My country, like many others, are starting to produce apps for people’s phones to help provide data on any Covid outbreaks and specify to individuals if they are at increased risk. While such strategies had already been applied in some countries that were able to sufficiently manage their own outbreaks over the last year, there are many concerns as to whether or not such apps may violate individual privacy rights.
In my local case, the app was produced by regional and Federal governments, and external privacy experts have come out and given their stamp of approval on our local app. Much of this approval came from their former experience being staunch monitors of privacy in the community, and the availability of open code that shows if any misdirection has been committed in the promotion of that app beyond being purely for the public good. This likely would satisfy the concerns of many that the developers have acted in good faith with regards to privacy. These tools are useful in the fight against Covid, and honest policymakers are essential in the effectiveness of applying such measures on the already weakened public.
Another layer in applying these apps is the imposition of the GDPR, the EU’s very assertively enforced privacy rules within the EU, outside of the EU and affecting all EU citizens. Many countries outside of the EU while creating these apps may have not considered how they might influence their citizens who may be protected by EU privacy laws, even outside of Europe. While many countries, like my own, have their own privacy laws in place, they often are not as protective of individuals as is the GDPR, and the EU has made a point to enforce their laws if it affects the EU or its citizens abroad. Individuals may enjoy having the external protection of the EU, as it takes the most modern approach to data privacy anywhere in the world. With the EU Commission watching over dual nationals in many countries, it is mostly a benefit to those individuals, while a burden on local governments that may want to play with privacy data of individuals.
Data and personal information has value, quite a lot of value, especially for marketing purposes and political campaigns. What could be a death blow to a prospective app may not lie in the code or honesty of the developers, but could come from the impression of good faith held by the public over those who commissioned the app in the first place. For example, if a government advises using an app, but were also found to be abusing, selling or purchasing private data for a client list for a campaign in another instance, the violation of trust over privacy in one area may sour the public on using an app recommended by the same policymakers. This could ruin an otherwise great and useful tool, because of a loss of trust by the public over their leaders.
A great policy conundrum becomes a reality in the scenario when such violations affect EU dual nationals of the country in question. It would be an interesting legal and political dilemma as the political party that broke the law in using private data for their campaign may now be sanctioned by the EU Commission over the violation of the GDPR. While such actions would give some amount of justice to those individuals who had their private information abused for the sake of an organization or party, it would also put an international government on the opposing side of a political party during a local election. It would be fascinating, but to avoid it, the powers that be should principally respect the privacy rights of its own citizens, it makes for better laws, policies, and may actually save a few lives in the process of making society more democratic.