Transcending Regulatory Role: Data Privacy Authorities’ Massive Influence in Establishing Public Trust in a Crisis

Members and observers of the Global Privacy Assembly’s (GPA) COVID-19 Taskforce, which the National Privacy Commission (NPC) chairs, has tagged contact tracing as the biggest area of challenge for data regulators around the world, more so as economies gradually open up and more tracking efforts are launched.

In his opening speech at the recent joint webinar of the Taskforce and the Centre for Information Policy Leadership (CIPL), Commissioner Raymund E. Liboro said that a survey conducted by the Taskforce showed that contact tracing and location tracking ranked as the most pressing privacy issue for many jurisdictions and organizations globally.

“As one of the new emerging challenges confronting us, contact-tracing applications pose questions on proportionality and transparency requirements, privacy issues on location tracking and surveillance, and whether privacy by design approach figured in the development of these applications,” Liboro said.

“Data Protection Reimagined: Digital Acceleration, New Emerging Issues and the Role of Privacy Regulators in the COVID-19 Era” was the title of the joint meeting where discussions revolved around how the pandemic has intensified the use and role of data to respond to the health crisis, as well as the evolving role of data privacy authorities.

“Our data subjects need us now more than ever. Our roles as data privacy authorities are significant in protecting individuals' personal information and fostering privacy rights, especially during this time,” Liboro said.

Guiding policy-makers

Liboro emphasized the critical role of data privacy regulators in preventing misuse of personal data, the collection and processing of which may go beyond what these were initially intended for if epidemiological authorities are not guided on the technical and practical approaches for using and safeguarding them.

“Regulators do not have to learn only the technical functionality of contact-tracing technologies, but we must also understand its effectiveness and impact on our data subjects. We must let them know that we are their guide in all matters related to data privacy and data protection,” he said, adding the NPC is closely watching local and international privacy-related developments.

“We are here to provide them with the most relevant bulletins, guidelines, and best practices for emerging data privacy concerns,” he added.

Dr. Caroline Buckee, associate professor for epidemiology at Harvard University, joined the CIPL-GPA joint meeting where she emphasized the need for policymakers to have more understanding of how to translate raw data into useful insights, narrowing the need for more data to only the important bits.

“We've seen a really interesting sea change where from January onwards, there were companies who really want to share data and policymakers want all the insights” Buckee said, citing the increased source of data such as from credit cards transactions and from the burgeoning ad tech industry.

“But there’s this massive disconnect because more data isn't always good. The data must be rounded in a very clear epidemiological goal and we need to understand how policy makers can use it and there’s a huge heterogeneity in the capacity of policy makers to take in data and use it in a sensible way. And we’ve seen that everywhere in low-and high-income settings where there’s this capacity issue on the policy end,” Buckee said.

Guiding economies to recovery

Singapore’s Personal Data Protection Commission Assistant Chief Executive Zee Kin Yeong, also among the discussants, encouraged governments to reexamine data protection principles, particularly the accuracy obligation, and find ways to make it more relevant for businesses.

“One thing that we’re starting to think harder about is how can we reinterpret the principle of accuracy obligation. I don't see too much discussion about it. We need to spend some time thinking of the importance of accurate data and encouraging businesses to use the right business intelligence tools to be able to get the correct insights. And how do we translate this accuracy obligation in a way that will resonate with the companies in this point in time who are trying to make good business decisions... so that they are able to get to the road of recovery and stay on the road of recovery,” Zee Kin said.

Zee Kin also told governments to begin looking at how to go about cross-border data exchanges in anticipation of international travels.

“As economies repower, and international travel comes to mind, what we need to start considering is how do we facilitate the exchange of data, a collaboration of contact-tracing efforts for international travelers, so that we can assist the recovery of our economies,” he added.

Public trust thru transparency

“Public trust is vital in effectively rolling out contact-tracing mechanisms and other digital solutions. Trust will only happen if our citizens are convinced that their data is processed fairly, lawfully and securely,” Liboro said.

A transparent data ecosystem is where the collection and processing purposes, risks, storage and disposal terms are laid clearly, he said, adding that collectors of data must abide by the agreed terms and seek new consent for future changes.

Where public trust is tarnished due to poor observance of data privacy and protection standards, privacy regulators should hold authorities and other authorized controllers accountable, according to the NPC chief.

Liboro also called on intensified collaboration as data privacy challenges were expected to rise amid the gradual opening up of the economy.

“We must continue creating knowledge and share best practices as a global community, and develop the confidence to declare to our governments and citizens that public health and personal data protection are on the same side in this time of pandemic,” the COVID-19 Task Force chair added.

# # #