Data protection and social emergency in Latin America: COVID-19, a stress test for democracy, innovation, and regulation

The current SARS-CoV-2 pandemic has wreaked havoc across the globe and exposed the vulnerabilities, weaknesses, and unpreparedness of our societies. The pandemic is a global phenomenon, and several global trends can be inferred, regarding the economic, technological, and psychological impact it has generated.

This symposium edition of IDPL aims to analyse the impact of the pandemic in Latin American countries from the vitally important perspective of data protection. The use of the vital qualifier is not anodyne. The responsible use of personal data can be a powerful ally in countering the rampant pandemic and, indeed, several existing data protection frameworks in Latin America explicitly consider the preservation of life, safety, and health as legitimate grounds for the processing of personal data.¹ However, the lack of a dedicated and comprehensive legislation on data protection in many jurisdictions in the region, combined with various institutional and enforcement challenges (many specifically addressed in this Symposium), make the extensive data collection prompted by COVID-19 a major regulatory, social, and political conundrum.

While representing an unprecedented challenge for humanity, the COVID-19 emergency offers an opportunity to reflect on the role of data protection in our society and its interaction with other rights and compelling societal interests, in particular health and physical integrity, individual liberty, and the freedom to conduct business. Clearly the pandemic caught unprepared most countries in the region, exposing and increasing inequalities, claiming thousands of victims, leaving millions unemployed and generating unquantifiable psychological damages that will last for years to come. The contributions featured in this symposium illustrate that the migration towards digital life that accompanied the more-or-less restrictive lock-down measures in the region has not been driven by well-informed and holistic strategies, with privacy and data protection rarely (if ever) constituting a priority.

The massive use of Information and Communication Technologies, to which citizens have been forced in order to maintain basic social and work interactions and get access to public services, can have substantial impact on the enjoyment of privacy and data protection. The application of these technologies (particularly, digital contact tracing) has been hailed with enthusiasm by governments portending to offer readily implementable solutions, that may allow them to cope with the pandemic while managing increasingly distressed populations. However, technological solutionism cannot be a valid response to the pandemic in the absence of a coherent legal and governance framework which provides adequate guarantees both for individuals and collectives that may be affected. Such a framework must especially consider the underlying reality—one that in many areas of Latin America is affected by endemic poverty, insufficient levels of (digital) literacy and lack of access to reliable (digital) infrastructures.

Although it would be fair to expect that governmental measures characterized by a significant degree of coercion and intrusion into the personal lives of citizens be accompanied by robust safeguards, including granular transparency and contestability over data that justify such decision-making processes, these aspects have unfortunately remained underdeveloped, ultimately affecting public trust and the efficacy of certain measures. It should also not be neglected that these turbocharged and unorganized processes of digitalization have taken place in countries with noticeably young democratic institutions, where data protection frameworks have been freshly adopted and, in some cases, still lack a Data Protection Agency.

Against this backdrop, the symposium issue raises a variety of fundamental questions, the answer to which is crucial not only for Latin America, but for the world at large. The analyses of the Latin American experiences offered by this symposium can be utilized as reference and comparison in future works, not only to nurture the growing body of research on these fascinating topics, but also to inform policy-making efforts and to stimulate the development of technology that embeds and promotes privacy and data protection.

The symposium edition is part of an ongoing effort, developed in the context of the Latin American edition of the Computers, Privacy and Data Protection (CPDP) conference.² This yearly conference includes also the Latin American editions of the MyData conference and Privacy Law Scholars Conference (PLSC), as testament of its triple aim: to foster multi-stakeholder policy debates, ground-breaking technological approaches putting individuals at the centre of the personal data governance, and the highest standards of research on privacy and data protection in the region.

Only through interdisciplinary dialogue of this kind, will it be possible to disentangle the overlapping policy, regulatory, technical, and social dimensions of privacy and data protection in the current scenario, and hopefully to distil relevant teachings into safeguards and approaches that could guide policymakers at a time of emergency. While such reflections have been triggered by the current pandemic, they provide fertile ground for application to similar types of emergencies; and they should be carefully considered not only for us to be more prepared when the next crisis will spring up, but also to avoid that measures adopted during emergencies becoming the new norm.

The COVID-19 pandemic should be considered as a stress test for privacy and data protection frameworks, in Latin America; an opportunity to refine and strengthen such frameworks while upholding the fundamental values of democratic governance.

Footnotes

Author notes