The Right to Your Data
One of the essential ways to battle COVID-19 is through contact tracing— identifying, assessing, and managing people who have been exposed to the virus.
Since the start of the outbreak, governments and companies have been scrambling to develop apps to help with this process.
But with great technology comes grave privacy concerns. In May, professor and privacy expert Everett Monroe ’14 interviewed fellow expert Peter Micek ’11 in a Zoom event about the privacy-related implications of the pandemic. Their talk was part of USF’s “Lawyering in the time of COVID” online series, featuring experts on topics from mindfulness to animal rights. The series ran from March through July.
So what’s the difference between data privacy and data security?
Privacy, says Micek, is a human right. It’s the power to determine the conditions and situations in which you disclose information about yourself, your family, your business, and other personal matters.
“It’s not about secrets and shame,” says Micek, who is general counsel at Access Now, a global digital rights organization, as well as a professor at Columbia University. “It’s about power and control.”
Security, on the other hand, concerns who is authorized to access the data and the integrity of the systems that store it. Privacy and security go hand in hand. In regards to contact tracing, the question is, will these apps sufficiently protect the personal data and information they collect about the users?
“We want transparency into how these apps work [and] what they have access to,” Micek says. “Permissions should be fairly clear on their face and they should be developed with privacy by design.”
One factor is where data is stored: It can either live on the phone itself or in the cloud.
“We absolutely promote that the data be stored on the individual’s device,” Micek says. “This is the most sensitive data that there is – it’s health data and unfortunately we have too many examples of authorities misusing access to this data.”
A growing field
Attorneys working in other areas of law would do well to educate themselves on data privacy and security.
“This is a new and growing area of law,” says Micek. “It has a deep history in constitutional law [and] international frameworks, but it's absolutely of the moment and we need more eyes on this, especially people who get that rounded social justice-based education that USF law provides.”
Monroe, who teaches information privacy law at USF, agrees.
“Privacy is becoming part of corporate compliance; privacy is becoming part of public defenders and criminal defense law; privacy is becoming part of international commerce and business law,” he says. “The number of times I have had to look at a contract not for the service, but to transfer data from one place to another place … that has made up 80-90 percent of my days on certain days.”
Watch Micek and Monroe’s webinar.