Transparency: Key in leveraging contact-tracing apps
“
Governments and private sectors worldwide must continue to embrace the building of trust as the primary strategy in their fight against COVID-19.
As countries adopt contact tracing as a tool for containing the spread of the novel coronavirus, it behooves us at the National Privacy Commission (NPC) to guide health authorities and their authorized counterparts in balancing public health and data privacy rights.
A webinar recently held by the COVID-19 Task Force of the Global Privacy Assembly (GPA), which I lead in my capacity as NPC head, could not have come at a better time.
An international association of data privacy regulators and advocates, the GPA created the task force to guide 134 member jurisdictions and observers in responding effectively to the pandemic while continuing to respect citizens’ data privacy rights.
The webinar on 6 July, the first to be conducted by the GPA task force, revolved around the leading contact-tracing solutions around the world.
The discussants were the two top engineers from Apple and Google. They developed the exposure notification application for contact tracing, as well as the Information Commissioner’s Office UK, the Federal Data Protection and Information Commissioner of Switzerland and the Personal Data Protection Commission of Singapore.
Each elaborated on their technologies’ methods and operability, and how they helped achieve speedier and easier contact tracing.
The discussants agreed that transparency must be at the heart of contact-tracing technologies.
Many emphasized that applications must give users the confidence that they remain in full control of their personal information.
We at the NPC continue to emphasize that transparency is vital throughout the data-processing cycle, and it must be evident at the beginning of the process.
Applying transparency and privacy-by-design principles during the development of an app will ensure that an individual fully knows how it works and, more importantly, how the data is going to be secured even before he or she gets on-board by downloading these apps.
The duty of a personal information controller (PIC) to be transparent must be demonstrated right at the beginning and primarily shown through its privacy notice.
Transparency is reflected in the nitty-gritty of the nature, purpose and extent of the processing, the associated risks posed by the collection and purpose/s, the safeguards in place, retention of the data, and how data subjects can exercise their rights, among other requirements.
Another criterion for determining transparency is the clarity of the privacy notice, consent form, or terms and conditions of use. PIC, hence, must use simple and clear language that is easy to access and understand. These should free data subjects from the burden of deciphering the real intent and reading between the lines.
We at the NPC continue to emphasize that transparency is vital throughout the dataprocessing cycle, and it must be evident at the beginning of the process.
At the NPC, we remain in close coordination with the Department of Health (DoH) in this pandemic.
The Commission continues to offer recommendations on best practices the DoH can adopt to ensure its efforts in harnessing digital solutions not only to contract trace, but generally to respond to COVID-19. We want them to comply with data privacy principles, but also importantly, be successful in our mission to defeat the deadly virus.
In the wake of a series of data breach incidents over the past weeks, people are understandably skeptical about disclosing their data to authorities.
To break these barriers in data collection and further contact-tracing efforts, governments and private sectors worldwide must continue to embrace the building of trust as the primary strategy in their fight against COVID-19.
Here, if we put transparency at the center of our contact-tracing efforts, we will be able to truly achieve our goal of healing and winning as one.