What's the problem?

Almost four months after the COVID-19 outbreak was declared a global pandemic, governments around the world are still scrambling to stop its spread. From lockdowns, to school closures, travel bans and beyond, almost every country across the globe has implemented varying measures that have affected billions of people.

Many have enlisted the use of digital technology. But digital rights advocates and privacy experts are worried that these rushed measures introduced namely to monitor infections, including digital tracking initiatives and physical monitoring, are merely methods of mass surveillance that constitute digital rights violations.

The human rights organization Amnesty International's Security Lab released a report earlier this month warning about so-called contact tracing applications developed by several countries to track infections. 

"Governments across the world need to press pause on rolling out flawed or excessively intrusive contact tracing apps that fail to protect human rights. If contact tracing apps are to play an effective part in combating COVID-19 people need to have confidence their privacy will be protected," said Claudio Guarnieri, the head of Amnesty's Security Lab.

Apps on the rise

Contact tracing apps have been increasing over the past few months and have come with their fair share of scrutiny. These apps track individuals, using either GPS, Bluetooth - or both - and make them aware of whether they have crossed paths with anyone who has tested positive for the virus. The app then asks them to quarantine.

Digital privacy website, Top10VPN.com, has a live tracker documenting new measures introduced in response to COVID-19 that they say "pose a risk to digital rights around the world." Their key findings, last updated in early June, show that contact tracing apps are being used in 28 countries, 14 of which are in Europe.

Although most countries in Europe may be in better positions regarding privacy and collation of data due to the General Data Protection Regulation (GDPR) which gives individuals more power to demand companies let them know, or even remove, the personal data they hold, rights groups say many centralized tracing apps still neglect privacy rights.

In early May, Hungary, which had been put in a "state of danger" by Prime Minister Viktor Orbán giving him sweeping power, revealed measures to suspend parts of the GDPR rules, meaning people no longer had the right to access and erase personal information.

In early June, Amnesty's investigations found that Norway's 'Smittestopp' contact tracing app "stood out as among the most alarming mass surveillance tools," by carrying out live or near-live tracking of users' locations and uploading GPS coordinates to a central server.

By mid-June, the country's data protection agency, Datatilsynet, issued a warning that it would stop the health authorities from handling data collected via Smittestopp, because it was too invasive of privacy. The app has since been suspended.

Similar cases were evident in other European countries, including the UK, where proposals for national, centralized apps shared data without permission. They were subsequently taken back and not launched.

In several countries including Germany, Austria, Finland and Italy, mobile operators were also shown to be sharing aggregated location data with health ministries, raising concerns over privacy rights.

Apps in Russia and Poland, among others, were compulsory to download and forced users to take selfies at home when prompted. The photos would then be sent to police officers to show that citizens were complying with isolation rules and staying at home if they were infected.

Alternative digital tracking

As well as contact tracing apps, other highly invasive digital tracking and physical surveillance measures, such as facial recognition, surveillance drones and extensive CCTV networks were implemented in several European countries.

In France, surveillance cameras appeared in early May during the nationwide lockdown. State-owned public transport firm, RATP, had teamed up with image analysis startup Datakalab to see how many travelers were wearing masks on public transport.

Although the company said it respected privacy laws as images were not stored or shared, France's data privacy watchdog CNIL said that while the technology was well-meaning in its intent, the artificial intelligence empowered surveillance falls short of respecting Europe's stringent laws on data protection, as consent was not sought.

"Their uncontrolled development poses the risk of generalizing a feeling of surveillance among citizens... which could be detrimental to the proper functioning of our democratic society," the CNIL said.

In other measures reminiscent of futuristic movies, surveillance drones were deployed in countries including the UK, Belgium, Spain, France and Hungary, that monitor people. In Belgium and Spain the drones even emitted a warning through the device's speakers urging people to respect social distancing measures.

Top10VPN.com's report found that these alternative digital tracking measures, including facial recognition, were active in 35 countries, 14 of which are in Europe. Physical surveillance technologies, meanwhile, are in use in 11 countries, five in Europe.

