This article was co-authored by Senior Advisor D. Daniel Sokol and originally published by a blog from the Yale Journal on Regulation and ABA Section of Administrative Law & Regulatory Practice.
The World Health Organization (WHO) has urged countries to trace and track every COVID-19 case. Tracking the spread of the virus is essential to effective mitigation of this health pandemic. During the ongoing worldwide healthcare crisis, one of the data-driven tools that has been shown to be effective in curbing the spread of this virus, is active contact tracing and monitoring of people who have come into contact with any suspected COVID-19 patient. Finding all the people who are infected and the people they have been in contact with to try to bring that infection chain to a standstill is imperative in mitigating the impact of this disease and the scale of this pandemic. Successful examples of these data-driven and technology enabled predictive practices have been shown in Taiwan, China, Singapore, Israel, and South Korea. Business data analytics have a critical role to play in this fight.
Korea and Taiwan have been able to mitigate the spread of the virus by unlocking the potential of digital platforms, big data and machine learning. The appropriate institutions in these countries have been testing hundreds of thousands of people for infections and tracking potential carriers using smartphone, GPS and satellite technologies. South Korea’s Patient Number 31 makes for a brilliant case study of such contact tracing and monitoring as authorities set out identifying, locating and testing the hundreds of people who’d crossed paths with her—and when they found those she’d infected, the thousands more who’d crossed paths with them. South Korea’s ability to quickly flatten the infection curve and get to a point where it has ones of the lowest mortality rates as a function of the infected population, is a testimony to the effectiveness of their contact tracing measures.
In a time when digital platforms and the tech industry are under populist attack, COVID-19 could serve as a reminder of the benefits of the prowess of digital platforms and their associated technological ecosystems. To effectively combat COVID-19, effective use of data is essential. The important policy question then becomes what data are needed for the kind of contact tracing that has worked in places like South Korea, Singapore, Israel, and Taiwan and which kinds of organizations have access to such data.
The use of data analytics in health pandemic prevention is a result of significant transformation in the ability to collect massive datasets and harness them using AI and machine learning. During SARS, the penetration of smartphones, the quality of locational data, and sophistication of algorithms to exploit this information were still in their infancy. Today’s pandemic response can be different in part due to advances in digital technology.
Highly atomic and granular consumers’ current location and past trajectory data that reveals all the locations that a given consumer has been to in the immediate past, are needed for successful implementation of contact tracing. Today’s smart phones are sophisticated enough to disclose a given user’s location data within 1 foot. By virtue of the fact that consumers are wedded to their smartphones and some also adopt wearable technologies, these data are available to telecom providers, digital platforms, wearable technology and smart watch firms, and mobile app developers. In the recent past there has been backlash against telecom firms and tech companies for their alleged data collection and usage practices. For example, in 2019, a massive class action lawsuit was launched against the four biggest U.S. mobile carriers for selling location data to third party data brokers. The complaint alleged that the mobile carriers violated federal communications law by sharing phone numbers, geo-location data, and other account information.
A new approach is necessary that utilizes the strength of tech companies and data collection. To do so, there needs to be global regulatory coordination to grant the right institutions authority to access granular user data from CCTV surveillance footage, GPS tracking data from phones and cars, credit card transactions and ATM records from financial service firms and so on. This requires active collaboration between the public sector and the private sector—for example, tech companies, startups and telecom providers being incentivized to share their data with the government. It is notable that a small Canadian AI startup BlueDot spotted COVID-19 nine days before the WHO alerted people to the emergence of this coronavirus.
To enable effective coordination between public and private sectors, government has to provide assurances to platforms, telecom providers, and tech firms that such data sharing will be exempt from any adverse regulatory action or private lawsuits, now or later. These mandatory data sharing exemptions are desperately needed. Working together and creating narrow exceptions to data sharing across different types of datasets that may be covered by divergent regulatory schemes is a reminder that data regulation is a work in progress globally. Of course, appropriate caveats have to be built into these data sharing practices such that there is zero tolerance for the misuse of data by government authorities or policy makers that could violate individual privacy.
Our health privacy system was created at a time in which bioethicists worked within a 1970s framework. Today’s health situation with both regulated health data and “unregulated” data is more complex. Health data privacy laws have protections for individuals and society for good reason. The legal framework understands the potential stigma of the release of certain health information. Such laws also afford some protections, including the right of access to one’s own data. However, health data laws also provide mechanisms for harnessing people’s health data without their consent for socially beneficial public health purposes such as HIPAA’s exception to consent for reporting data to public health authorities. Public health officials do not have the experience in understanding commercial data, which does not need similar protections but for which the interaction with “regulated” health data is still not precise under many national legal frameworks. Government authorities, working with the private sector, need a set of consent exceptions that allows non-health data to be harnessed for the public health done with health data.
Pandemics do not happen every day. Challenging times call for more innovative and effective measures with respect to regulatory thinking. The ability of regulators to see the benefits of data science and analytics might also have an effect in tempering the broader populist backlash against the use of AI and tech companies more generally. COVID-19 is still in its infancy in many parts of the world. Tech companies and governments need to come together at a time like this to work together towards addressing the greater good. Early indications suggest that such private-public collaboration between the tech sector and the government is likely to happen in the future. Time is of essence here since millions of lives are at stake.
This article originally published by a blog from the Yale Journal on Regulation and ABA Section of Administrative Law & Regulatory Practice. For further information please visit here.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.