Data Privacy Regulation Will Undergo Subtle But Massive Shift Due to the Coronavirus, Experts Say
April 10, 2020 – Data privacy regulation will undergo a subtle but massive shift due to the coronavirus, according to panelists in a webinar hosted by the Technology Policy Institute on Tuesday. “The pandemic has revealed ways in which tradeoffs need to be made with privacy,” said Jane Bambaur, a la
David Jelke
April 10, 2020 – Data privacy regulation will undergo a subtle but massive shift due to the coronavirus, according to panelists in a webinar hosted by the Technology Policy Institute on Tuesday.
“The pandemic has revealed ways in which tradeoffs need to be made with privacy,” said Jane Bambaur, a law professor at the University of Arizona. Decisions about data privacy during coronavirus need to be “made with clarity so that [data] can be shared in real time when it’s most needed and most important.”
Whatever decisions are made should also make sense in a post-coronavirus landscape, Bambaur said, since “we are all under house arrest right now.”
Tom Lenard, Senior Fellow and President Emeritus of the TPI, said that data collection regulation should be loosened in a time of crisis since widespread data-tracking has a benefit to society.
He compared mandating data-sharing to the individual decision of parents deciding whether to vaccinate their children, which is a right but one that when exercised can harm society at large.
Liad Wagman, a spokesperson for the Federal Trade Commission, wondered about whether the U.S.’s approach to data privacy following coronavirus will be similar to action following the terrorist attacks of September 11, 2001.
At that time, he said, the country saw a “tradeoff between security and privacy.”
Furthermore, whatever changes made in response to the pandemic will probably “stay on the books” years later.
In fact, the FTC published a report following the 19 states who loosened their data privacy laws following 9/11. It found that those laws largely stayed on the books 18 years later.
Alan Raul, a partner at the privacy and information law practice of Sidley Austin LLP, said he had seen “a ground shift among the key players” in the data privacy landscape.
European Data Protection Board officials have said that the General Data Protection Regulation, Europe’s precedent-setting data privacy law, “is not going to get in the way” of the continent dealing effectively with COVID-19.
Even the non-profit data privacy advocates have indicated that, “with appropriate safeguards,” they are OK with loosening of data privacy laws that will better help track the spread of disease.
“Privacy is a really important value,” Raul said, “but we need to be reasonable about it.”
Panelists also locked horns over data privacy violations that cause harms that are considered “intangible but still concrete.”
Raul argued in favor of applying cost-benefit analysis to these less easily quantified data violations, examples of which include the Cambridge Analytica scandal. The scandal involved an array of data monitoring measures, including some attempting to American voters in 2016, as well as elsewhere.
Raul argued that intangible but concrete values such as “human dignity” are on the line during those kinds of violations.
But Bambaur shot back that applying cost-benefit analysis to every one of these types of violations “is exceedingly difficult.” Furthermore, she argued that microtargeting itself can’t be a harm because then “the internet will be illegal.”
Raul analogized his background in environmental work to the early problems with conducting a cost-benefit analysis of environmental threats.
However, as technology became feasible, and even sensible, as it developed. “In the privacy realm, they don’t even try” to assess the cost-benefit analysis, he complained.