IGF 2020 WS #182&318 Discussion on the Protection of Personal Data/Information and Privacy in the Prevention and ‎Control of COVID-19‎

    Time
    Monday, 9th November, 2020 (12:10 UTC) - Monday, 9th November, 2020 (13:40 UTC)
    Room
    Room 1
    About this Session
    This workshop will focus on the protection of personal data/information and privacy under the background of COVID-19 pandemic. Issues to be discussed include: 1) importance, value, problems and risks of ICT and Personal Data/Information; 2) where the boundaries of the use of data are when facing public health crisis; 3) discussion of learned experiences & practices and potential inspirations for the role of ICT in future crisis, etc.
    Subtheme

    Organizer 1: Yueqiao Wang, CyberSecurity Association of China
    Organizer 2: Juan Zhang, China Internet Development Foundation
    Organizer 3: Yu Jiao, ChinaEU
    Organizer 4: Xiaobo Yang, CyberSecurity Association of China
    Organizer 5: Peter Kimpian, Council of Europe
    Organizer 6: Lucien Castex, AFNIC

    Speaker 1: Yuxiao Li, Civil Society, Asia-Pacific Group
    Speaker 2: HongJian Sun, Civil Society, Asia-Pacific Group
    Speaker 3: Luigi Gambardella, Civil Society, Western European and Others Group (WEOG)

    Additional Speakers

    (1) Mr. Liang Hao, Deputy Director-General, Bureau of International Cooperation, Cyberspace Administration of China

    (2) Mr. Jan Kleijssen, Director of Information Society and Action against Crime, Council of Europe

    (3) Mr. Peng Feng, Deputy Secretary-General of China Internet Development Foundation

    (4) Ms. Dr. Stephanie Perrin, President of Digital Discretion, Canada, Chair of the Non-Commercial Stakeholder Group

    (5) Mr. Luigi Gambardella, President of ChinaEU, Civil Society, Western European and Others Group (WEOG)

    (6) Mr. Ricky Rakesh, Faculty and Researcher on data privacy and protection, India

    (7) Mr. Fang Yu, Director of Cyberlaw Research Center, China Academy of Information and Communications Technology, Civil Socity, Asia-Pacific

    (8) Ms. Francesca Musiani, Researcher at CNRS, France

    (9) Mr. Wang Lei, Senior Counsel of Sina Group, Private Sector, Asia-Pacific

    (10) Mr. T. George-Maria TYENDEZWA, Head of Cybercrime Prosecution Unit, Nigeria

    (11) Ms. Wang Li, Researcher at Xi'An Jiaotong University Suzhou Academy of Information Security, China

    (12) Mr. Eduardo Bertoni, President of the Argentinian DPA

    Moderator

    Yuxiao Li, Civil Society, Asia-Pacific Group

    Online Moderator

    Xiaobo Yang, Civil Society, Asia-Pacific Group

    Rapporteur

    Yueqiao Wang, Civil Society, Asia-Pacific Group

    Format

    Panel - Auditorium - 90 Min

    Policy Question(s)

    1. How effective existing policy measures, international organisations, data protection authorities are to ensure that public health objectives and individual privacy rights are duly taken into account.

    2. How can a digital environment be created and managed that will also guarantee the protection of the right to privacy and to personal data / information protection, even in situations of crisis, with the necessary safeguards and procedures in place.

    -What are the boundaries and exceptions to the collection and use of personal data / information? Which guidance are available from data protection authorities globally?

    -Is it possible to identify best practices as regards personal data / information & privacy protection?

    -Is there any instrument fostering international cooperation and data sharing with due regard of privacy and data protection rights and considerations that global, regional, national public health authorities can rely on?

    -To what extent stakeholders such as civil society, developers, industry, governments, DPAs were involved in the design and roll-out of applications implying the processing of personal data / information?

    1. ICT and Personal Data / Information under the Covid-19: importance and value, problems, and risks;

    2. Balance and Boundaries: Where are the boundaries of the use of data and which balance test is needed to protect privacy & personal data / information when facing public health crisis;

    3. Cutting-edge technology respecting the right to personal data / information and privacy: discussion of learned experiences & practices and potential inspirations for the role of ICT in future crisis, regarding the protection of personal data / information and right to privacy both technically and theoretically;

    4. Personal data / information & privacy protection and the role of relevant stakeholders (civil society, developers, industry, governments, intergovernmental organisations, DPAs, etc) in ensuring public health and the realization of the United Nations’ SDGs.

