COVID & Digital Surveillance: Common Legislative Protections for Proximity Apps, Attendance Tracking, and Status Certificates (Part II) (Presentation Slides)

UN Special Rapporteur on the Right to Privacy Session: ‘COVID-19 and Privacy in Asia, Australasia and Europe’ 23 June 2021 (Presentation)

9 Pages Posted: 30 Jun 2021

See all articles by Graham Greenleaf

Graham Greenleaf

Independent Scholar

Katharine Kemp

University of New South Wales (UNSW) - UNSW Law & Justice

Date Written: June 23, 2021

Abstract

This presentation to the UN Special Rapporteur’s conference on the Right to Privacy Session: ‘COVID-19 and Privacy in Asia, Australasia and Europe’ was given on 23 June 2021. Graham Greenleaf presented this second part, and Katharine Kemp presented a first part at https://ssrn.com/abstract=3878659.

Three forms of COVID data surveillance are considered: Proximity Tracking; Attendance Tracking; and COVID Status Certification. Our argument is that legislative protections based on common principles are needed for all types of COVID surveillance.

Our starting point is that emergency measures pose risks requiring emergency-quality protections. Unfortunately, emergencies tend to reduce normal legislative oversight. We consider two desirable principles which are often difficult to deliver if maximum effectiveness against COVID is sought: no compulsion (voluntary); and no central database.

We use three points of comparison to illustrate the legislative protections needed (and in some cases, absent):
1. Australia’s bluetooth proximity tracing app (COVIDSafe Act)
2. Australian QR Codes for attendance check-ins (no model law)
3. EU’s COVID status certificates (EU Digital Covid Certificate Regulations)

We argue for 10 common principles which can and should be implemented in legislation applying to all types of COVID surveillance systems:

1. Put controls within the country’s data privacy law
2. Guarantee access to avoid discrimination
3. Minimise & define authorised uses of COVID data
4. Minimise data collection
5. Anti-coercion provisions
6. Prevent ‘surveillance creep’
7. Continuous deletion program (if data is collected)
8. ‘Sunset clause’ for whole system
9. Supervision by independent DPA
10. Transparency

These 10 principles are applicable even where COVID surveillance systems are developed which are compulsory and involve centralised databases. Various international organisations are advocating similar sets of principles.

The presentation examines the application of these ten principles in relation to each of the three examples of legislative protections (or their absence), and concludes that essentially the same legislative controls are necessary & possible to mediate all three types of COVID surveillance.

Keywords: COVID-19, data protection, privacy, proximity app, QR Code, Status Certificate, Vaccination We

Suggested Citation

Greenleaf, Graham and Kemp, Katharine, COVID & Digital Surveillance: Common Legislative Protections for Proximity Apps, Attendance Tracking, and Status Certificates (Part II) (Presentation Slides) (June 23, 2021). UN Special Rapporteur on the Right to Privacy Session: ‘COVID-19 and Privacy in Asia, Australasia and Europe’ 23 June 2021 (Presentation) , Available at SSRN: https://ssrn.com/abstract=3875920 or http://dx.doi.org/10.2139/ssrn.3875920

Graham Greenleaf (Contact Author)

Independent Scholar ( email )

Sydney
Australia

HOME PAGE: http://www2.austlii.edu.au/~graham/

Katharine Kemp

University of New South Wales (UNSW) - UNSW Law & Justice ( email )

Kensington, New South Wales 2052
Australia

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
147
Abstract Views
1,387
Rank
352,629
PlumX Metrics