Regulating personal data usage in COVID-19 control conditions

Concern has been widely expressed about the potential for COVID-19 control technologies and resultant data sharing negatively impacting on civil rights, invading personal privacy, undermining citizen dignity through expansive data matching and ultimately providing opportunities for data use well beyond the brief of virus mitigation. This chapter offers suggestions regarding effective and inclusive regulatory responses when faced with extended surveillance, tracking/tracing, public/private provider data sharing and any breakdown in personal data firewalls, or otherwise conventional aggregated data deviations and distortion. In doing so, the chapter explores personal data usage in the context of COVID-19 as a regulatory enterprise. It addresses four fundamental features influencing the ultimate regulatory decision and direction: why, when, where and what, and presents a regulatory strategy to address the challenges of data usage in COVID-19 control conditions. It is proposed that this model is based on three facets. Firstly, the creation of an independent agency that researches potential personal data challenges transitioning out of the control situations. Secondly, Enforced Self-regulation Units tasked with the responsible operation and eventual decommissioning of surveillance technologies, and their data repositories, on a technology-specific focus. Thirdly, Civil Society Empowerment Initiatives that act as a counterbalance to the negative impact strenuous data protection regulation may have on current and future pandemic control strategies.