    SDGs

    GOAL 9: Industry, Innovation and Infrastructure
    GOAL 11: Sustainable Cities and Communities
    GOAL 17: Partnerships for the Goals

    Description:
    The full title of this workshop is "Discussion on the Protection of Personal Data/Information and Privacy in the Prevention and Control of COVID-19". The global outbreak of novel coronavirus (COVID-19) has posed continuous challenges to social economic life and public safety. Since the outbreak of the pandemic, the Information and Communication Technology (ICT) and the Internet Applications, have been applied in quarantine and prevention, patient screening, epidemic analysis and even online diagnosis and treatment. These technologies have played a significant role during pandemic prevention and control in helping decision makers to grasp the development of the pandemic in a timely manner and improved the efficiency and accuracy of the containment of the pandemic. While these technologies were hailed, some lively discussions aroused on personal data/information protection and privacy security issues involved in the application of ICTs. As a matter of fact, the heated debates boiled down to the following questions: How can a digital environment be created and managed that will also guarantee the protection of the right to privacy and to personal data / information protection, even in situations of crisis, with the necessary safeguards and procedures in place? What are the boundaries and exceptions to the collection and use of personal data / information? Which guidance are available from data protection authorities globally? Is it possible to identify best practices as regards personal data / information & privacy protection? What roles can relevant stakeholders play in this process? This workshop will focus on the protection of personal data/information and privacy under the background of COVID-19 infection. It will draw from practical use cases and give insights on which best practices should be considered as inspiration for future models. The event will be jointly hosted by CyberSecurity Association of China, China Internet Development Foundation, ChinaEU, Council of Europe and ISOC France.

    Expected Outcomes

    1. Collection of practice cases in personal data / information & privacy protection under Covid-19 pandemic through which boundaries of personal data / information processing and best practices in COVID-19 related data / information protection measures will be showcased.

    2. Youth Participation Scheme. Young students and scholars in relevant fields will be invited to register on IGF official website and participate in workshops remotely.

    3. Expected results:

    -Discussion on how a digital environment be created and managed that respects privacy of individuals and their right to the protection of personal data / information while facilitating governments, public health authorities, other stakeholders to combat global pandemic by the use of ICTs.

    -Share and showcase best practices of personal data / information & privacy protection, data management and e-Philanthropy during public health crisis.

    This workshop will be held online.
    1. Address: The session will start with initial address by representatives from related government departments and host organizations.

    2. Formal Speech: In this session, panelists (7 min each) will be invited to introduce on topics about protection of personal data/information and privacy under the prevention and control of Covid-19.

    3. Q&A: Guest speakers and guests online engage in interactive discussions on the topics. There is plan to invite experts, representatives of enterprises, and young scholars.

    4. Closing by moderators

    Moderators are:

    Mr. Yuxiao Li, Secretary-General of Cybersecurity Association of China

    Ms. Tamar Kaldani, first Vice-Chair of the Committee of Convention 108

    Address & Speech & Discussion Speakers include:

    (1) Mr. Liang Hao, Deputy Director-General, Bureau of International Cooperation, Cyberspace Administration of China

    (2) Mr. Jan Kleijssen, Director of Information Society and Action against Crime, Council of Europe

    (3) Mr. Peng Feng, Deputy Secretary-General of China Internet Development Foundation

    (4) Ms. Dr. Stephanie Perrin, President of Digital Discretion, Canada, Chair of the Non-Commercial Stakeholder Group

    (5) Mr. Luigi Gambardella, President of ChinaEU, Civil Society, Western European and Others Group (WEOG)

    (6) Mr. Ricky Rakesh, Faculty and Researcher on data privacy and protection, India

    (7) Mr. Fang Yu, Director of Cyberlaw Research Center, China Academy of Information and Communications Technology, Civil Socity, Asia-Pacific

    (8) Ms. Francesca Musiani, Researcher at CNRS, France

    (9) Mr. Wang Lei, Senior Counsel of Sina Group, Private Sector, Asia-Pacific

    (10) Mr. T. George-Maria TYENDEZWA, Head of Cybercrime Prosecution Unit, Nigeria

    (11) Ms. Wang Li, Researcher at Xi'An Jiaotong University Suzhou Academy of Information Security, China

