UN organizations pass joint statement on data privacy and protection in Covid-19 response

Mumbai | Updated on November 22, 2020 Published on November 22, 2020

All multilateral bodies of the United Nations, including UN OCHA, UNDP, UNESCO, UNHCR, UNICEF, ITU, among others, have passed the joint statement on the UN Personal Data Protection and Privacy Principles adopted by the UN System Organizations.

The guidelines were passed in order to support its use of data and technology in the Covid-19 response in a way that respects the right to privacy and other human rights and promotes economic and social development.

The agencies mentioned in the statement that the mounting evidence demonstrates that the collection, use, sharing, and further processing of data can help limit the spread of the virus. This can also aid in accelerating the recovery, especially through digital contact tracing.

The organizations believe that mobility data can assist in monitoring the spread of the virus and support the implementation of the UN System Organizations’ mandated activities.

Hence, the collection and processing of such data, including digital contact tracing and general health surveillance, may include the collection of vast amounts of personal and non-personal sensitive data.

They believe that this could have significant effects beyond the initial crisis response phase, including potentially leading to the infringement of fundamental human rights and freedoms.

This concern is especially pressing if some emergency measures introduced to address the pandemic, such as digital contact tracing, are turned into standard practice, added the statement.

Taking into account the UN Personal Data Protection and Privacy Principles, the UN Secretary-General’s policy brief included the following guidelines:

  • Be lawful, limited in scope and time, and necessary and proportionate to specified and legitimate purposes in response to the Covid-19 pandemic;
  • Ensure appropriate confidentiality, security, time-bound retention, and proper destruction or deletion of data in accordance with the aforementioned purposes;
  • Ensure that any data exchange adheres to applicable international law, data protection and privacy principles, and is evaluated based on proper due diligence and risks assessments;
  • Be subject to any applicable mechanisms and procedures to ensure that measures taken with regard to data use are justified by and in accordance with the aforementioned principles and purposes, and cease as soon as the need for such measures is no longer present; and
  • Be transparent in order to build trust in the deployment of current and future efforts alike.

The organizations concluded that the guidelines may serve as a precedent for using data to respond to any future crises of a similar scale quickly and while respecting data protection and privacy.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on November 22, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.