The government suggests collecting, processing and using (as required) all the data that will allow to define the location, date, start and end time of citizens’ phone conversations. This is done for the purpose of a more effective fight against Coronavirus.
The National Assembly passed the first reading of the bill on collecting personal data via this method, by 57 in favor, 24 against and 1 abstained votes.
As the Government clarified, the goal is effectively obtaining online data about the contacts of Coronavirus-positive patients, thus monitoring and preventing the virus spread.
While presenting the bill at the parliament, Minister of Justice Rostam Badasyan assured that the phone call content would not be processed, and the personalized data would be destroyed after April 14 – the end of the state of emergency.
The draft law says that, in all circumstances, the personalized data must be destroyed no later than a month after the end of the state of emergency. The requirement to destroy the processed personalized data is no hindrance for keeping and using depersonalized statistic data.
The Government justifies the adoption of the bill by the fact that more than 10 countries, including countries with quite a high level of personal data protection (the USA, South Korea, Germany, Singapore, Austria, Poland, Belgium, Great Britain, etc.), have switched to tracking people’s movements through technological solutions.
“We have to weigh people’s health and lives against the restrictions of their freedom. The goal is a legitimate one – specifying the location of contacts of confirmed Coronavirus cases. The fact is, nobody has ever thought of abusing the obtained data in the future,” the Minister of Justice says.
Parliament members and independent experts have lots of questions related to the bill. They qualify it as ineffective, unspecified and long overdue.
There are many concerns but we have selected the ones that require urgent response and regulation.
Who will control the data generator?
The main concern is about the absence of a body controlling the government institution working with such a huge amount of information. The data will be collected by the law enforcement bodies – the Police and NSS.
The collected data will be depersonalized. It is necessary to launch a controlling body in order to later exclude their personalization and citizens’ identification that could lead to various issues for them. One of the suggestions was imposing that function upon a body consisting of various parliament factions.
Minister Badasyan said that it would be complicated but possible to personalize the already-depersonalized data, stating that the Government could review those provisions.
What if a person has no smartphone?
It is possible to track people’s location only through smartphones. However, the Government does not have the final answer to the question: how will they track the self-isolated people that have no smartphones?
It is not excluded that phones will be provided to them. However, it is not clear what kind of resources will be provided, which institution will do that and for how long.
Badasyan says that other measures will be taken for those cases, up to a police control near the apartment of an isolated person.
Another option for people with no phones will be spending the quarantine in specially designated premises.
The methods of control are not clear
The solution was offered by IT specialists. Parliament members noted that it was also crucial to involve telecommunication experts and epidemiologists.
The goal is clear but the methods are not. For example, why is it necessary to fix the duration, the start and the end of a phone call? A person may to talk to 40 people a day and not meet any of them.
Apart from that, a Coronavirus-positive patient informs about his/her meetings, anyway. Meanwhile, the minister says that a person may unintentionally forget to mention a contact.
The opponents say that GPS-tracking is completely sufficient, and people’s conversation cannot add any useful information.
This could be especially true, taking into account the fact that many people communicate through various apps, such as WhatsApp, Signal, Telegram, Viber, Facebook messenger, Skype, instead of making a traditional phone call.
Why keep the data?
Keeping the data after the state of emergency can lead to problems. The Government says it is necessary for statistical analysis, as well as for fighting similar epidemic in the future.
The justification does not sound convincing to the opponents because there is an issue of trust in the data-collecting chain. There are security concerns because there are no clarifications about the technical solutions related to data collecting, processing and keeping. What if they become accessible for a third party or an organization? Will they be completely destroyed after a 1-month period? Which institution will be responsible for destroying the data and who will control the process? And why keep it for a month and not just for a few days if the goal is to have a general picture and analyze it?
And the most important question is – which bodies will have access to that database?
Are these strict measures effective enough?
One of the justifications states that such a control will lead to the efficiency of preventive measures and rapid responsiveness.
Experts say that the measures are not proportionate to the goal and can later be used exclusively for political reasons. It would be more appropriate to obtain the information about the Coronavirus-positive case’s contacts immediately from service providers. In this way, it will be possible to understand and assess the circle of contacts through phone call logs without causing redundant public agitation.
Some people expressed their viewpoint, stating that the bill was long overdue and not effective. It should have been adopted much earlier when the virus was not so widespread.
It is not excluded that the Government will make changes to the problematic provisions, presenting them at the second reading on March 31.