ITU | UPU

Joint Statement on Data Protection and Privacy in the COVID-19 Response

The United Nations, IOM, ITU, OCHA, OHCHR, UNDP, UNEP, UNESCO, UNHCR, UNICEF, UNOPS, UPU, UN Volunteers, UN Women, WFP and WHO support the adoption of the following joint statement, in line with the UN Personal Data Protection and Privacy Principles[1] adopted by the UN System Organizations to support its use of data and technology in the COVID-19 response in a way that respects the right to privacy and other human rights and promotes economic and social development.

 

Joint Statement

The COVID-19 pandemic has become a global emergency, with devastating consequences in terms of loss of life and economic decline, and significantly hampering progress toward achieving the United Nations Sustainable Development Goals. Poor and vulnerable communities are particularly imperiled by this deadly disease and its economic ramifications.

Mounting evidence demonstrates that the collection, use, sharing and further processing of data can help limit the spread of the virus and aid in accelerating the recovery, especially through digital contact tracing. Mobility data derived from people’s usage of mobile phones, emails, banking, social media, postal services, for instance, can assist in monitoring the spread of the virus and support the implementation of the UN System Organizations’ mandated activities.[2]

Such data collection and processing, including for digital contact tracing and general health surveillance, may include the collection of vast amounts of personal and non-personal sensitive data. This could have significant effects beyond the initial crisis response phase, including, if such measures are applied for purposes not directly or specifically related to the COVID-19 response, potentially leading to the infringement of fundamental human rights and freedoms. This concern is especially pressing if some emergency measures introduced to address the pandemic, such as digital contact tracing, are turned into standard practice.

The UN Secretary-General highlighted in his policy brief on human rights and COVID-19 that “Human rights are key in shaping the pandemic response, both for the public health emergency and the broader impact on people’s lives and livelihoods. Human rights put people centre-stage. Responses that are shaped by and respect human rights result in better outcomes in beating the pandemic, ensuring healthcare for everyone and preserving human dignity.”

Any data collection, use and processing by UN System Organizations in the context of the COVID-19 pandemic should be rooted in human rights and implemented with due regard to applicable international law, data protection and privacy principles, including the UN Personal Data Protection and Privacy Principles. Any measures taken to address the COVID-19 pandemic should also be consistent with the mandates of the respective UN System Organizations and take into account the balancing of relevant rights, including the right to health and life and the right to economic and social development.

Taking into account the UN Personal Data Protection and Privacy Principles, the UN Secretary-General’s policy brief on human rights and COVID-19, and relevant health and humanitarian standards, data collection, use and processing by UN System Organizations in their operations should, at a minimum:

Be lawful, limited in scope and time, and necessary and proportionate to specified and legitimate purposes in response to the COVID-19 pandemic;
Ensure appropriate confidentiality, security, time-bound retention and proper destruction or deletion of data in accordance with the aforementioned purposes;

Ensure that any data exchange adheres to applicable international law, data protection and privacy principles, and is evaluated based on proper due diligence and risks assessments;

Be subject to any applicable mechanisms and procedures to ensure that measures taken with regard to data use are justified by and in accordance with the aforementioned principles and purposes, and cease as soon as the need for such measures is no longer present; and

Be transparent in order to build trust in the deployment of current and future efforts alike.

A coordinated and inclusive global UN-wide response rooted in solidarity is necessary to contain the pandemic and minimize its negative impact across the world. Although the statement is aimed to address the challenges of the current COVID-19 pandemic, it may serve as a precedent for using data to respond to any future crises of a similar scale quickly and while respecting data protection and privacy.

 

 

[1]  The UN Principles on Personal Data Protection Privacy were developed by the UN Privacy Policy Group (UN PPG), an inter-agency group established in September 2016 and co-chaired by UN Global Pulse and the UN Office of Information and Communications Technology (OICT). The UN PPG’s primary objectives are to (i) advance dialogue and information sharing on key issues related to data privacy and protection within the UN system; (ii) unite existing efforts on data privacy and protection; and (iii) develop a practical UN System-wide framework on data privacy and data protection. The UN PPG led the development and adoption of the UN Principles on Personal Data Protection and Privacy by the High-Level Committee on Management (HLCM) in 2018. More information can be found at https://www.unsceb.org/privacy-principles.

[2] WHO issued “Ethical considerations to guide the use of digital proximity tracking technologies for COVID-19 contact tracing”. More information can be found at https://www.who.int/publications/i/item/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1

 

Source : https://www.upu.int/en/News/2020/11/Joint-Statement-on-Data-Protection-and-Privacy-in-the-COVID-19-Response#_ftnref1

Previously posted at :