Article News

Privacy, Data Protection, Security and Trust in a year of the global pandemic

This article is written by Vasiliki Koniakou, from one of i3-Market’s partner organisations – Athens University of Economics and Business

Pitting technology against the pandemic, 2020 presented us with challenges – where to place the threshold of privacy protection and preservation, the risk of eroding public trust as we race to implement digital solutions, and opportunities – improved interoperability and data exchange may benefit the post-COVID world.

Annus Horribilis 

Arguably, 2020 was a year like no other in recent history. Even though the World Health Organization (WHO) had already identified that the likelihood of pandemics has increased over the past century for a variety of reasons, including urbanisation, globalisation, climate change and increased mobility,[1] hardly anyone was expecting that an infection that started last December in China would evolve into a global health crisis the way COVID-19 did. As of December 2020, almost 74,000,000 cases have been reported, while 1,644,589 people have died worldwide.[2] The pandemic has created unparalleled demand for data and insights to assess and mitigate the risks for public health, and prevent not only the toll on human lives, but also on the global economy. Simultaneously, whereas technology significantly contributed to mapping and preventing the spread of the virus, there are still several questions and concerns related to contact tracing systems and other privacy and data protection trade-offs that were deemed necessary given the circumstances.[3] The availability of reliable data, interoperability, security, and trust became pressing issues, while the merits, as well as the limits of privacy and data protection law, were significantly challenged. 

Privacy vs. a global public health crisis

“Privacy vs. public health” and swift decision-making to save lives, were two reasons invoked by several mostly non-EU countries, to justify privacy-intrusive methods and the invasiveness of several COVID-related applications. On the other hand, in the EU, the General Data Protection Regulation (GDPR) served as a protective veil for European citizens’ privacy, with sometimes questionable degrees of success, depending also on the national legal specificities and the level of Member State public sector compliance. Privacy and data ethics experts stress that anonymisation and usage of aggregated data as such, do not necessarily offer an adequate level of privacy and should not lead to the assumption that privacy and data protection are safely protected.[4] “Anonymised data” may create the impression that the individual is no longer identifiable. However, a 2019 study challenges this assumption. The researchers presented a model that may re-identify 99.8% of the data subjects in a dataset, pointing out that successful re-identification may reach considerably high levels in case of “heavily incomplete” anonymised data sets.[5] This is a particularly concerning, or even disturbing, realization, especially when it comes to geo-location and location privacy-related data, as well as health data. Furthermore, accepting this trade-off may serve as a “precedent for data-driven policing”[6],risking an ethical setback regarding where we place the threshold of privacy protection and preservation. It also familiarises us with the idea that fundamental rights may be interfered with, in the face of a crisis, without verifying whether such interference is proportionate, and in accordance with international human rights law. 

Security and Trust vs. time sensitivity 

Obviously, during a global epidemic, data and time are two of the most valuable resources for scientists and policymakers alike. Whereas the current situation is much worse compared to the 1918 flu pandemic, a significant difference is that today, science and technology allow us to monitor the spread of the disease and the mutations of the virus. We are also able to share data on the virus’ dissemination patterns, and insights for epidemiological models almost instantaneously, while effectively communicating protective measures worldwide. Leaving aside the unprecedented spread of fake news, information and communication technologies serve as important tools in the fight against COVID-19. Technology has been a key factor, particularly when it comes to understanding how seemingly subtle differences in our daily routines may have profound consequences for the spread of the virus, and tracing contacts to inform potentially infected individuals and contain further infection. As such, various tracing applications quickly became a rather central part of spread-monitoring and a source of information for data-driven decision-making. 

However, the rush to develop and implement such solutions led to several information security flaws that in turn challenged the trust of people in them.[7] Considering that data-driven decision-making and strategising require significant and reliable data sources, voluntary collaboration with the public is essential. In other words, people’s willingness to share their data is crucial. Consequently, trust is a vital component for the success of such solutions, as well as for bringing together quality data sources. As such, to avoid jeopardising the public’s trust in future projects as well, which would deprive a data-driven society from indispensable insights, it is imperative to further invest in security, consider the merits of decentralization in systems development, prioritize transparency, privacy, data protection and accountability. Even though time is indeed valuable, the loss of trust may be irreversible in the long term, while human rights and ethical values are not a question of convenience.

Big Data, interoperability and the global exchange of data 

The collection and processing of various types of data has been a key part of governments, intergovernmental and private actors’ response to the coronavirus crisis, in an effort to understand, map, monitor, contain and remedy the pandemic. Ironic as it may seem – given that our era is presumably the time of Big Data and Big Data Analytics – COVID-19 illustrated that there is still ample space for further elaborating and enhancing the collection and exchange of data on a global scale. Whilst health-related data may be the first example coming to mind, working from home combined with the drastic digitalisation of the global economy as well as the “turning-digital” shift of the social life for billions of people have created vast amounts of additional data and data sources. The question now is how this data will be collected, exchanged, and used for the benefit of mankind in the dawn of an arguably new period for humanity. Additionally, although the value of Big Data Analytics is already widely acknowledged, there are still several technical limitations that became particularly evident during the pandemic. 

To overcome such obstacles, Apple and Google came together in a monumental and highly symbolic cooperation to co-create application programming interfaces that allow interoperability between iOS and Android devices using COVID-19 related applications from public health authorities and offer a larger Bluetooth-based exposure notification platform.[8] This initiative is particularly noteworthy, not only because it highlights the power and potential of the collective intellect and coordinated efforts of technology giants, but also because it reminds us of the significance of interoperability and cross-platform compatibility, in an increasingly interconnected world. Especially as we are moving from Big Data to Smart Data, allowing data to flow and to be shared across different platforms and systems, it may significantly enhance data-driven decision making in several sectors, and contribute to the post-COVID world. From that angle, this doubtlessly difficult year brought, apart from a wide range of challenges, some opportunities worth exploring.

Data-driven technologies can be a double-edged sword and it is up to us how we wield it. While swift decision-making and quick implementation of digital solutions can help save lives, we risk an ethical setback regarding where we place the threshold of privacy protection and preservation, as well as the erosion of public trust. On the other hand, improved interoperability and data exchange may benefit the world in the long term. 

[1] WHO (World Health Organization). 2005. International Health Regulations. Geneva: WHO. – Jones K E, Patel N G, Levy M A, Storeygard A, Balk D., and others. 2008. “Global Trends in Emerging Infectious Diseases.” Nature 451 (7181): 990–93.

[2] The Johns Hopkins University & Medicine, Coronavirus Resource Center, COVID-19 Dashboard by the Center for Systems Science and Engineering (CSSE) at Johns Hopkins University (JHU), available at

[3] Gabriela Arriagada Bruneau, Mark Gilthorpe, Vincent C. Müller. The ethical imperatives of the COVID-19 pandemic: A review from data ethics, Veritas,44, (2020).

[4] Seng Ah Lee, M. Data Ethics in combating COVID-19 after lockdown. Cambridge University, Trust & Technology Initiative. Research perspectives. (2020)

[5] Rocher, L., Hendrickx, J. M., & de Montjoye, Y.-A. Estimating the success of re-identifications in incomplete datasets using generative models. Nature Communications10(1), (2019).

[6] Gabriela Arriagada Bruneau, Mark Gilthorpe, Vincent C. Müller. The ethical imperatives of the COVID-19 pandemic: A review from data ethics, Veritas,44, (2020).

[7] Ibid. 

[8] Google Inc, “Apple and Google partner on COVID-19 contact tracing technology.” Available at: