WHEN the pandemic began, we were asked to surrender a part of our privacy for the sake of public health.
In the name of contact tracing, establishments began gathering our names, home and email addresses, and mobile phone numbers. Nowadays we write down our contact details on paper forms, on a logbook, or on a document generated by scanning the QR (quick response) code of the restaurant, mall, bank, or supermarket that we're about to enter. To those details, we add our temperature on that date and time, taken by the staff tasked to assess our physical health at that moment.
We submit, because it's required by law and also because, we are told, the details are needed to warn us in case, someone, we had been in contact with tests positive for Covid-19. Or vice versa -- the government needs to find who we have spent time with in case we test positive for Covid-19.
How convenient it would be, one might think, if all those contact tracing forms and QR codes were centralized into one office. If, say, a city or a municipality requires everyone to get a QR code, unique to the person. All public or commercial establishments, on their part, must scan the QR code before letting anyone in.
The QR code would function as an identification card, the only difference being that, unlike before when you only need to show your ID while in school or at the office, this time you'll need to show your ID everywhere you go.
How efficient, right? Just QR code to get anywhere in the city. No need to fill up forms, whether paper or digital. Just one QR code to open doors anywhere you go.
Remember, though, that data is more than just a key. A key-the ordinary, physical one -- will open doors without anyone else knowing when those doors were opened; neither will it tell anyone what doors were opened when, and where. A QR code unique to you, and which all establishments are required to collect, will tell the data processor where you have been to, when, and how often.
Say, for example, that person X, living in City Y, has been required to register for a QR Code. To get into any commercial or public establishment in City Y, X must register on a website, which will then issue them a QR code, which they must use for the rest of their life, or at least for the duration of this pandemic.
Every morning X goes to a coffee shop for an hour, then goes to the office; during lunch break, they go out to fast food. Every Friday they go to the supermarket for groceries, and every weekend they go to the mall.
If each of those establishments -- the coffee shop, the mall, the grocery, the fast food -- had a separate QR code, they'd know that X is a frequent visitor, and would see patterns in their visit to their respective establishments. But they wouldn't know where else they go, or how X spends the rest of the day.
However, City Y, by assigning a unique QR code to X and making it a requirement for entrance to commercial and public establishments, will get all of this information about X. If Y were to require public transport to collect QR codes, and if X uses public transport, it would know as well the patterns in X's travels around the city.
But hey, X is not doing anything wrong, right? So what if the government finds out exactly how X spend their days? As if those little old ladies in the government office even care.
Ah. Those little old ladies may not care about X, but someone always does. Is City Y protecting the information about X from those who want to get it without their permission?
Say X has an overeager fan who wants to start the day watching them have coffee. Or a jealous partner who wonders if they are having coffee with someone every morning. Or simply a zealous marketer researching who starts their day with coffee. These people would simply head over to City Y's database and ask for X's data. Of course, City Y is not supposed to give it; the question is, can City Y protect X's data from those who want to take it? Even if City Y refuses to share X's data without permission, can it keep the data secure?
What if X were a human rights defender and someone just decides the world is better off with one less human rights defender and decides to hack City Y's database to find out where to lie in wait for X? Or X has a jealous partner who thinks it's cheaper to bribe one of those little old ladies in City Y's office to find out how they spend the day than to hire a private investigator to follow X around?
Yes, City Y is supposed to protect X's data. But did anyone check if it can? Did X look up the security breach procedures in City Y's privacy manual, or ask its data privacy officer if City Y has the data processing agreements required by law when it shares its data with other entities?
The law provides penalties for failure to protect personal data, ranging from multi-million fines to imprisonment. But if X were to die because a killer was able to profile them using data from City Y, how much of consolation will the multi-million fine be to X's loved ones?
Data needs to be kept secure because a seemingly innocuous detail -- the time one had coffee on Thursday -- may be combined with other data -- where one had coffee; how often one had coffee; who one had coffee with -- to produce a pattern and profile a person. It can be used to predict future behavior, or even influence decision-making.
What if, for example, one's coffee-drinking habits are included in the information used to assess that person's credit standing (drinks very expensive coffee every day, pays for it in cash, but has unpaid bills = extravagant lifestyle, high risk = deny loan application)? Or to find a person: say X gets sued for estafa and the police, wanting to serve him a warrant, asks City Y for information on how to find X?
Personal data must be kept secure and protected because it can easily transform from a simple key to a killer's tool. Or, from a QR code that provides entrance to malls, to information that rules a person's life.
Dana Batnag heads the policy and risk management section in the data privacy office of a private company. She may be contacted at firstname.lastname@example.org.