By Gary Shapiro
April 10, 2020 at 5:00 am ET
Some people want us to be like China and track citizens with facial recognition and phone movements. Now Chinese officials are taking people’s temperatures when they change locations. These actions seem to have helped contain the coronavirus mostly to one province.
Others want the government to have no access to private information – even in life-threatening situations.
I suspect most Americans want a more balanced approach, one that balances privacy and security. They recognize that if lives are at risk, some privacy must be given up. That’s why we subject ourselves to intrusive security before we get on a plane.
Now Congress is considering this issue in light of the COVID-19 virus. The Senate Commerce Committee held a “paper hearing” on April 9 on how consumer data is being used to contain the spread of COVID-19, and the privacy concerns this may raise. Along with other governments around the world, the United States is grappling with how to balance public safety and consumer privacy.
Democracies are shifting on this. Despite regimes favoring total privacy, some European countries are now favoring public safety. Mobile carriers in Italy, Germany and Austria are now sharing data with health authorities to monitor social distancing. They’re following in the footsteps of Israel, which is using mobile data to follow COVID-19 patients ordered to stay at home.
The United States should consider implementing similar measures. Consumer data can help predict the next virus hotspot, judge the effectiveness of social distancing measures or even determine available hospital beds.
Some companies, like Palantir, are providing software to the Centers for Disease Control and Prevention that can help give insight into where resources may be needed. Facebook is providing data to academics and nonprofits analyzing the spread of the virus. Researchers who are using Google Trends – a public tool allowing access to anonymous and aggregated search data – to track COVID-19 outbreaks showed that consumer inquiries about losing the sense of smell correlated almost perfectly to COVID-19 hot spots.
I’ve argued before that we must be reasonable in balancing different societal needs versus the need for privacy. I also believe tech consumers should not have to sacrifice privacy for security. Discussions around increasing public health surveillance is why the United States desperately needs legal guardrails and protections when it comes to tech privacy and security.
This means differentiating sensitive personal data from more generalized data that offers a social benefit – sharing anonymized aggregate data. It’s the same “data for good” argument to be made for why we should aggregate health care data, which can give practitioners critical and lifesaving insight on their patients’ illnesses.
We need a pre-emptive federal privacy bill, instead of the patchwork of state privacy laws we now have. This legislation should specifically address policies for different types of data depending on the level of risk; it should address key issues while also allowing tech companies room to innovate; and it should never harm small businesses’ ability to compete.
With the General Data Protection Regulation, Europe implemented a vast new regulatory and compliance regime that put privacy above all else. By requiring consent to every data use, GDPR deprives Europeans of important benefits, like transmission of emergency health data.
The COVID-19 crisis may have spurred Europe to recognize what data can do in cases of public safety, and re-evaluate its approach. It’s a lesson for the United States that top-down privacy compliance regimes aren’t in the best interest of citizens. A “one size fits all” approach simply does not work, because different data – such as aggregate cell phone data that can save hundreds of thousands of lives – merit different levels of protection.
And in a case like this, rigid, unrelenting privacy protections may not be the best policy. Tech companies should be able to freely coordinate with the government to best use what, if any, data or resources can help save lives.
Any policy we do adopt must include safeguards to protect individual privacy, transparency about what information is being used, encryption to keep that data safe and requirements that data is deleted once it is no longer in use.
Data is a vital raw material for the modern economy, and this is something we must keep in mind as we consider our country’s approach to privacy and security amid the coronavirus pandemic. Finding the right balance between data sharing and privacy – and how far the government can get involved in times of national emergency – is critical.
Gary Shapiro is president and CEO of the Consumer Technology Association, the U.S. trade association representing more than 2,000 consumer technology companies, and a New York Times best-selling author who wrote “Ninja Future: Secrets to Success in the New World of Innovation.” His views are his own.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.