The debate over the conflict between the rights of the citizen to privacy and the responsibility of the citizen to their fellows in terms of public health is not a new one. In many respects this duty of respecting patients' views in light of potential public good associated with disclosure is part of the fabric of the relationship between the medical profession and patients.
Advice to physicians is very clear. Patient confidentiality is a key tenet in all areas of medicine. However, circumstances exist where confidentiality must be broken in the patient’s or society’s best interests. It is also permissible to overrule a patient’s desire to anonymity where it could endanger the life of another.
The difference with COVID-19 is that whilst hitherto these decisions were taken on a case-by-case basis, usually with further interventions and debate by others within the profession, COVID-19 has changed the nature of these determinations and now it is becoming prevalent for governments to adopt a blanket approach rather than exercise careful examination on a case-by-case basis.
Why has COVID-19 changed the landscape?
Governments rule with our consent and part of the contract that binds us together is based upon a bilateral arrangement whereby they have a duty to protect us and provide public services and we have a duty to abide by the law of the land and respect the rights of others. The pandemic brings all of this into sharp focus. Governments become more and more pressured to demonstrate they are doing all they can to protect us – especially in these times where health and care systems are challenged to the extent of being overwhelmed. They then start to think of the difficulties around managing waves of the pandemic and also look to examples of countries which have been hailed as the great success stories around their management of the first wave of this pandemic like Taiwan, and South Korea. Here, technology was used extensively in track and trace and quarantine, both in terms of GPS and also electronic fencing. Given the gravity of the situation at the start of lockdown, in both these jurisdictions, these technological track and trace applications were deployed on a “whole nation” basis and emergency powers or similar instruments of law were invoked to deliver this technology. What is also notable is the level of public support the promulgation of these technologies enjoyed.
Whilst it is wholly understandable this happened, and clearly these approaches seem to have worked, this is not a reason to forget that the optimal route of delivery of technology works best when the route you wish to adopt is also the route the citizen wishes to adopt without resorting to law. Thus, privacy remains an important determinant of how technology is deployed even in these times of COVID-19.
The question then arises around how best to ensure that these new rather proscriptive processes have a limited life and that we convince rather than coerce the population around the undoubted value of data and information to drive better outcomes for them and their fellow citizens. Some countries have used mechanisms like “sunset clauses’ to only allow these more centralised approaches to data management to persist only in times of crises, while others are already having quite robust discussions about the introduction of track and trace apps to ensure that privacy is maintained as much as possible with the introduction of these technologies. There is good reason to be concerned. History teaches us that governments tend not to dismantle technologies or processes set up wholly appropriately in emergencies as readily as they could and indeed in some cases, some aspects of surveillance and intrusion somehow seem to persist even after the threat has long gone.
The value of interoperability is clear
It is worth praising the new collaboration between Apple and Google around contact tracing in this context. The initiative they have announced allows android and IOS devices to become interoperable using strictly time limited end-to-end cryptography without the need for central servers. At the heart of these proposals is the maintenance of privacy, transparency and consent. Information is held on each person’s mobile phone and only for a limited time to enable contact tracing to be performed. This approach seems to be the preferred approach being adopted by most jurisdictions within Europe. There is also the added benefit that it would enable travel between countries who adopted the same solution. This is a watershed moment, where there is increasing anxiety about the deployments of technology where there is potential for personal liberties to be compromised. It is extremely helpful for these companies to be prepared to cooperate and demonstrate that you can have effective technological solutions without compromising personal privacy. We should look forward to further examples of how this technology will develop. There is great opportunity for these new robust solutions to act as the basis for greater interoperability of technologies that goes far beyond single countries to encompass the global village which we will return to once this pandemic has run its course.