Citizen Lab report highlights data collection during COVID-19 and privacy law reform


On September 28, the Citizen Lab released a “preliminary benchmarking” of how various “information technologies have been mobilized in response to COVID-19 to collect data” and “the extent to which Canadian laws on health or privacy or emergencies hampered the response to COVID-19[FEMININE”Lerapportmetégalementenévidenceles« conséquencespotentiellesdelaréformedesloissurlaprotectiondesdonnéesoulaconfidentialitépourpermettreunecollecteuneutilisationouunedivulgationpluslargesdesdonnéespersonnellesdanslesfuturesurgencessanitaires »

Les rapport, « Pandemic Privacy : Une analyse préliminaire des technologies de collecte, des lois sur la collecte de données et de la réforme législative pendant COVID-19 », a été rédigé par Benjamin Ballard, Amanda Cutinha et Christopher Parsons.

Christopher Parsons, associé de recherche senior au Citizen Lab

Parsons, associé de recherche principal au Citizen Lab de la Munk School of Global Affairs & Public Policy de l’Université de Toronto, a déclaré Le Quotidien de l’Avocat que lors de l’analyse des différentes technologies utilisées au Canada, aux États-Unis et au Royaume-Uni, « l’un des éléments les plus remarquables était la façon dont les systèmes de télécommunications avaient été réaffectés pour faciliter la surveillance des pandémies ».

Il a noté que, bien que le rapport n’entre pas dans « trop de profondeur » autre que de dire que « cela est probablement autorisé en cas d’urgence dans les lois sur la santé », il pense que la question « ouvre la porte aux praticiens et aux théoriciens pour [ask]: What exactly does it mean to transform technological ecosystems on a large scale for health purposes? “

Parsons said this issue “relates to the second section of the report” where the authors spend a lot of time “browsing what was the legislative network that existed before the COVID-19 pandemic.”

He noted that after the SARS outbreak, there was “recognition that the Privacy Act probably needs stronger privacy protections built in ”and“ it hasn’t been done ”. He also noted that the Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), the Emergency Situations Act, and the health acts “all allowed a fairly significant amount of two-way sharing.”

Parsons pointed out that “confidentiality was at no time an obstacle based on the research we did.”

“In fact, what was more of a problem was the information agreements between the provinces, between the agencies, and so if there is legal work to be done, it is to understand why these do not exist. ‘have not been created and how to strengthen them more solidly, “he said. said, noting that any update to privacy legislation should pay attention to “socially beneficial data abuse.”

“Namely because the categories initially prescribed are relatively delimited, but they can be widened at any time by the government, which means that it is an opening that can open up in a significant way,” he said. , noting that privacy legislation needs a “human rights approach to protect individuals’ rights and privacy.

“The concern there is absent that [approach], and especially with the potential to gradually expand how the legislation could be used, the restrictions placed on private companies when they process and use people’s data will be less restricted than what we see in Europe and elsewhere. jurisdictions that have human rights – bottom-up approach, ”he explained.

The report found that “privacy legislation has not established any significant legal barriers to the collection, sharing and use of personal information given the authorization of such activities in health emergencies, as prescribed by provincial health and emergency laws ”.

“More generally, however,” the report notes, “the legislative standard that allows waivers of consent in emergency situations may be inconsistent with individuals’ perceptions of their privacy rights and what they are doing. consider “appropriate” violations of these rights, especially when some people dispute the severity (or even the existence) of the COVID-19 pandemic in the first place. “

“The mismatch between the law and normative expectations for privacy, although pronounced during the COVID-19 pandemic, is not a new or unprecedented situation,” the report explained.

The report notes that “[F]Federal and provincial policymakers held the legal power to increase information sharing during the COVID-19 pandemic, but they often responded in disconnected and uncoordinated ways. “

“At the same time,” the report added, “opposition to the government’s legal capacities to collect, use and disclose information as well as consent-based digital technologies that were supposed to mitigate the spread of COVID-19, reveals a disconnect between the legality of such processing of personal information and the normative expectations of Canadians as to how their personal information should be treated.

According to the report, the COVID-19 pandemic “represents the first public health crisis in which Canada’s federal and provincial privacy, health and emergency legislation has operated simultaneously, highlighting the use of these powers to collect, use and disclose personal information ”.

“Due to a poorly coordinated government response to SARS, proactive and reactive tools to combat threats to public health have been implemented, including the creation of the Public Health Agency of Canada (PHAC) and the application of emergency legislation to public health crises. the report adds, noting that PHAC and emergency legislation “were used during the COVID-19 pandemic”.

The report also notes that “[L]gruesome information sharing also took place often, although individuals were not made aware of the amount of data collected about them. “

“Additionally, the COVID-19 pandemic was new in terms of digital technologies used to collect information, which raised concerns about how existing legislation governs new technologies,” the report added.

Parsons said the authors hope this report “serves as a guide for further work” and “to remind people,” that is where we were at this stage of the pandemic, this is the kind of data that were collected. “

“We’ve transformed over a billion devices in people’s hands, their iPhones, their androids, and there’s a whole new way of disease surveillance out there on the planet today that didn’t exist there. at 18 months. These are obvious things today, but if you were to go back 24 months I think we would all be shocked if it exists, ”he said, noting that the report is intended to“ capture how the data have been collected and the importance of that. “

“And finally, strategically, [if] legislatures are considering introducing new legislation to reform privacy laws, the hope is that they will consider our report, as well as the work of other colleagues, and recognize that human rights are essential to include in any privacy law reform. And if the Government of Canada and its provincial counterparts ensure that they either regain or maintain the confidence of the electorate, that they remove as many of these little room for maneuver, like an Order in Council will expand something and won’t be obvious, ”he said, stressing that“ if privacy is to be the centerpiece of the digital realm, people need to trust how this coin will be collected and exchanged ”.

If you have any information, ideas for articles or tips for The Lawyer Daily please contact Amanda Jérôme at [email protected] or dial 416-524-2152.

Leave A Reply

Your email address will not be published.