The COVID-19 crisis has confirmed the potential for collaboration between the telecom industry and public authorities.
In recent months, the Coronavirus pandemic has warranted the use of an unprecedented amount of data and heralded a new era in the cooperation between the telecom industry and public authorities. Despite sparking an intense debate about data and privacy, European policymakers have witnessed first-hand how big data can serve the public interest. As such, the crisis has changed the narrative about the benefits of big data. In the end, privacy and data use are not always in opposition; they can be complementary.
Telecom companies are currently sharing “aggregated and anonymised data” with public authorities that do not include personal details (phone number, name, date of birth). For health authorities, collecting location data allows them to better monitor population movement, gather statistics, and anticipate the next outbreaks or peaks.
The use of telecom data in pandemic crises is not a first. Mobile Network Operators have often joined forces with national authorities and non-profit organisations to tackle pandemics. Back in 2009, Telefonica played a pivotal role in taming the swine flu in Mexico. In partnership with the Mexican government, Telefonica Mexico and Myriad Group AG, a Swiss software company, developed a mobile-based survey tool to extract information about citizens’ mobility patterns. More recently, in 2013, Orange Telecom supported the response to the Ebola epidemic in Senegal by giving researchers from Flowminder, a Swedish non-profit, access to cell phone data. By monitoring where people had gone after leaving a hotspot, it was possible to foresee where a disease cluster would crop up next.
Meanwhile, it also acknowledged that anonymised location data could be subject to re-identification attempts.
While mobility and phone data have proved successful in reining in the spread of infectious diseases, its use has been heavily regulated for a long time.
Adopted 70 years ago, the European Convention on Human Rights preserves the right to privacy. The EU’s General Data Protection Regulation (GDPR) also protects the use of personal data. In particular, article 5 states that personal data shall be “adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed”. It shall also be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”
According to GDPR’s recital 26, anonymised data do not fall under GDPR. “The principles of data protection should not apply to anonymous information, namely, information that does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”
Meanwhile, several concerns have been raised about whether “anonymised” cell phone data can reveal personal details. For example, the Dutch privacy regulator has flagged when home and work location data are combined, the individual behind the “anonymised” data can be identified. In their Guidelines 04/2020, the European Data Protection Board (EDPB) reaffirmed that anonymised data fell outside of the scope of GDPR. Meanwhile, it also acknowledged that anonymised location data could be subject to re-identification attempts.
A key element here is that GDPR’s Article 9.2(i), recognises the importance of flexibility when it comes to the processing of personal data in the public interest. The EDPB considers that the EU and the Member States identified the fight against the current pandemic as a vital public interest.
[…] a Data Act in 2021 that will spur business-to-government data sharing in the public interest.
In its 2018 Communication “Towards a common European data space,” the Commission had already acknowledged that the capability to analyse and learn from data is rapidly becoming a pivotal ingredient in business success and government efficiency. While the industry welcomed the initiative for a common data market, it also called for more details about when and how the framework would be launched. The Commission, however, had already set a few parameters clear: the data sharing would not be mandatory, not include personal details, not target Big Tech, neither seek to gather “essential” data for operators (e.g. names of users).
Since 2018, the Commission has:
In February 2020, the Commission announced its intention to go a step further and regulate data governance, access, and reuse between businesses (B2B), businesses and government (B2G) or within administrations. It also launched two consultations on the EU Artificial Intelligence Strategy and the Data Strategy that closed in late May. It will be interesting to see how the views of the different stakeholders have evolved with the Coronavirus crisis.
[…] data will be one of the top buzzwords of 2020 and 2021.
In its European Strategy for Data, the Commission foresees nine common EU data spaces across sectors. In coming months, it has committed to:
B2G data sharing has gained momentum. Still, the Commission is seeking to establish a pan-European scheme that will affect all sectors, including healthcare, tech, automobile and utility providers. A cross-sectoral consensus is not always easy to achieve. Delays are thus very likely. One thing is sure: data will be one of the top buzzwords of 2020 and 2021.