This article was published by the International Association of Privacy Professionals (IAPP) on 25 August 2020.
While the COVID-19 pandemic has necessitated using data to analyze and map its origins and spread, Philippines National Privacy Commissioner and Chairman Raymund Liboro said “our data subjects need us now more than ever.”
During the pandemic, data privacy professionals play an important role in protecting data, fostering privacy rights, and earning and maintaining the trust of those they serve, Liboro recently told fellow privacy commissioners, privacy officers in the corporate sector and members of the Global Privacy Assembly, a global forum for data protection and privacy authorities.
During a webinar hosted by the GPA in collaboration with the Centre for Information Policy Leadership, “Data Protection Reimagined: Digital Acceleration, New Emerging Issues and the Role of Privacy Regulators in the COVID-19 Era,” Liboro said, “We must let them know that we are their guide in all matters related to privacy and data protection. That we are here to guide them with the most relevant guidelines and best practices.”
Liboro is chair of the GPA’s COVID-19 Response Task Force, created by the GPA Executive Committee last spring as it recognized the similar challenges data protection and privacy authorities around the world are facing in addressing the crisis. The group has met every two weeks since May, working to “consolidate efforts, maximize voice, gather expertise, and assist GPA members and observers in addressing the emerging data privacy issues posed by the spread of the virus worldwide,” he said.
The task force comprises members from Europe, Asia, North America, the Middle East, Australia and New Zealand, as well as international organizations serving as observers, including the International Committee of the Red Cross and Organization for Economic Co-operation and Development.
“What we hope to accomplish, the primary role of the task force, is to coordinate and help drive the GPA’s practical responses to the privacy challenges coming from COVID-19, inform positions on related topics, and enhance capacity and capability for the GPA privacy community,” Liboro said.
Privacy has never faced a challenge of such a global nature as COVID-19, he continued, with authorities and communities around the world tackling issues like collecting and sharing data among health authorities, government agencies and law enforcement, handling children’s data associated with online learning, privacy in the workplace and work-from-home environments.
“The pandemic has necessitated all of government, all of society’s response, and I personally believe as data protection authorities we also have to respond to this as a community,” Liboro said. “For data protection authorities, we are all bound in our responsibilities and we need to cooperate with one another to advance the goals of our own authority, but also link arms with the rest of the privacy community and really emphasize that data protection and privacy in the time of COVID-19 is tantamount to saving lives.”
As part of its work, the GPA COVID-19 Response Task Force launched the COVID-19 Response Repository, a website with the latest statements from authorities, resources, research content and events related to the pandemic and the task force’s work. It also kicked off a series of webinars in collaboration with various privacy networks and organizations, thus far discussing contact-tracing applications with representatives from Apple and Google, examining the role of data protection authorities in COVID-19 response.
Looking forward, Liboro said the task force will compile a resource of various jurisdictional experiences and responses to the pandemic that will not only be useful now as the world responds to COVID-19, but also in the future as a reference for data protection and privacy authorities.
“It’s very important that we not only provide inspirational guidance to our fellow data protection authorities, but also the actual opportunities they can use and deploy within their own jurisdictions. Our members have a ready toolbox where they can draw out any reference or resources that can be useful to them,” he said. “We’re also documenting and making sure that future authorities would have a resource reference that they can pool knowledge from.”
With more than 22 million confirmed COVID-19 cases worldwide, Liboro said the work of data protection and privacy authorities, as well as the GPA COVID-19 Task Force, is “far from over.”
The group will continue to share knowledge, content and engagement opportunities and anticipates publishing guidelines this fall on the best practices in COVID-19 response, incorporating what has been learned over the past months.
“It will be learnings, best practices and approaches from different networks, regions and associations across the world,” Liboro said. “The DPAs, the authorities, how are we functioning in the trenches? We really want to draw that out.”
In leading the task force, Liboro said he turns to his experience as the privacy commissioner in the Philippines, taking the approach that data protection and privacy authorities serve as both “enablers and protectors” of citizens’ personal data.
“We need to enable jurisdictions and organizations to implement best practices, to learn from one another,” he said. “We are all in the same boat that is this pandemic, and we are all reeling from the impacts. The response of governments all over the world will always touch on the processing of personal data. So it’s really a matter of as authorities we have to look at this holistically, we have to look at this in a practical way and where governments, and generally the whole population, will view us as part of the solution.”