You can have privacy and fight Covid, says Leonardo Cervera Navas of EDPS

You don’t have to give up privacy in fight against Covid, says Leonardo Cervera Navas, Director European Data Protection Supervisor, EDPS.

“We do not have to give up privacy entirely. It is perfectly possible to stop the contagion while at that same time have anonymity in place. It does not have to be one of the other,” or so said Leonardo Cervera Navas, Director at the EDPS, in an interview with Joe Tidy, cyber security correspondent BBC, as part of the inaugural Last Thursday Privacy, an all day online event taking place on the last Thursday of every month.

The Covid-19 crisis has brought with it enormous demand for data. “I want to be able to see my parents again, we are all prepared to make sacrifices, such as freedom to move, which is more important than privacy,” said Mr Navas. Maybe, however, we are being presented with a false choice — giving up privacy may seem like a small price to pay, it is just that it may not be necessary. Or if some privacy must be sacrificed in the battle against Covid-19, let’s make sure that this sacrifice lasts no longer than is necessary and we only give-up that which is necessary. If, for example, anonymised data will suffice, then let’s have that.

If the science says some data collected during the crisis must be kept, them keep it, but only if there is a good reason.

It’s all common sense, and in the online interview, Mr Navas spoke a lot of common sense. Unfortunately, in times like these, at moments of panic, sensible, considered decision making is not always in vogue.

Contact tracing

Mr Navas also spoke about the need for a single contact tracing approach across the EU. As self-confessed pro-European he said “It makes no sense that across the EU there are different contact tracing apps.” He gave as, an example, himself, travelling from Belgium, where he needs to work, to Spain. If contact tracing is needed to fight Covid, then shouldn’t the data pertain to everywhere he visits, not just one country?

Then again, Mr Navas is a great believer in freedom of movement across the EU — and given that, his logic is eminently, well, it’s eminently logical.

“At least make the apps interoperable,” he said.

Getting it right from the start
Maybe one of the lessons of this virus that has impacted upon us all in some way, is that you need to get your approach right at the start. Arguably, if governments had reacted sooner, lives would have been saved. And Mr Navas says you can apply that argument to privacy in this age too.

“I hope that the big lesson we get from this is that our leaders start doing what needs to be done, and not what is politically correct,” he said.

On the other hand, he did sound a positive note when he said that most of the contact tracing apps are being produced with privacy by design.” He added that they are “relatively well done from this view point.”

Going back to normal

The phrase “new normal’ is being uttered more and more as this crisis matures. But what we don’t want is for this new normal to involve a surveillance state and the permanent encroachment of our privacy.

Given this, how do we restore privacy, how do we, so to speak, put the genie back into the bottle?

Mr Navas outlined two ways we can see our human right to privacy honoured in this new normal:
• Firstly, via public awareness —  the public will demand a return to privacy.
• Secondly, via enforcement. “We have to be serious about enforcement,” he said.

“Don’t forget the endemic in times of a pandemic,” he said poetically. “We have endemic problems,” such as surveillance, so when we go back to normality, “we will have to fix not only the pandemic but the endemic problems too. Because if we are hooked on technology it is is matter of public interest that privacy is respected.”


What about the GDPR itself, will this need overhauling, post crisis?

“GDP is not against measures being taken by public authorities to protect health of employees. This does not mean then employer has a blank cheque to do whatever they want.

For example, you need to measure temperatures of employees, you don’t need their name.”

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.