based only on the internet or mobile phones, in some countries, will not be an inclusive measure and will contribute to the increasing inequality gap. This is also a concern about contact tracing apps, the apps should not be the only manner to contact trace individuals who have been in contact with individuals who tested positive for COVID-19.
Types of digital health technology used in China
A) The Use of Medical Robots at Wuhan Thunder Mountain Hospital
From March 2020, Wuhan Hospital has employed a cutting-edge medical robot, leveraging AI and 5G technology. This innovative robot boasts seven showers for automated disinfection and has the capability to navigate between different facilities, transporting medical equipment and medications. Operating for eight hours on a single charge, each disinfection cycle meets the stringent standards required for surgical rooms. Consequently, healthcare workers can safely handle medical supplies after the robot has sterilized them. Additionally, the robot can disinfect an impressive area of 120 square meters per minute and conduct two disinfection cycles daily.
B) 5G Thermal Image Sensors
Utilizing 5G thermal image sensors, temperature measurement becomes seamless, even in scenarios where individuals are wearing masks. These sensors also enable real-time facial recognition without disrupting traffic flow, making them ideal for use in public gatherings. Furthermore, remote-controlled robots equipped with these sensors can simultaneously measure the temperatures of up to five people, swiftly identifying any anomalies.
C) Hospital on Cloud
During the "AI for Good" Global Summit webinar on April 9th, 2020, China showcased its digital health strategies, including the implementation of a groundbreaking initiative known as the Hospital on Cloud. Developed since 2014, this project was swiftly realized within a remarkable ten days at the onset of the pandemic. Designed exclusively for COVID-19 cases, the hospital caters to patients in various stages of the disease. By harnessing cloud computing and integrating 5G technology, the hospital incorporates diverse databases, including Hospital Information Systems, Laboratory Information Systems, and picture archiving and communication systems. Multiple servers ensure data security and reliability, facilitating seamless information exchange with nationwide hospitals via standardized interfaces and data formats.
However, while this initiative offers promising benefits in terms of application development and data sharing, there are concerns regarding data privacy rights. Without transparent governance and defined boundaries on data usage, there exists a risk of infringing upon citizens' privacy rights. Despite China's significant contributions to international cooperation in combating COVID-19 and leading vaccine research, concerns persist regarding the escalation of surveillance and suppression of human rights defenders. The prospect of making surveillance apps permanent raises further questions about privacy and individual freedoms.
Comments on data privacy Rights
In summary, while technological advancements have played a pivotal role in controlling the pandemic, it is imperative to balance public health imperatives with respect for privacy and human rights. International cooperation and transparent governance are essential to navigating these challenges and ensuring a future that prioritizes both public health and individual liberties.
More transparency should be applied not only regarding the laws but also regarding the technologies that are being created - through open source, for example, a mechanism that helps other scientists to double-check the codes and also improve them. Digital health tools should be implemented to create a safe environment for citizens to mitigate the aftermath of the pandemic and to strengthen democracy and individual freedoms.
With more proportional and transparent laws, the measures will ensure fairness in the use of digital data health and tech-driven approaches. What can be seen in the world is what can be called the technological division, one of the biggest problems in implementing digital health technology and not taking into account how much unevenness it could cause in the long run.
Conclusion and recommendations: looking forward
Together with social equality, another issue that can be analyzed is the acceptance of digital health for low-medium incoming countries. As can be noticed, developed countries can be the firsts in the technological race and open calls for private companies that are developing software.
However, as some researchers have shown, the current digital health is based on data, and decreasing the cost of digital health technologies could engage in making it available for low and middle-income countries. The policy approach should envisage this inclusive policy as a mid-term goal, at least, as what is at stake right now is to contain the virus and its effects on society.
How Global Governance will manage to promote policies that can tackle the balance between the digital divide and implementation of digital health, bearing in mind the necessity to protect privacy rights is still unseen but some initiatives can lead to a safe way to conduct an ethical use of the digital health, where all layers of society can benefit from the new technologies. Promoting long-term digital social programs would increase the digital literacy of the population of least-developed countries and also legal provisions for companies and third parties would safeguard private rights without compromising the objectives to fight the pandemic.
The advance of technology and the use of digital data health during the pandemic should not represent a threat to data privacy rights and other fundamental rights, instead should represent a milestone for both legal and scientific fields which finally should walk together to build a trusting and sustainable environment for developing new technologies, promote democracy and avoid intrusive mass surveillance measures. Therefore, a global initiative to guarantee privacy rights with a transparent approach to data processing, together with the respect of ethical principles should be the right approach to tackle the pandemic all together and prepare the society for the future, based on fairness and trust.
In this sense, it is essential to demand from governments proper legislation for anonymization of the collected data during the COVID-19 pandemic and also to establish a legal framework with a full description of the procedure for cross-border data sharing, including criminal sanctions. All of these points lead the discussion to the decisive role of international cooperation. Fair cooperation is the priority of the solution to this current crisis, plus bearing the data privacy and building a solid action plan that can also be used in the future to promote the continuous advancement of Privacy Law.