Over the past week, COVID-19 infected more than 400.000 people worldwide reaching almost every country in the world. With a high transmission rate and the absence of a vaccine, many countries have taken strong decisions to enforce mass closures and social distancing.
In some countries, like Italy, provisions are being periodically strengthened as the contagion keeps spreading. From 21 March, people in Italy are not allowed to move between neighbourhoods without appropriate motivation.
Clearly these precautionary measures are bearable for a limited amount of time. While they can be enforced while the numbers of infections rise, they may become even more difficult to bear by the population once cases begin descending.
Technological solutions to mitigate the COVID-19 crisis have been implemented in China and South Korea, where authorities avoided a complete closure of the country, succeeding to limit the spread of the virus. European governments may be tempted to replicate such measures, with many believing this to be a quick fix solution. Such thinking raises a number of concerns, however, particularly with regards to European ethics, privacy and data protection legislation.
China’s first reactions to the virus have been heavily criticised by the international community, not least due to a lack of transparency. In January, the Chinese government used technology to silence whistle-blowers through the widely used messaging platform WeChat.
Chinese authorities have indirectly forced citizens to download a smartphone app, developed by the colossus Ali Baba, which retrieves private data to assign, based on visited locations and other data, a QR code of different colour. A red or yellow QR code, scanned by the authorities in frequent security checks, limits the freedom of movement of users by forbidding, for instance, access to public transport or offices. Despite strong criticism from abroad, the app has allowed China to continue producing goods and services in parts of the country not heavily affected by the virus.
Similarly to China, South Korea has implemented a social tracking system which allows authorities to inform citizens on new cases. Differently from Europe, however, South Korea had strong standard operating procedures, ready to be implemented, based on the previous 2015 MERS epidemic.
Building on this experience, South Korea decided early in the crisis to start massive test sessions, linked to systematic updates through SMS and app messaging. In this way, the authorities are helping people avoid certain areas or to self-isolate in the event of a suspected infection. In democratic South Korea, even this system led to privacy concerns, however.
Turning to Europe, the EU has no mandate for public health, which remains the competence of member states. Furthermore, the European Commission has encountered difficulties to avoid or mediate frictions among member states on the commerce and transit of medical equipment. The EU requires strong action in order reassure public opinion and member states. For this, it could build on its experience in digital policy where the EU has been a remarkable player, gaining worldwide leadership with the adoption of GDPR standards.
Now is the time for Europe to further implement its data policy for citizens, and to structure a health data sector as foreseen in its recent data strategy. A model inspired by South Korea could be implemented in Europe to reduce the lockdown phase and to boost the reopening of borders after the global quarantine moment.
The EU Commission should ask member states to cooperate in identifying technical means and resources to propose a European wide state-controlled solution to monitor individual contagions and quarantines, in order to allow people to resume travelling as soon as cases begin slowing down in Europe.
In a pandemic crisis, the balance between privacy and public health leans towards the latter. Nevertheless, a strong legal enclosure should be created around any such data driven policy, also thinking of the transition to a “post-epidemic” life. Italy is moving forward alone in this direction and since 23 March has asked researchers and companies to develop solutions to track the emergency in order to prevent new cases. Other countries will soon do the same. The EU should evaluate the possibility to develop a European data policy to handle the crisis, a solution also supported by experts such as professor Walter Ricciardi, a member of the World Health Organization (WHO) executive board.
To limit concerns of social control, the Commission should clearly define, through ad-hoc legislation, the time of deployment and issue a commitment to delete all data at the end of the crisis. Ideally, the Commission should act in a centralised manner. If developed nationally by member states, these measures may ultimately compromise the fragile Schengen area.
There is also an issue about who is retrieving and handling the data. As the main IT platforms such as Google, Apple or Facebook already have all the needed data, the implementation of a data policy should be defined and controlled by a public body able to ensure the highest level of security for individual data, through advanced encryption features.
We can already observe the creation of an ad-hoc public data application by the Italian Lazio region or US government projects to retrieve data from existing applications and devices by relying on big Tech companies. In a perfect world, an EU-wide approach should be developed with potential plug-ins from other democracies around the world, setting up an important channel of dialogue with the US, where the main Tech companies are based.
Israel has decided to apply its anti-terrorism monitoring and tracking technologies to anti-virus dissemination fight. While the parliament would not agree, government chose to bypass the parliamentary sub-committee and impose such an emergency measure by decree. This is clearly a difficult choice between the fear of a digital dictatorship and the compelling need to save lives.
We can foresee two sides of such digital applications. The first is to control and track the movement of people, measures that can apply independently from individual contamination. As Italy’s Lombardy region already used cell phones antennas to track mobility, such measures add the possibility of mass data gathering to enforce quarantines.