    (12) Mr. Eduardo Bertoni, President of the Argentinian DPA

    Relevance to Internet Governance: Firstly, IGF is an international platform for all stakeholders to discuss Internet related issues. The implementation of internet based tools to contain COVID-19 outbreak in most jurisdiction raised fundamental questions for all players of the internet ecosystem. Discussions on the issues of personal data/information protection concerning COVID-19 pandemic reflects IGF’s focus on the most pressing issues of cyberspace faced by human beings. Secondly, The topic and the questions the workshop intend to address are of crucial relevance for the internet governance as it could give practical examples of recommendable data management during crisis (and in the preparation of future crisis management). Thirdly, the significant role of ICTs and its application in the prevention and control of the global pandemic has well explained the essence of Tech for Social Good, which is in line with the role of IGF advocating values and spirits of the internet.

    Relevance to Theme:

    Firstly, data governance has become one of the hottest topics in Internet governance, of which personal data/information protection and privacy security are the most critical issues. Because they involve everyone’s fundamental rights and interests, ensuring a high level of protection of personal data/information and privacy has been chosen as an overarching objective by several jurisdiction around the world. Secondly, against the background of the COVID-19 pandemic, the pursuit of a balance between the protection of personal data/information and public health interests has been amplified during the work on adopting IT to carry out epidemic prevention and control work. This is also a controversial topic in the background of data governance. Thirdly, it can also be of high value as it wishes to encompass recommendable practices during crisis to help answer with practical examples some theoretical questions such as where are the boundaries of individual’s privacy and safety in crisis and what are the safeguards and procedures to put in place in times of crisis in a digital environment, to protect personal data of individuals.

    Online Participation

    Usage of IGF Official Tool.

    Agenda

    1. Address: The session will start with initial address by representatives from related government departments and host organizations.

    2. Formal Speech: In this session, panelists (7 min each) will be invited to introduce on topics about protection of personal data/information and privacy under the prevention and control of Covid-19.

    3. Q&A: Guest speakers and guests online engage in interactive discussions on the topics. There is plan to invite experts, representatives of enterprises, and young scholars.

    4. Closing by moderators.

    Moderators are:

    Mr. Yuxiao Li, Secretary-General of Cybersecurity Association of China

    Ms. Tamar Kaldani, first Vice-Chair of the Committee of Convention 108

    1. Key Policy Questions and related issues
    (1) Discuss about the role of information and communication technologies during the pandemic, as well as risks and rising concerns coming along.
    (2) How effective existing policy measures, international organisations, data protection authorities are to ensure that public health objectives and individual privacy rights are duly taken into account?
    (3) Share thoughts on the relationship between public interests and individual rights under major public health emergencies, especially how to use personal data/information in pandemic prevention and control while respecting individual rights.
    (4) What are the boundaries and exceptions to the collection and use of personal data / information? Which guidance are available from data protection authorities globally?
    2. Summary of Issues Discussed

    (1) Most speakers agreed on positive sides in using ICT for pandemic prevention and control, and socioeconomic recovery. Some emphasized that ICT use should fit in a broader and comprehensive public health strategy. It is necessary to strictly follow data protection rules and principles to prevent overuse or excessive collection. Data protection is not a "yes" or "no" but a "how-to" exercise even in crises. Some said their countries recognized efficiency using ICT, but new controversies appear. Some underlined available non-digital tools could be preferred in given contexts.

    (2) Experts focused on relationship between public interests and privacy protection. Some thought we should incorporate in public interests all rules and conditions for  privacy and personal data protection. All agreed the priority of all nations is to overcome the pandemic. No public safety, no personal interests, and vice versa. Personal data/information and privacy is a universal fundamental right enshrined in art 12 of UDHR and other important international instruments. There are privacy-friendly solutions to strengthen efforts today in avoiding chilling effect on rights to privacy tomorrow.

    (3) Some thought we should respect different national conditions in different countries and regions. We are facing digital and privacy protection gaps to be tackled and preferably closed. Therefore, we should understand each other deeper.

    (4) Some emphasized exceptional measures by governments must be provided by law, respect the essence of fundamental rights and freedom, and be necessary and proportionate in democratic societies. Manners addressing health crisis would test resilience of data protection principles as key components of effective functioning of democracies. One speaker underlined that the future lies in our capacity to react promptly to new challenges without undermining our core values and putting societies at greater risks. Another speaker from developing country emphasized policy making should be based on national facts.