What's the worst that can happen?

More than 100 human rights groups across the world - including Amnesty International, Human Rights Watch and Privacy International - have signed a statement warning that increased state digital surveillance powers during COVID-19 threaten freedoms and violate rights. It adds there is also a risk of such measures becoming permanent, even beyond the containment of the virus.

"The recent past has shown governments are reluctant to relinquish temporary surveillance powers," said Rasha Abdul Rahim, the deputy director of Amnesty Tech, in a statement. "We must not sleepwalk into a permanent expanded surveillance state."

A key concern for privacy experts is that any measures implemented during the coronavirus crisis remain exceptional. The European Digital Rights (EDRi) organization, an association of civil and human rights organizations from across Europe focusing on freedoms in the digital environment, has called for exceptional measures taken during the crisis to be reviewed at short intervals and reassessed once the crisis eases.

Diego Naranjo, head of policy at EDRi, tells CGTN Europe that "it is quite a concern regarding if the apps will be ever turned off."

"We see a similarity in a way with the so-called 'war on terror,' where it is an endless war," he says. "There's always a new enemy, a new terrorist attack that could come up, and we can see the same and even probably more based on evidence in this case."

The unpredictable nature of a pandemic is another problem, according to Naranjo.

"Because we could have a second wave, we can have new pandemics coming up, and I can imagine even well-intentioned governments saying, 'just in case, let's keep the data for longer, let's not delete the app, let's actually increase the surveillance just in case for the common good.' So I think that that's a clear concern," he says.

What do the experts say?

According to Top10VPN.com, of the 47 apps currently available globally, over half do not disclose for how long they will store users' data. Over 20 percent of the apps have no privacy policy at all.

For digital rights experts, these statistics are a worrying indictment of the length and depth of the exceptional measures taken by governments to fight the spread of COVID-19.

While many agree that the situation itself is exceptional and most of the measures are introduced with the intention of using innovation to stem the infection rate, experts say that if technology must be used, governments and private companies must comply with regulations. The European Commission and the World Health Organization have published guidelines to ensure that personal privacy is not compromised and that tech companies such as Google are not monetizing public health.

"These apps should use open source so we can see how the application works and what the app is supposed to be doing," says EDRi's Naranjo.

"One of the requirements we have been advocating is that these measures are temporary, that the data should be deleted and that the data should be stored in the devices, and not in some central server that the government can feel tempted to reuse. 

"It should not be shared with the police, for example, or even with the health services, unless you want that to happen. They should also be voluntary, no one should be obliged to use all of these apps."

Though this may be one solution to privacy concerns, some groups question whether technology is even needed, or should be considered vital, to minimizing the risk of infection. Some have pointed out, for example, that measures are limited as people who do not possess suitable mobile devices will be excluded.

Therefore, according to digital rights advocates, it is important that other measures that do not pose privacy threats are used even more widely.

"It seems clear to most researchers that these apps could help to some extent, but in the end we need to reinforce our national health services, we need to do a lot of [face-to-face] contact tracing with people, with well-informed and prepared staff. And, generally, we should use some of the same precautions we did before, like washing your hands and avoiding large crowds and so on," Naranjo explains.

If technology is needed in certain cases, rights groups say they must be limited and proportional. 

"Increased digital surveillance to tackle this public health emergency can only be used if certain strict conditions are met. Authorities cannot simply disregard the right to privacy and must ensure any new measures have robust human rights safeguards," Amnesty's Rasha Abdul Rahim said.

"Wherever governments use the power of technology as part of their strategy to beat COVID-19, they must do so in a way that respects human rights."
 

Video editor: Natalia Luz

Read more: Should I Worry About... Gender-biased AI • Negative interest rates • Atmospheric ammonia • AI deepfakes • EU border policy • Children gaming • Knife crime • Trust in politics • Gang databases • Fast fashion • Flying during COVID-19 • Food shortages • RSI from working at home • Children and coronavirus • COVID-19 conspiracy theories • Catching COVID-19 twice • My dog during the pandemic • A second wave of COVID-19