The Covid-19 pandemic is teaching us the cost of privacy

Societies that have shown greater respect for their citizens’ personal information appear to have suffered more.

Sign Up

Get the New Statesman's Morning Call email.

At the beginning of this month, privacy campaigners at the Open Rights Group (ORG) issued a legal challenge to the Health Secretary to determine whether the government's test-and-trace programme had followed the data protection measures required by the General Data Protection Regulation (GDPR). This morning, the ORG published the government's response – it had not. The Information Commissioner’s Office said that while it recognised the urgency of rolling out the programme, “people need to understand how their data will be safeguarded”. The ORG’s executive director has called the government “reckless” and – somewhat oddly in the circumstances – accused the government of endangering public health.

This raises the question of whether privacy is a public health issue and in what way. Are governments justified in infringing citizens' rights, if doing so will save citizens’ lives?

“The problem is that you can’t force people to have common sense”, Chrystina Barros, a public health expert at the University of Rio de Janeiro, told the Financial Times last month as thousands of Brazilians gathered on beaches.

Can’t you? Covid-19 forces us to ask again what is the morally responsible exercise of power.  

In moral philosophy, Professor Philippa Foot’s “trolley problem” is used to model this question. In the scenario, the driver of a trolley-bus (or tram) rounds a bend at the top of a hill and sees five workmen repairing a track at the bottom. He applies the brakes but they don’t work; if he continues on the current course the five workmen will die. The driver has an option to turn the trolley onto a spur line, where there is one workman, who would be killed if the driver turned the trolley. Is it morally permissible to turn the trolley, killing one workman who would not have died, but saving the lives of the five in the direct line of the trolley? The scenario has been added to in multiple different ways over the years, asking what else might be justified to save the lives of the five workmen.

Let’s apply this to the case of Covid-19. It appears to be the case that those countries that apply the most efficient testing, rigorous test-and-trace and surveillance of their populations are able to minimise the spread of the virus and to reduce deaths. In general, the more effective the policing of the population, the greater the success in reduction of cases and therefore deaths. If we take the statistics for cases and deaths from 1 July: China recorded 83,534 cases and 4,634 deaths, the UK 312,654 cases and 43,730 deaths, and the US a staggering 2,727,996 cases and 130,123 deaths.

Even allowing for significant inaccuracies in reporting and measuring cases, there is sufficient discrepancy for us to be able to draw a basic conclusion: those societies that have chosen not to exercise their power to override privacy concerns are likely to suffer a greater number of fatalities.

Before continuing, it is necessary to park any thoughts about the failures of the Chinese system to identify and contain the outbreak in the first place. These were obvious failures but this is not that debate. The fact is that since the Chinese government mobilised on the problem, it has been able to act quickly through state surveillance mechanisms. These are generally considered oppressive. But given the size of the population and the death rates in comparable countries, a conservative estimate would say that the Chinese state actions since the outbreak in Wuhan have saved the lives of 50,000 of their own citizens.

Should Western governments turn the tram onto the spur track, by breaching privacy legislation to create a more efficient test-and-trace system? Privacy rights would die, but more people would live. This raises the uncomfortable possibility that privacy campaigners are responsible for preventing the introduction of technology that would enable lives to be saved.

The local outbreaks in Leicester and Blackburn with Darwen have exposed the very real difficulties of applying a pattern of testing, assessment and action in less tightly controlled countries. Local authorities have not had access to the data they need; up-to-date local data is vital in containing outbreaks, particularly as a contact-tracing app is not yet in place. This is being slowly and partially rectified. The public health director of Blackburn with Darwen Council called this weekend for Public Health England to share more data with local authorities; it only began sharing postcode information on 29 June.

It should hardly be a surprise that the development of a test-and-trace app has been beset with difficulties, at the heart of which is the issue of data protection. The developers needed to create a database that could encrypt, anonymise and protect huge amounts of confidential patient symptom data, and also enable it to be made useful for analysis in real time.

The question of who owns the data and what can be done with it is redolent of earlier debates at the time of the introduction of data protection legislation and the “Snooper’s Charter”. If protection of the data makes it impossible to protect the people, can this be right? There was always going to be a tricky balance between people’s rights to privacy and the ability of the authorities – those parts of government whom we expect to keep us safe – to be able to access information they need. This debate has already been held on questions about child sexual abuse, terrorism, and other aspects of health such as mental health and domestic violence, often with an unsatisfactory compromise as the outcome. 

Now, the frustration often felt by police and local authorities when working on terrorism is felt by local authorities trying to keep people safe from the virus. This issue is not new – and in medical terms, it is ancient. What would Hippocrates have made of the current situation? If he could save tens of thousands of lives by sharing personal data, would he have been prepared to sacrifice the privacy of his patients?

Suzanne Raine worked for 24 years in the Foreign and Commonwealth Office on foreign policy and national security issues. She is an affiliated lecturer in the department of politics and international studies at the University of Cambridge

Free trial CSS