skip to main content

Whither dataveillance? Polish data harvest in times of pandemic

By Paulina Lenik


The recent worry for many individuals, is how much of their data is actually being exposed, or as some would rather justly note, harvested. Governments became particularly fierce with acquiring access to digital tracking during the current pandemic crisis. There is a visible tension between individual privacy, public health and the role of the state. This blog takes a closer look on the notion individual privacy and the centralized data tracking during the pandemic.

A note on the right to privacy

Privacy is a fundamental human right. There is no universally recognized definition of individual privacy, however, the most frequently referred to is “as the right of any citizen to control his or her own personal information and to decide about it (to keep or disclose information)”. The majority of democratic regimes have somewhat adequate representation of this definition in their national legislations. At times there are social security circumstances which require some degree of privacy infringement. These however should be legal, transparent and with an defined exit strategy.  Nowadays, the gravity of such prescriptions has been defied due to the urgent need to mitigate the pandemic’s impact. There is a general raise of concerns about how the personal data is being handled, particularly as data leaks do happen and assuring secure channels for data processing is very pricy. Government has an especially pivotal role to play, as a policy provider but also protector. On the social security versus privacy rights’ balance, decision makers are not always maintaining an equilibrium.  

Sign of times: Apple and Google came together

Apple and Google, the two competing tech giants shook their hands for the common objective. The idea is to collaborate on data tracking app easily transferable between IOs and Android. The Bluetooth-based app is to be launched the end of May. The principal objective of this app, is to assure decentralization, making sure no central government actor has access to data of an individual.  It also assures some degree of privacy, as the stored information is only about a phone being in proximity to any other phone, without disclosing individual’s location. For the contagion strategy, the idea ticks the boxes. The app gathers so called, contact data, that is traces those people an individual using the app has had a potential exposure to, making it possible to trace back the infectious unit of the chain. Importantly, it allows complementing the labour-intensive traditional contact tracing, that is a questionnaire by the health-staff already when one shows the symptoms. The traditional contact tracing is frequently insufficient, as we happen to be near strangers whom we are unable to alert to a potential spread. In this regard, the tech helps not only to inform those who may have contracted the virus, but also enables tracing back patient zero, if needed.

Meanwhile, the Polish government’s idea

For Poland, the gathering of data has become a critical objective for the current government, not only for the purpose of contact tracking, but also due to the upcoming presidential elections which are being arranged by post. According to Rzeczpospolita, a daily, the Ministry of Digitalization has already handed in all the data to the State Postal Service for the purpose of the vote. The data tracking of individuals under quarantine, takes place in two manners, in a traditional way by police visits, and also digitally. Mateusz Morawiecki, the Prime Minister, has confirmed there has been an agreement signed between all the major telecom providers and the government. The agreement requires the telecom providers to send the tracking data of these individuals who are self-isolating. The civil society organisation, Watchdog Poland, has reached the government to justify such invasive policy. The Prime Minister’s office confirmed that the lately passed Covid-19 law supplemented powers to the Prime Minister to require this compliance for the matter of common interest.

Moreover, the government’s flagship app, “Kwarantanna Domowa” is to be installed by those on quarantine. Critically different to the Bluetooth-based alternative tabled by Apple-Google, it requires the user to send a ‘selfie’, that is geo-localisation data including individuals’ face recognition.  The app is closed-code based – what means, there is no insight into its functionality. It is an important aspect, as the user has no transparency on whether the app is always collecting geo-localisation data or is it intermittent.  As the app is gathering geolocation data, rather than using Bluetooth proxies, it entails  more privacy-invading data harvest than the commercial alternative. The ambivalent notion about this app is that it combines identity traceable features with location and yet gives little oversight on how these identity markers are being processed.

Secondly, the law enforcement to use this piece of software is the crux of the matter.  The state is unable, by the constitution,  to require citizens to comply with installing the app. However, the dissonance between the Prime Minister’s and the Ministry of Digitalization statements is quite apparent. As the latter states that the use of the app is voluntary, the PM’s is more deterministic. The authorities are currently communicating that unwillingness to use the app may be only justifiable if one has either no mobile phone or an unadopted device (dated) to install the app. The refusal must be provided in writing as a matter of attributable criminal liability.

Arguably however, the lack of apprehension for reality is also a practical flaw of this law. There are individuals who are not technically savvy to use the app. Incidentally, amongst these are individuals who might need the higher degree of assistance as persons with disabilities, elderly, visually impaired, etc. Moreover, the government has not provided any information on if, and how, authorities would support the most vulnerable if the app is, as stated, universally required of all individuals in quarantine.

There are also the technical considerations. What of those whose phone gets rendered unusable due to some incident at home? Would that alert the authorities? Seemingly for access to internet, let’s imagine there is a power cut-off and phone’s battery is flat – would that alert the police? There are people who have two, or even three telephone devices – the location tracing makes little sense if the individual is leaving one’s residence with another device (that is given the tracing is on at all times, which we are unsure due to the close-code of the app). Such possibilities of minor yet determinant obstacles are countless. That is probably why, the police are in any case required to verify on quarantined individuals daily.

The nonchalance with individual data is a worrying development, however sadly not particularly new. There is a known track of data processing by the governmental agencies which has not been procedurally impeccable. There is also no insight into what the government’s technical capacities are to handle such an overwhelming amount of sensitive data. Understandably, the government has to have robust technical solutions to handle the current urgencies, however not communicating transparently with the public on the process is an equally weighty matter.

Particularly in times of crisis, this cooperation between the state and the citizens must be based on trust rather than rigid, hastily imposed requirements. The government has in parallel penalized breaking the quarantine with a fine up to €6000. Inability to pay may result in up to 8 years prison. Aligning it with the data tracking and complemented by ad hoc visits by the police invites an assumption that the government has little faith in the public’s willingness to comply with the restrictions. Perhaps unreasonably, as the recent data on breaching the quarantine indicates there were merely 100 cases of the detected breach. That would suggest Poles have understood the severity of situation and had acted in a mature manner. For instance in Spain, the authorities identified 463 thousand breaches – an astonishing amount punishable between €100 and €600.000, or a prison sentence up to a year. Spaniards do not require installation of an app on citizens’ phones. Perhaps, then there is more to compliance than the proverbial ‘stick’.

It is not to argue, that technology is not meant to assist the governments with their struggle against the pandemic. However, the way it is chosen to be used is guided by the contract between the authorities and the public. Typically, the constitution, but also through less formalized social norms. The government narrative frames the data tracking as an unavoidable mean to achieve compliance with the social distancing restrictions. However, there are alternatives which surely assure greater degree of transparency as well as safeguard individual privacy. The Bluetooth app is an example of those, a tool supplying merely the proximity data rather than geo-localization. Question remains, what happens with the legal leverage that the government has now officialised in acquiring personal data when the restrictions are lift off? Let us hope the authorities will act maturely and uphold the democratic right to individual freedoms.