When I was approached to engage in a Witness Seminar entitled: “Can Governments Respond to the COVID-19 Pandemic and Still Respect Personal Privacy?” – I have to admit I was a little apprehensive, mainly as I didn’t know what it entailed, nor why I was being asked to provide, it seemed, a sort of ‘testimony’.
The event was organised by Professor Victoria Lemieux, from the School of Information at the University of British Columbia, Canada. Having never heard of the research method, or what it actually meant to be a “Lead Witness”, I investigated a little further. The word ‘witness’ usually conjures up images of court rooms, litigation, juries, and of course judges. In this instance, I was unsure of what would be expected of me, or whether or not I was going to be held accountable in some way by someone, somewhere, about what I said.
A Witness Seminar is a method of social research developed in the late 20th century, by “The History of Biomedicine Research Group of the Wellcome Trust”. In the brief provided by Professor Victoria Lemieux, she described how the first seminar, in 1990, explored “the subject of monoclonal antibodies”, which are antibodies made from clones of their parent cells. The general aim of the research method is to ensure that groups of experts and interested parties gather together in a space (usually physical) to discuss “topics of special interest and make collective oral history materials available for widespread use”. The idea is that the range of perspectives is communicated, recorded, transcribed, and then later presented as a shared and public resource available for anybody that wishes to access it for their own research process.
Structure of the event
The Witness Seminar was scheduled to last for nearly six hours, with a comprehensive range of speakers drawn from medicine, technology, and academia. The Witness Seminar itself was opened by the Honourable Joyce Murray, a member of Canadian Parliament, and the current Minister for Digital Government.
The seminar’s first Lead Witness was Dr. Ann Cavoukian, recognised as being one of the world’s leading privacy experts, and former Information and Privacy Commissioner for Ontario, Canada. She is also the creator of the Privacy-by-Design framework which has become a foundation for privacy practitioners, technologists, and data practitioners worldwide.
The format of the seminar was relatively straightforward. Each Witness would present their statement, lasting five minutes, and then answer a series of questions drawn first from fellow Witnesses, and then from interested parties within the audience. Given the current pandemic situation, the seminar was hosted through a video conferencing tool with questions posed through the medium of text in an accompanying ‘chat window’.
Privacy and technology
Over the course of the seminar a range of views and opinions was presented, with inevitable discussions focused on data protection mechanisms, obligations and regulatory frameworks, and how they apply in ‘emergency terms’. Technological discussions centred around two of the most widely discussed, and contentious, solutions that have been presented as potential aids to the pandemic situation. The first was ‘contact’ or ‘proximity’ tracing and the second was ‘immunity’ or ‘health’ status digital certificates (sometimes referred to as verifiable credentials). An excellent overview of these two technologies has been recently published by the Ada Lovelace institute in the UK, an independent research organisation focused on the impacts of technology and innovation on society. They position the two technologies alongside ‘symptom tracking’ applications and provide insight into potential ethical, privacy and data protection impacts. Their document is aimed at a number of stakeholders, but provides guidance and recommendations for governments, policy makers, app developers, and citizens.
My own statement consisted of two mutually dependent frames. It should be noted that I restricted my response to the question at hand, and tried to remain technology neutral. The first frame I communicated is that privacy is difficult to define. While being related to the protection of personal data and personally identifiable information, it also morphs and evolves depending on person, place, situation and context (to name a few). I attempted to communicate that the complexity of the construct makes it difficult to convey:
a) exactly how one’s privacy ‘should’ be protected, and
b) what harm will befall me if it is not.
While the complexity of the construct sometimes makes our job as privacy practitioners difficult, it also means we regularly engage in discussions grounded in nuanced philosophical constructs such as liberty, autonomy, dignity, and freedom – constructs more often than not protected through commonly accepted, or at least understood, human and/or fundamental rights instruments such as the UN Universal Declaration of Human Rights, or the Charter of Fundamental Rights of the European Union.
Separating out distinct constructs is never easy, but it also makes our job all the more rewarding; the intricate weaved and multi-layered nature of life often (if not always) interacts with foundational aspects of what it is to be a human and what it means to be a member of society.
This narrative is supported within (but not exclusively) the International Standard ISO/IEC 29134 produced by the International Standards Organisation (ISO), which Trilateral’s director, David Wright, was involved in developing. The standard, entitled “Information technology — Security techniques — Guidelines for privacy impact assessment” includes a section on considering privacy risks:
“…the organization should consider different types of privacy such as bodily privacy, location and space privacy, behavioural privacy, privacy of communications, privacy of data and image, privacy of thoughts and feelings and privacy of association;” (ISO/IEC 29134, p.9)
It should be remembered that privacy goes beyond just the remits of data protection, a view supported by authors such as Helen Nissenbaum, Daniel Solove, and Soraj Hongladarom, who all situate privacy as a cornerstone of how we navigate our involvement with the state, society, as well as ourselves.
The second half of my statement centred on the government and their role in the protection of my privacy. I do not share the optimism of some regarding the respect of my privacy in this current situation. I think it is important to acknowledge that it is not solely the state on whose shoulders the responsibility lies.
We should always remember that the private sector (as well as semi-state bodies, NGOs and other interested parties such as technologists, privacy experts, cryptographers, and researchers) all work together with the state to ensure personal and social privacy is protected. This distributed responsibility is perhaps one of the most important aspects to consider in this ongoing debate.
We know that privacy it and of itself is a construct formed through a complex, nuanced, and multi-layered sociological, psychological, cultural, philosophical and ideological lenses. There is no “truth” here; only different shades of perspective – and they are almost always relative – to stand on the shoulders of that great scientist.
The government (no matter the jurisdiction in question) can only provide a regulatory and legislative framework – it is up to society (in all its myriad forms) to enact that framework – with all the explicit responsibilities and obligations that go along with that for each and every one of us.
Are we getting it right?
The question then becomes, do we feel we have acted accordingly? A question elegantly posed by Hugo Slim, Senior Research Fellow at the Institute of Ethics, Law and Armed Conflict at the Blavatnik School of Government at the University of Oxford
It is not an easy question to answer and perhaps even more complicated given the stresses and strains that we find ourselves under during this time. Yet that shouldn’t stop us from asking it, especially as the days, weeks, months, and years pass – and we find ourselves asking what we learned from that eternal spring in 2020.
Where can I find the Witness Seminar?
A link to the Witness Seminar can be found on the University of British Columbia’s website, and it includes a full transcript of the seminar available here, as well as a government policy advisory paper, published in unison.
For more information please contact our team.