How to restore data privacy after the coronavirus pandemic

As scientists around the world work tirelessly to develop a viable vaccine, coordinated data-sharing has become an essential tool in the ongoing fight against coronavirus. In an effort to establish effective public health strategies and protocols for curtailing the spread of COVID-19, mass data collection methods are already being put to use.

Naturally, any type of sweeping government-sanctioned surveillance programme, however well-intentioned, raises serious questions: how is our sensitive data being used? Who has access to it? How vulnerable is our data to leaks and hacks? How could it be exploited by private companies in the future? And, of course, is there a way to mitigate the risk of privacy breaches?

These are important questions that will most certainly resurface – even if we’re too preoccupied to think about them today – once panic ebbs and calm has been restored in the post-coronavirus era.

Keeping close tabs on the health and location data of local populations may, in fact, be the key to an effective containment strategy. For example, real-time data about the geographic distribution and health status of both the quarantined and infected patients reveals critical insights about the effectiveness of preventive health measures. Our personal data is currently being collected, used and shared in a variety of ways:

During an extraordinary crisis, many governments are willing to overlook privacy implications in an effort to save lives. However, the sensitive data that’s being collected is not exclusive to public health organizations and governments. In the United States, the government is openly working with Verily, a Google sister company, to offer online screening tests that require users to have a Google account. Sensitive data is also being accessed by surveillance technology companies and mobile app developers. Users of the Corona 100m app, for example, can see the date that a coronavirus patient was infected, along with his or her nationality, gender, age and the locations they visited.

Under ordinary circumstances, sensitive patient-linked medical records can and should be kept private. Exposing them to private companies, even in the interest of public health, is a source of concern because these records hold significant commercial value. They could, for instance, provide advertising agencies with valuable targeting data for healthcare and pharmaceutical companies. They could also help inform decision-making by health insurers seeking to verify medical histories when processing new policies and claims. Databases that contain identities linked with mobile location data also carry a price tag, especially for consumer markets.

Companies seeking to store sensitive data of any kind, and perhaps leverage it for future commercial gain, will be restricted by data privacy regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). However, to fully ensure regulatory compliance and protect data – an exponentially valuable business asset – enterprises must embrace the latest innovations in Privacy-Enhancing Technology (PET). This new category of privacy technology, as highlighted by the World Economic Forum, enables businesses to leverage insights derived from third-party private data without revealing confidential information that cannot and should not be shared for ethical, legal or business reasons.

Implementing PET, as discussed in US Senator Kirsten Gillibrand’s recently proposed Data Protection Act, should be a critical priority for the business community. Fortunately for enterprises, advanced cryptographic techniques based on PET are already in use. They have been rigorously tried and tested by the global academic community, and industry leaders are actively involved in PET standardization efforts like ZKProof to facilitate wider adoption. If implemented properly, PET can empower, rather than constrain, companies. It can help them safely leverage third-party data and stay competitive, without putting user privacy or confidential business data at risk.

In these uncertain times, as our governments explore data-driven solutions to curb a global health pandemic, we must consider how our data will be handled in the aftermath of the coronavirus. This crisis will eventually pass and, as new data challenges arise, privacy technologies must become the standard for enterprises and governments alike, to ensure we are best equipped to facilitate wide-scale privacy-enabled data collaboration before the next crisis unfolds.