    3. Key Takeaways

    (1) The use of ICT in fighting against COVID-19 and in socioeconomic recovery should be promoted, just as the underlying privacy and personal data/information protection of individuals.

    (2) We should put emphasis on principles of reasonableness, proportionality, data security, transparency and accountability in order to uphold individual rights as many experts pointed out during the meeting. Trust is important in this process. It includes the trust between countries, between individual and government authority, and between businesses. It also includes individual trust on new technology and applications.

    (3) Personal data/information and privacy protection is a global issue, there is no country that can stay aloof from the affair. We should initiate international cooperation on the basis of deepened mutual trust, promoting international regulations in data protection. The Council of Europe put an emphasis on that many counties, regions to accede to Convention 108, which is an international public law document on data protection at global level, containing data protection rules and principles which are already adopted by a lot of countries and regions. With 55 states parties, the Convention is at present the only legally binding international treaty worldwide. China has always paid a lot of attention to privacy and personal data/information protection and proposed Global Initiative on Data Security this year, calling on states, ICT enterprises and international society to support and participate, hoping to make contributions to the global society.

    6. Final Speakers

    Moderators:

    Prof.Li Yuxiao, Secretary-General of CyberSecurity Association of China

    Ms.Tamar Kaldani, First Vice-Chair of the Committee of Convention 108

    Speakers:

    Mr.Liang Hao, Deputy Director-General of Bureau of International Cooperation, Cyberspace Administration of China

    Mr. Jan Kleijssen, Director of Information Society and Action against Crime, Council of Europe

    Mr. Peng Feng, Deputy Secretary-General of China Internet Development Foundation

    Ms. Dr. Stephanie Perrin, President of Digital Discretion, Canada, Chair of the Non-Commercial Stakeholder Group

    Mr. Luigi Gambardella, President of ChinaEU

    Mr.Ricky Rakesh, Faculty and Researcher on Data Privacy and Protection, India

    Mr.Fang Yu, Director of Cyberlaw Research Center, China Academy of Information and Communications Technology

    Ms.Francesca Musiani, Researcher at CNRS, France

    Mr. Wang Lei, Senior Counsel of Sina Group

    Mr.T. George-Maria Tyendezwa, Head of Cybercrime Prosecution Unit, Nigeria

    Ms. Wang Li, Researcher at Information Security Law Institute, Xi'An Jiaotong University Suzhou Academy, China

    Mr. Eduardo Bertoni, President of the Argentinian DPA

     

    7. Reflection to Gender Issues

    This workshop maintained a balance regarding gender of speakers and audience. In addition, we’ve brought youth to our meeting by inviting students from Research Base for Internet Governance of Beijing University of Post and Telecommunications.

    8. Session Outputs

    Majority from the workshop reached the agreement that ICT has played and is currently playing a critical role in the prevention and control of COVID-19 as well as the economic recovery worldwide. It was also underlined that the protection of privacy, personal data/information is facing challenges globally, considering the the complexity of measures and the underlying technology. There is an urgent need to figure out how to incorporate rules and principles pertaining to the protection of privacy and personal data/information into actions carried out for public interests during the pandemic. It is necessary to strictly follow data protection rules and principles to prevent overuse or excessive collection. It was highlighted that the different national conditions in different countries and regions must be respected. There is therefore a high need for a better mutual understanding and  for building a global community with a shared future, in order to tackle or preferably close gaps.

    In terms of specific measures and policy recommendations, emphasis should be put on principles of reasonableness, proportionality, data security, transparency and accountability in order to uphold individual rights as many experts pointed out during the meeting. Many speakers underscored how trust is important in this process. It should expand to building  trust between countries, between individuals and government authorities, between businesses and civil society as well as other stakeholders. It should also include individual trust in new technology and applications which also necessitates a range of measures such as transparency, explainability, algorithmic vigilance, privacy impact assessments and oversight. Furthermore, practical cases  discussed during the workshop that have positive results in the protection privacy and personal data/information during epidemic prevention and control as well as during socioeconomic recovery should also be used as a reference globally.

    9. Group Photo
    IGF 2020 WS #182&318 Discussion on the Protection of Personal