The outbreak of the COVID-19 pandemic has drastically changed the priorities of various actors around the world, both public and private. The health crisis has accelerated the pace of digital transformation and has triggered public debate on the legal measures and technical solutions adopted in response to the pandemic.
The debate has not been limited to traditional data protection and privacy concerns. More fundamental questions have emerged, concerning the rule of law, the legitimacy of ‘emergency measures’ and their practical effects on citizen’s everyday lives.
The scientific community has been called upon to produce research results in the fight against COVID-19 as quickly and effectively as possible, revealing how important our digital health connection has become. Improving the accessibility, effectiveness and sustainability of the electronic health systems used worldwide has thus become key, as well as the need ensure individual’s rights remain effectively protected.
Through our webinar ‘Data for the public good: Building a healthier digital future’, we aimed to explore the impact of measures taken in response to the COVID-19 pandemic and identify ways in which data can be used to be better prepared for the next crisis. We particularly focused on answering two specific questions:
When will the ‘new normal’ stop being ‘normal’?
How can we ensure a safer and healthier digital future?
We heard experts from various fields addressing three main themes, namely public health, digital transformation and the impact on fundamental rights (such as freedom of movement, data protection, non-discrimination), each of them considering these themes from their own perspective.
While there were no doubts over the EU’s commitment to the fundamental right to data protection and privacy, the first panel argued that the initial response to the COVID-19 crisis by Member States was not a coordinated one, nor fully compliant with the right to freedom of movement under EU law. From a public health perspective, we learned that data has been integral to the monitoring of the pandemic’s evolution in Europe and in the facilitation of risk management. From a humanitarian perspective, we learned that increased reliance on digital technology has led to the exacerbation of existing vulnerabilities, proving that digital harms are real harms. From a digital rights’ perspective, the use of health data not limited to patients’ files, has become ubiquitous. More generally, increased surveillance capabilities have augmented the risk of discrimination and of exacerbating existing vulnerabilities. We had warned about these aspects in April 2020, at the beginning of the pandemic in the our Carrying the Torch in Times of Darkness Blogpost. A call for transparency, effective governance and the ability to use tools that do not put the fundamental rights of individuals at risk were advocated as the main conclusion of the first panel.
The second panel, aimed to understand the way data and technology may be used in the future particularly from a health perspective. The panel highlighted the importance of data to create new opportunities. The European Medicines Agency (EMA) underlined that much is possible with the use of secondary use of data to support medicine regulations, in terms of development, authorisation and oversight. The European Commission, on the other hand, highlighted the main issues and challenges that European Member States still face with regards to the use of health data for public purposes, namely access to health data across borders both for healthcare and secondary purposes; limited movement of digital electronic health services; and a slow roll-out of artificial intelligence in the health care sector, including an additional difficulty for companies to access data for the purpose of training their AI-based systems. The solutions proposed involve the need to invest in adequate infrastructure and interoperability, the quality of data and EU-national coordination. For more on this, read the EDPS Preliminary Opinion 8/2020 on the European Health Data Space. The second panel was concluded by a scientific researcher, who underlined that data for research purposes is still scattered and that a stronger data governance, including the clarification of key concepts that would simplify data protection compliance would be a benefit to the scientific research community.
The discussions by the panellists illustrated that, while the initial reaction to the pandemic was not fully coordinated or in line with EU law, data protection and privacy have remained key to the discussions and adopted technical solutions.
Access to health data for primary and also secondary use was in the webinar referred to as being essential but still complex to achieve in practice. The speakers referred to opportunity of deploying solutions at EU level which would further invest on infrastructure, interoperability, and quality of data.
We are no longer in the initial phase of the emergency response to the pandemic and the big challenge ahead will be laying down the foundation of the future responses to possible next health crisis. In this sense, our webinar aimed to also foster the debate around what shall be improved, from a legislative, technical, infrastructural and coordination point of view perspective.
One of the main conclusions that can be derived from our webinar is the need for a more coordinated and effective use of data for public health purposes. If we want to ensure that data protection continues to fulfil its role in supporting trust in the use of data in emergency situations, the data protection community will need to engage more actively with experts from the public health community in the EU and other international organisations.
Renewed attention will also need to be paid to avoid that the notions of public good or common good are misused for gains other the societal ones.
The EDPS will continue to actively engage in the discussions on how to make all of this possible. Through our work, including the creation of an internal Task Force at the beginning of the pandemic which deals with all COVID-19 matters, we will also continue to ensure that the fundamental rights of data protection and privacy are embedded in each solution envisaged to overcome any obstacle to an effective and efficient use of data for the public good.