The findings at the basis of this blogpost have been published in Edoardo Celeste, Sorcha Montgomery, Arthit Suriyawongkul (2022)  ‘Digital technology and privacy attitudes in times of COVID-19: formal legality versus legal reality in Ireland’.  Northern Ireland Legal Quarterly, 73 (2):283-309.

While we became familiar with images of mask-wearing in old photos and comparisons with the 1918 influenza epidemic during the COVID-19 pandemic, the use of digital technology was a new and marked difference to pandemics that had come before. This technology, used for measures including contact tracing and the enforcement of lockdowns, brought great efficiencies and greatly increased the effectiveness of virus control measures. However, use of these technologies brings risks alongside efficiency. As many responses relied on the processing of data of identifiable individuals in order to achieve their purposes, from contact-tracing to quarantine enforcement, this risk was particularly acute for the fundamental rights to privacy and data protection.

Alongside the increased use of digital technology, the idea of ‘necessary sacrifices’ was a core theme of the response to the Covid-19 pandemic. Indeed, across the globe many countries were faced with restrictions to rights and liberties that were imposed as unavoidable choices to contrast the pandemic. This was amplified in some Asian countries, whereby responses to the pandemic brought with them severe restrictions of many rights, including in particular the rights to privacy and data protection. Indeed, the use of data, including location data, collected by Covid-tracker applications posed a concrete risk of mass surveillance, as exemplified by the indiscriminate use of data through the Health Code apps by the Chinese government. Not to mention the consequent risk of mission creep of these applications, initially introduced with the pretext of fighting the pandemic and often kept with the only evident purpose of surveilling citizens.

Language around sacrificing these rights permeated throughout the globe, even spreading through European media. The Data Protection Commissioner of the Council of Europe and Chair of the Convention 108 stated that ‘data protection can in no manner be an obstacle to saving lives, and that the applicable principles will always allow for a balancing of the interests at stake.’ While this balancing is possible, a complete derogation of privacy and data protection in pursuit of any interest is not possible in the European Union owing to the inalienable nature of, and strong protection afforded to, fundamental rights by the Court of Justice of the European Union. The rights to privacy (Article 7) and data protection (Article 8) are safeguarded by the Charter of Fundamental Rights of the European Union. This includes the requirement in Article 52(1) to ‘respect the essence’ of all fundamental rights. The  development  of  the  concept  of the ‘essence’  of  fundamental rights under Article 52(1) was first illustrated in the seminal case Digital Rights Ireland. It was further developed in Schrems I, wherein the CJEU determined that authorities having ‘access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life’.

In spite of this strong legal protection afforded to privacy and data protection in the EU, a survey of Irish residents conducted by the SFI funded project PRIVATT empirically demonstrated that a significant portion did not trust the technological tools introduced by the Government. This was despite their formal legality, i.e. their compliance with the established Irish and European privacy and data protection law. From a socio-legal perspective, in this article we explain how this divergence exposes a discrepancy between the formal legality and legal reality of the digital solutions adopted by the Government. This discrepancy can be interpreted as evidence of a lack of transparency and involvement of the population in decision-making, as well as legal literacy around the safeguards offered by fundamental rights, particularly by the rights to privacy and data protection.

This distrust of the Government’s data-handling practices evident in the survey data was accompanied by the finding that Irish residents adjusted their privacy attitudes during the pandemic, becoming more willing to share their data to counteract the spread of the virus. In light of the value the population sees in this form of solution to the spread of COVID-19, increasing awareness of the strong protection afforded to privacy and data protection in the EU could reassure potential users and ultimately increase the effectiveness of these digital solutions. This finding highlights the possible potential for these technologies to improve their efficiencies and social acceptance without jeopardising the rights to privacy and data protection.

To capitalise on this willingness to share data, we recommend ensuring that digital solutions are accepted, understood and endorsed at a societal level. In more concrete terms, we make an appeal to increase awareness of the inalienability of fundamental rights and of the content of privacy and data protection rights in particular. This would enable the general population to assess and be critical of any digital technology instruments possessing a potential to restrict their rights unnecessarily. Enhancing transparency and citizen-participation measures could also increase the privacy rights literacy of the population, enabling more participative decision-making processes, increased acceptance and use of digital solutions, and ultimately a higher level of compliance both in times of crisis and ‘normality’.

Sorcha Montgomery is an Administrative Officer at the Department of Children, Equality, Disability, Integration and Youth and former researcher at the DCU Law and Tech Research Cluster.

Edoardo Celeste is an Assistant Professor of Law, Technology and Innovation and Chair of the Erasmus Mundus Master in Law, Data and AI at the School of Law and Government of Dublin City University.