Citizen Lab report highlights data collection during COVID-19 and privacy law reform
On September 28, the Citizen Lab released a “preliminary benchmarking” of how various “information technologies have been mobilized in response to COVID-19 to collect data” and “the extent to which Canadian laws on health or privacy or emergencies hampered the response to COVID-19[FEMININE”LerapportmetÃ©galementenÃ©videncelesÂ«Â consÃ©quencespotentiellesdelarÃ©formedesloissurlaprotectiondesdonnÃ©esoulaconfidentialitÃ©pourpermettreunecollecteuneutilisationouunedivulgationpluslargesdesdonnÃ©espersonnellesdanslesfuturesurgencessanitairesÂ Â»
Les rapport, Â«Â Pandemic PrivacyÂ : Une analyse prÃ©liminaire des technologies de collecte, des lois sur la collecte de donnÃ©es et de la rÃ©forme lÃ©gislative pendant COVID-19Â Â», a Ã©tÃ© rÃ©digÃ© par Benjamin Ballard, Amanda Cutinha et Christopher Parsons.
Christopher Parsons, associÃ© de recherche senior au Citizen Lab
Parsons, associÃ© de recherche principal au Citizen Lab de la Munk School of Global Affairs & Public Policy de l’UniversitÃ© de Toronto, a dÃ©clarÃ© Le Quotidien de l’Avocat que lors de l’analyse des diffÃ©rentes technologies utilisÃ©es au Canada, aux Ãtats-Unis et au Royaume-Uni, Â« l’un des Ã©lÃ©ments les plus remarquables Ã©tait la faÃ§on dont les systÃ¨mes de tÃ©lÃ©communications avaient Ã©tÃ© rÃ©affectÃ©s pour faciliter la surveillance des pandÃ©mies Â».
Il a notÃ© que, bien que le rapport n’entre pas dans Â«Â trop de profondeurÂ Â» autre que de dire que Â«Â cela est probablement autorisÃ© en cas d’urgence dans les lois sur la santÃ©Â Â», il pense que la question Â«Â ouvre la porte aux praticiens et aux thÃ©oriciens pour [ask]: What exactly does it mean to transform technological ecosystems on a large scale for health purposes? “
Parsons said this issue “relates to the second section of the report” where the authors spend a lot of time “browsing what was the legislative network that existed before the COVID-19 pandemic.”
He noted that after the SARS outbreak, there was “recognition that the Privacy Act probably needs stronger privacy protections built in âandâ it hasn’t been done â. He also noted that the Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), the Emergency Situations Act, and the health acts “all allowed a fairly significant amount of two-way sharing.”
Parsons pointed out that “confidentiality was at no time an obstacle based on the research we did.”
“In fact, what was more of a problem was the information agreements between the provinces, between the agencies, and so if there is legal work to be done, it is to understand why these do not exist. ‘have not been created and how to strengthen them more solidly, “he said. said, noting that any update to privacy legislation should pay attention to “socially beneficial data abuse.”
“Namely because the categories initially prescribed are relatively delimited, but they can be widened at any time by the government, which means that it is an opening that can open up in a significant way,” he said. , noting that privacy legislation needs a “human rights approach to protect individuals’ rights and privacy.
“The concern there is absent that [approach], and especially with the potential to gradually expand how the legislation could be used, the restrictions placed on private companies when they process and use people’s data will be less restricted than what we see in Europe and elsewhere. jurisdictions that have human rights – bottom-up approach, âhe explained.
The report found that âprivacy legislation has not established any significant legal barriers to the collection, sharing and use of personal information given the authorization of such activities in health emergencies, as prescribed by provincial health and emergency laws â.
âMore generally, however,â the report notes, âthe legislative standard that allows waivers of consent in emergency situations may be inconsistent with individuals’ perceptions of their privacy rights and what they are doing. consider âappropriateâ violations of these rights, especially when some people dispute the severity (or even the existence) of the COVID-19 pandemic in the first place. “
âThe mismatch between the law and normative expectations for privacy, although pronounced during the COVID-19 pandemic, is not a new or unprecedented situation,â the report explained.
The report notes that â[F]Federal and provincial policymakers held the legal power to increase information sharing during the COVID-19 pandemic, but they often responded in disconnected and uncoordinated ways. “
âAt the same time,â the report added, âopposition to the government’s legal capacities to collect, use and disclose information as well as consent-based digital technologies that were supposed to mitigate the spread of COVID-19, reveals a disconnect between the legality of such processing of personal information and the normative expectations of Canadians as to how their personal information should be treated.
According to the report, the COVID-19 pandemic “represents the first public health crisis in which Canada’s federal and provincial privacy, health and emergency legislation has operated simultaneously, highlighting the use of these powers to collect, use and disclose personal information â.
âDue to a poorly coordinated government response to SARS, proactive and reactive tools to combat threats to public health have been implemented, including the creation of the Public Health Agency of Canada (PHAC) and the application of emergency legislation to public health crises. the report adds, noting that PHAC and emergency legislation “were used during the COVID-19 pandemic”.
The report also notes that â[L]gruesome information sharing also took place often, although individuals were not made aware of the amount of data collected about them. “
âAdditionally, the COVID-19 pandemic was new in terms of digital technologies used to collect information, which raised concerns about how existing legislation governs new technologies,â the report added.
Parsons said the authors hope this report “serves as a guide for further work” and “to remind people,” that is where we were at this stage of the pandemic, this is the kind of data that were collected. “
âWe’ve transformed over a billion devices in people’s hands, their iPhones, their androids, and there’s a whole new way of disease surveillance out there on the planet today that didn’t exist there. at 18 months. These are obvious things today, but if you were to go back 24 months I think we would all be shocked if it exists, âhe said, noting that the report is intended toâ capture how the data have been collected and the importance of that. “
“And finally, strategically, [if] legislatures are considering introducing new legislation to reform privacy laws, the hope is that they will consider our report, as well as the work of other colleagues, and recognize that human rights are essential to include in any privacy law reform. And if the Government of Canada and its provincial counterparts ensure that they either regain or maintain the confidence of the electorate, that they remove as many of these little room for maneuver, like an Order in Council will expand something and won’t be obvious, âhe said, stressing thatâ if privacy is to be the centerpiece of the digital realm, people need to trust how this coin will be collected and exchanged â.