As more and more countries resort to using digital tools to monitor and track their citizens, those measures must comply with privacy laws, writes Dunja Mijatovic, the Council of Europe Commissioner for Human Rights.
COVID-19 has already killed over 200,000 people in the world. Over half of those fatalities in occurred in Europe. It is therefore easy to understand why governments have had to take extraordinary measures. As restrictions are gradually eased, it is crucial that the very restrictive ones do not outlast the emergency.
Surveillance is a case in point. While the potential of digital tools to contain the spread of infections is worth exploring, they can also turn against us when they intrude on our private lives and restrict our ability to participate in society.
This risk has already surfaced in several European countries.
In Russia, the government has resorted to facial recognition cameras to enforce quarantine orders without guarantees that such technology will not be used for other purposes. In Azerbaijan citizens must report their movements by SMS to an electronic system, potentially enabling the police to monitor them. In Montenegro, the government published on its website the names and the addresses of people who have been ordered to self-isolate upon their return from abroad.
In Poland, a mandatory government-provided app requires quarantined people to take time-stamped selfies with GPS coordinates several times a day. Failure to comply with the task may result in police intervention and lead to a hefty fine. Turkey also announced a similar mandatory app to follow the whereabouts of persons who have been tested positive for COVID-19.
In the United Kingdom, the Guardian newspaper revealed that technology firms processed the confidential personal data of patients without transparency or accountability.
Legal boundaries must be upheld
These are the most worrying examples of a general surveillance trend going on in Europe which raises concerns about its compatibility with human rights standards governing data protection.
The European Court of Human Rights has acknowledged that restrictions can take place and that the use of personal data may be necessary in certain emergency situations. However, it also stressed that states can do so only under exceptional and precise conditions while offering adequate legal safeguards and independent supervision. They must also ensure that the measures adopted be based on the case-law, remain compatible with the desired aim, be the least intrusive possible and be lifted once the reason for introducing them no longer exists.
If the governments do not respect these legal boundaries, they risk endangering our rights without necessarily protecting our health. They will also risk losing public support, which is an indispensable feature in public health efforts.
It is therefore encouraging that the Committee of Ministers of the Council of Europe, in which all 47 member states are represented, explicitly stated on April 22 that states must combat the disease and its wider consequences in accordance with the organization's principles and the commitments they entered into.
Indeed, a democracy does not have to sacrifice privacy to protect health. Governments must find the right balance between these two imperatives. To make this happen, they have a series of steps to undertake.
Balancing privacy and health measures
First of all, digital devices must be designed and used in compliance with privacy and non-discrimination norms. They must be anonymous, encrypted, decentralized, function on open source and be available to the largest number of people possible, thus bridging the digital divide. Their use must be voluntary, based on informed consent, restricted to the purposes of health protection, contain a clear time limit and be fully transparent. Users should be able to opt-out at any moment, deleting all their data, and be able to challenge intrusions into their private sphere through effective measures.
Secondly, laws must comply strictly with the right to privacy as protected by the laws of national constitutions and of the European Court of Human Rights.
Thirdly, government operations must be subject to judicial review, as well as monitoring by parliament and national human rights institutions to ensure accountability. Independent data protection authorities must test and approve technological devices before they are used.
Public health crises are real threats that require an effective response, but the health imperative must not become a carte blanche to snoop on people's lives. Surveillance measures that bypass human rights and the rule of law are not a democratic solution.
Dunja Mijatovic is the Council of Europe Commissioner for Human Rights.