A Stronger Right to Data Protection During Pandemics? Leveraging the American Convention on Human Rights Against Governmental Inaction: A Brazilian Case-Study
Revista de Direitos Fundamentais & Justiça (2020 Forthcoming)
36 Pages Posted: 21 Sep 2020 Last revised: 11 Dec 2020
Date Written: August 27, 2020
This article presents a case-study to illustrate the crucial importance of an effective data protection law in the fight against pandemics, and critically assess the extent to which the absence of such framework may amount to a violation of the American Convention of Human Rights. The analysis focuses on Brazil as an emblematic example, as the country has been facing the pandemic without being able to rely on a comprehensive and properly supervised data protection law, while also failing to adopt data-driven responses which could have helped to raise awareness and prevent the spread of the virus. Although the relationship between the adopted policies and the unwavering rise of contagions and deaths is one of correlation, and not necessarily causation, it is argued that an examination of the facts through the lenses of the Convention and its case-law could give sufficient grounding to a claim of responsibility for failure to ensure sufficient protection to the right to privacy, life and integrity. To substantiate such claim, the article begins by describing the Brazilian government´s approach towards the health risks raised by the pandemic (Section 2), and highlighting the privacy and data protection questions raised by technological solutions that are dependent on the collection and use of personal data (Section 3). It follows with an overview of the troubled process of entry into force of a general data protection law in the country, and of a Supreme Court ruling that invalidated the government´s attempt to make use of personal data in order to gather evidence for the adoption of economic measures (Section 4). Finally, having explained the nature of the positive obligations assumed by States that are parties to the Convention, the article examines whether the Brazilian data protection framework has proven fit for purpose during the pandemic (Section 5), and concludes with lessons learned from this case-study (Section 6).
Keywords: COVID, data protection, positive obligations
Suggested Citation: Suggested Citation