The second and perhaps more useful use of data derives from the prioritised tracking of people who have tested positive for COVID-19. As the South Korean case reveals, mass testing is extremely useful if the data is then managed and used for treatment, quarantines and propagation tracking, on a collective or individual basis.
If we think that a treatment protocol such as the one Didier Raoult’s team has developed in Marseille could become rapidly available, a massive testing policy combined with management and exchange of individual and collective data could create the conditions for a gradual resumption of societal life after quarantines.
Such use of data has led to fears of long-term “big brother” style control by the authorities, also based on the application of AI. Would life be worthwhile in such a dystopic society? Live as a digital slave or die? Maybe not. The main concern is obviously not the use of data to fight the virus, but the multiple control applications that any institution can foster with this authorised access to data. If non-secured applications retrieve individual data, it could then be processed and used by any kind of commercial company or even hostile governments.
We believe every one of us, in the unfortunate event of testing positive for coronavirus, would be ready to share his/her information with contacts, family, friends and society at large, to inform about the risk of contagion. But this genuine and very much needed generosity in times of crisis must not feed other purposes.
The Chinese model of social control already provides an example of a digital regime that Europe does not want to reproduce. Even the Israeli approach appears dangerous.
Instead, we should advocate for a European model, based on a number of important dimensions: the control of such temporary processes by technically secured public bodies within the coordination/standard range of the European Union, also involving digital privacy bodies, and an individual right to openly share individual data in times of crisis, but also to withdraw and cancel the data when the epidemic is over. Such an open sharing of individual data might not be perceived by citizens as that different from the consensus agreements given to applications such as Facebook.
As the Cambridge Analytica case has illustrated, however, there is always a risk of leaks and the misuse of data. It is thus vital not only to be able to opt-out but also to avoid that any kind of unfriendly institution could benefit from that data for other purposes, which is, again, rather tricky as we all recall how Facebook data has been used by companies or countries for propaganda and influence campaigns.
Obviously, the development of treatment protocols and a future vaccine would put an end to any such data-gathering system. While this can be kept aside for future needs, its applicability in the present crisis could have important social, economic and political dividends that may well outlast the present pandemic, on top of helping to save lives and limit the contagion spread before national health care services in Europe are overwhelmed.
 Justin Fendos, “Lessons From South Korea’s COVID-19 Outbreak: The Good, Bad, and Ugly”, in The Diplomat, 10 March 2020, https://thediplomat.com/2020/03/lessons-from-south-koreas-covid-19-outbreak-the-good-bad-and-ugly.
 Speech of the Mayor of Seoul released on 6 April 2015: Seoul Metropolitan Government, As Head of the Anti-MERS Headquarters, I Will Address Even the Smallest Problems, http://english.seoul.go.kr/?p=128386.
 Elisabeth Braw, “The EU Is Abandoning Italy in Its Hour of Need”, in Foreign Policy, 14 March 2020, https://foreignpolicy.com/2020/03/14/coronavirus-eu-abandoning-italy-china-aid.
 European Commission, A European Strategy for Data (COM/2020/66), 19 February 2020, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020DC0066.
 Luca Fraioli, “Il modello Corea del Sud: tamponi e controlli. Ricciardi: ‘Pronti a seguire l’esempio di Seul’”, in La Repubblica, 20 March 2020, https://rep.repubblica.it/pwa/generale/2020/03/20/news/coronavirus_modello_corea_del_sud-251839703.
 Will Knight, “The Value and Ethics of Using Phone Data to Monitor Covid-19”, in Wired, 18 March 2020, https://www.wired.com/story/value-ethics-using-phone-data-monitor-covid-19.
 The app is available to download on the official website: APP | Nuovo Coronavirus, http://www.regione.lazio.it/rl/coronavirus/?p=2452. See, also: Cristian Barbieri, “Ecco come la tecnologia può rallentare il coronavirus”, in AffarInternazionali, 19 March 2020, https://www.affarinternazionali.it/?p=79579.
 Yuval Noah Harari, “The World After Coronavirus”, in Financial Times, 20 March 2020, https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcca75.
 Cesare Giuzzi, “Coronavirus, così la Lombardia ‘controlla’ i movimenti via cellulare”, in Corriere della Sera, 17 March 2020, https://www.corriere.it/cronache/20_marzo_17/coronavirus-cosi-lombardia-controlla-movimenti-via-cellulare-75c3d226-6897-11ea-9725-c592292e4a85.shtml.
 “Coronavirus: à Marseille, l’institut du professeur Raoult dépiste tous les patients fébriles”, in France Télévisions, 22 March 2020, https://www.francetvinfo.fr/sante/maladie/coronavirus/coronavirus-a-marseille-l-institut-du-professeur-raoult-depiste-tous-les-patients-febriles_3879743.html.
by Cristian Barbieri & Jean-Pierre Darnis, Istituto Affari Internazionali
Pdf Version here: https://www.iai.it/sites/default/files/iaicom2011.pdf