To aid in the response to COVID-19, can telecom service providers provide certain types of mobile network information, to help public health officials, researchers, academic institutions, and other organizations? How can service providers satisfy the privacy expectations of Canadians as well as legal, ethical and regulatory requirements?
A few weeks ago, in a newspaper article (“John Tory sparks debate on possible use of cellphone data for infection detection”), I said “With appropriate oversight and consideration for balancing our privacy rights against the real opportunity and potential to save lives, I think most Canadians would want our government to leverage every tool and technology at their disposal in the battle against the spread of this virus.”
So, how do we balance our privacy rights against the opportunity to leverage technology to save lives?
The use of mobile network data has figured prominently in some successful public health battles against the spread of COVID-19, particularly in Israel and Taiwan. Service providers should already be contemplating these questions, and updating privacy and transparency practices to reflect the need to contribute quickly and meaningfully when government agencies seek data to improve the effectiveness of our national response to the threat of COVID-19, while still considering and maintaining our privacy rights.
An OpEd by TELUS CEO Darren Entwistle and Ontario’s former Privacy Commissioner Ann Cavoukian describes the approach being followed at TELUS. TELUS has a “Trust Model” for use of data, setting out three core principles on its corporate website: accountability; ethical use; and, transparency. “We build trust with our stakeholders by using data in a way that generates value, promotes respect and delivers security.”
The OpEd states:
Embedding the foundational principles of Trust by Design (TbD) into a business is the most effective way to earn a reputation as a trustworthy steward of customer data. TbD emphasizes the vital need for businesses to counter a mounting trust deficit by building trust into their operations, beginning with a commitment to transparency and accountability. Keeping control of and responsibility for algorithms, respecting privacy as essential to freedom, and identifying security risks to minimize potential harm are all critical over-riding principles. When they are correctly implemented, customers don’t actually have to do anything to protect their privacy — it is built into the system by default.
It’s worth repeating: when done correctly, no customer action is required to protect their privacy – it is already built into the system by default.
There is an opportunity for mobile data to contribute meaningfully to combat the spread of COVID-19. “Organizations that prioritize the privacy of customers can expect to earn their lasting trust both now and in a post-COVID-19 world.”
Which telecommunications service providers will be prepared with appropriate policies to safeguard customer privacy and preserve a level of trust with all stakeholders?