OPINION. In its fight against Covid-19, China makes intensive use of the personal data of its people, while the EU doesn’t – yet. Big data analytics “for the common good”, including large-scale monitoring of population movements and identification of potential cases is a significant innovation in the management of this epidemic. This should be done, but with privacy in mind.
Because of this pandemic, the question of privacy limitations for the benefit of the general interest arises in a new form, the answer to which could influence our reluctant western democracies. As China’s passed the first wave of the Covid-19 infection, we should consider its solutions. Instead of hastily dismissing them for being “Orwellian”, Europe could profit from adapting them according to its own ethics and protective laws.
Note: I’ve written a law review article on China Data Privacy Laws, which might interest you.
The use of personal data in China against Coronavirus
To finally achieve this improvement in the health situation, China drives its people to make major sacrifices. While we mostly pay attention to containment measures, Chinese residents’ personal data play a decisive role in the fight against the coronavirus. The use of big data makes possible to monitor population movements and assess the risks of contamination. The precision and volume of data thus make it possible to predict the spread of the virus and to act accordingly. It’s way to use personal data as a weapon against the pandemic, although it’s a different situation than the weaponization of personal data by a government against another.
Alipay, a leading mobile payment application owned by the giant Alibaba, has launched the Alipay Health Code in several cities, which estimates the potential contagiousness of its users. A green score will allow you to take the metro or enter a shopping center. But if you get a red or orange code, you will have to report and place yourself in quarantine. The calculation of this score is opaque but would be based on the movements of people and their proximity to proven cases of coronavirus. Other examples of personal data processing allow users to see on a map the areas where confirmed and suspected cases are located, or to know if they have taken the same plane or train as an infected person. Large-scale data collection is also observed in pharmacies and transport. There, people have to enter their identity in order to be able to buy medicines and tickets.
This technological development effort participates in building databases giving the Chinese government a detailed vision of population movements and risk of contagiousness. China’s President Xi Jinping clearly announced, on February 14, his goal to increase the use of big data and artificial intelligence to prevent and fight epidemics. While facial recognition technologies would now make it possible to identify individuals despite a protective mask, some observers warn that the Covid-19 may reinforce the surveillance capacity of the Chinese state.
Protecting Both Privacy and Security, the European Way
Although consumer privacy is increasing thanks to the China’s Cybersecurity Law, citizens’ privacy does not reach the same level. It sure does make trading privacy for security easier for the government. But this should not cause western countries to disregard in block what China achieves on this front to combat the disease; it should rather push them to consider how this can work in our democracies and according to the rule of law.
Israel announced on March 14 it will tap into cellphone data to track the localization of its people, in a way normally used for anti-terrorist operations. Much like China, Israel will now be able to know Israelis’ movements, their proximity to proven Covid-19 cases and therefore potential infections. These initiatives give Israel and China a clear and granular view of the spread of the virus, while EU countries still operate according to the more archaic patterns of generalized confinement and all-too rare coronavirus tests.
European countries, such as Belgium, only begin to publicly express the possibility of using the personal data of their inhabitants. Still, there are too few European initiatives to take advantage of the huge opportunity that represent personal data to fight Covid-19. It’s been two years since the GDPR, the most restrictive data protection model in the world, became applicable. It has rightfully raised awareness about the need to protect privacy, but governments now seem to shy away from using personal data for the security of European citizens.
Europe must not be afraid to draw inspiration from China and other more advanced countries on this issue. Our data protection regulatory model is strong enough that data can be used legitimately against the epidemic, with European ethics in mind. Meanwhile, Europe has high quality data that could help in the crisis, but we fight the virus blindfolded because we don’t use this information like we should.