IGF 2020 WS #318 Protecting privacy in the age of the COVID-19 pandemic


Organizer 1: Intergovernmental Organization, Western European and Others Group (WEOG)
Organizer 2: Civil Society, Western European and Others Group (WEOG)

Speaker 1: Shenuko Wu, Technical Community, Asia-Pacific Group
Speaker 2: Pierre Dubreuil, Government, Western European and Others Group (WEOG)
Speaker 3: Jade Nester, Private Sector, Western European and Others Group (WEOG)


Break-out Group Discussions - Flexible Seating - 90 Min

Online duration reset to 60 minutes.
Policy Question(s)

Digital Safety and governance dimensions for data-driven technologies to enable a healthy and empowering digital environment for all Topics: Human rights, right to privacy and right to data protection How can a digital environment be created and managed that will also guarantee the protection of the rights to privacy and to data protection, even in situations of crisis, with the necessary safeguards and procedures in place.

The right to privacy is not absolute: every legislation foresees the possibility of lawful restrictions. Although practical cases exist and the jurisprudence is abundant for a variety of specific cases, the COVID-19 pandemic situation is the first to put our protective framework to such a test, with horizontal and highly intrusive measures proposed sometimes. It thus remains to assess whether these measures responded to the legal criteria of the use of a lawful exception, as well as the proportionality of the measures taken, in light of their efficacy in fighting the virus.


GOAL 3: Good Health and Well-Being
GOAL 16: Peace, Justice and Strong Institutions


The latest global pandemic, the current COVID-19 crisis has been representing a major challenge for individuals and countries across the world, causing massive disruptions in the functioning of states, economies, businesses, travels, tourism, etc. In response, states have introduced extraordinary measures, including the possible declaration of a state of emergency. Such measures have strong fundamental rights implications and everywhere the question has been the same: how to save individuals from the COVID-19 pandemic without unnecessary or disproportionate intrusion in their private life. The processing of health-related data, mobile data, telecommunication-data, biometric data, etc. amounts very often to the processing of sensitive data and often involves international transfers. How can we provide the necessary safeguards in the use of personal data to tackle the COVID-19? In light of the current COVID-19 pandemic, how can we foster a responsible use of data, both personal and aggregated data? What is the meaning of a privacy impact assessment and of privacy by design principles in such crisis? Should data collected for COVID-19 crisis expire? This workshop intends to showcase different responses governments or other stakeholders experimented or proposed to reduce the spread of the COVID-19 pandemic and their effects, implications on the rights to the protection of privacy and personal data. During the workshop speakers will explain in details which measures were taken and why and how their impact on the rights to the protection of privacy and personal data was assessed, before and/or after the emergency period. The workshop will draw from practical use cases and give insights on which best practices should be considered as inspiration for future data governance models.

Expected Outcomes

The workshop will try to give an answer where are the boundaries of online privacy of individuals in a crisis and how emergency measures that interfere with the private sphere of individuals should be put in place and managed in respect of democracy, human rights and rule of law. The outcome will be summarised and published by organisers.

There will be an introduction made by COE, ISOC FR why they have proposed and organized this session. Then there will be the institutional view point expressed by Council of Europe, that has published several document on the topic of human rights protection during crisis situation. Then there will be the technical community and Academia viewpoint on the matter, bringing some concrete experiences and possible solutions. GSMA will illustrate some possible technical solutions; Beijing Normal University will present its recommendations for the use of privacy intrusive technologies and ARCEP will showcase how the government assessed the impact of measures it took on the protection of privacy and personal data. Each of these intervention will last 10' for a total of 40-50' for the first part. Then there will be a round of questions among the speakers and with the audience in the room for 20'. And then the final round of interventions (for the remaining time, approx. 20'), from all the speakers, to close the discussion with proposal of solutions to solve the issue to protect the rights to privacy and personal data of individuals in online environments in crisis situations in line with international human rights standards.

Relevance to Internet Governance: The topic and the questions the workshop intend to address are of crucial relevance for the internet governance as it could give practical examples of recommendable data management during crisis (and in the preparation of future crisis management) and can also take a stand on how measures should be put in place and managed in line with international human rights standards?

Relevance to Theme: It is directly related to the “data track” as it intends to discuss fundamental questions about the processing of personal data. It can also be of high value as it wishes to encompass recommendable practices during crisis and answer with practical examples some theoretical questions such as where are the boundaries of individual’s privacy and safety in crisis and what are the safeguards and procedures to put in place in times of crisis in a digital environment, to protect personal data of individuals.

Online Participation


Usage of IGF Official Tool.