FULL EVENT REPORT:
Discussions over “contact tracing” apps and other data-driven solutions to fight the pandemic (self diagnosis, heat maps, facial recognition, immunity certificates, contagion risk scoring, monitoring of quarantine, etc.) are taking the center stage in government cabinets and popular news. But press coverage tends to make a hotchpotch of these proposals, putting in the same basket very different types of data processing and failing to distinguish the marginal utility that can be derived from each. At the same time, there is concern about citizens receiving insufficient, incomplete or unreliable data to understand the conditions of spreading and treatment of the virus and make cross-country comparisons.
In light of the pressing social and economic challenges we are facing, there is urgent need to define a data governance strategy that enables governments and communities to leverage collective knowledge for the common good. The point of data governance in this context is to provide a framework that helps maximize the utility derived from information without unduly compromising individual rights and freedoms. This workshop aimed to discuss some of the crucial data governance questions from the perspective of Latin America, to explore and learn different approaches in the region. It was divided in three sessions, each addressing its own subset of issues.
1. Open data: sunlight is the best of disinfectants?
First, there is a wealth of data that can be shared by governments at an aggregate level that would allow not only other countries to calibrate their responses, but also people more generally to make more informed choices in their social and professional lives. What are the most urgent priorities in information disclosure? And what of those are the most immediately implementable? What level of granularity is efficient and sufficient to prevent identification of specific individuals? How can we ensure interoperability of datasets across different countries and scenarios? What safeguards should be adopted to prevent harm to individuals and to groups (including e.g. discrimination)? How can we ensure accuracy and interoperability of datasets across different countries and scenarios? Are there national security concerns or other justifications for not sharing certain data in the widest possible form? Can/should limitations be imposed on the way in which open government databases are subsequently used.
2. Government restrictions of privacy, data protection and other fundamental rights
A second important question concerns governments’ appeal to the emergency to justify interference with privacy and data protection, and in doing so often also other fundamental rights. Does the emergency justify citizen surveillance (for example using location data or deploying invasive technologies like facial recognition or electronic bracelets, but also by mere encouragement of peer reporting) for the enforcement of lockdowns/quarantines? On what conditions should governments be able to access traffic data from telecommunication providers? What is a suitable legal basis for digital contact tracing, and what is the evidence that this (as opposed to manual contact tracing) is necessary to address the emergency? To what extent can access to essential services be conditioned on the disclosure of private, intimate data and the sacrifice of individual privacy? Conversely, what mechanisms can be used to stimulate adoption of voluntary monitoring? What are the conceivable benefits produced by each of these measures for the country and its citizens, and do they outweigh any individual or collective harms?
3. Data-driven innovations: civil society and private sector responses
The third and final session focused on bottom-up initiatives, i.e. citizens or community-led enterprises that complement or improve governmental approaches. These include the adoption of decentralized protocols for contact tracing (like the Decentralized Privacy-Preserving Proximity Tracing project, Google’s & Apple’s privacy preserving tracing project, the Global Coalition for Privacy-First Digital Contact Tracing Protocols to Fight COVID-19), self-reporting apps (for instance, the “David-19” launched by the Interamerican Development Bank) and other solutions based on data collaboratives (e.g. data pools, data coops, data foundations, etc.). The key challenges here are about the governance and technological mechanisms that ensure accountability for these private initiatives. Who are the data controllers, and what are their respective responsibilities in the deployment of these projects? What safeguards can be adopted to prevent misuse of these tools, and ultimately harm to individuals and communities? Note that there may be different considerations depending on how an app is financed. Should any complementary services be provided (for instance heat maps, diagnostics and information on availability of equipment)? Under what conditions is it acceptable for contact tracing apps to use sensitive health data for additional purposes? More generally, what are the promises and challenges of these bottom-up solutions?
Speakers and Moderators:
- Fernanda Campagnucci | Open Knowledge Brasil, Brazil
- Julio Lopez | DataLat, Ecuador
- Paloma Lara Castro | TEDIC, Paraguay
- Natalia Carfi | Open Data Charter (Moderator)
- Olivia Andrea Mendoza Enriquez | CIDE, Mexico
- Juan Carlos Lara | Derechos Digitales, Chile
- Seth Schoen | Electronic Frontier Foundation
- Walter B. Gaspar | Fundação Getulio Vargas (Moderator)
- Maria Paz Canales | Derechos Digitales, Chile
- Rafael Zanatta | Data Privacy Brasil, Brazil
- Maria Lorena Florez Rojas | Universidad de los Andes, Colombia
- Nicolo Zingales | Fundação Getulio Vargas (Moderator)
FULL EVENT VIDEO: