Volume 8, Issue 1, April 2020
Articles

Contact Tracing Apps in ASEAN: A Threat to Privacy and Personal Data

Agung Kurniawan Sihombing
Bachelor of Law, Universitas Padjadjaran
Yogi Bratajaya
Bachelor of Law, Public International Law, Universitas Padjadjaran

Published 2021-07-09

How to Cite

Sihombing , A. K. ., & Bratajaya, Y. . (2021). Contact Tracing Apps in ASEAN: A Threat to Privacy and Personal Data. Kathmandu School of Law Review, 8(1), 50–76. https://doi.org/10.46985/kslr.v8i1.2128

Abstract

On March 11 2020, the World Health Organization (WHO) officially categorized the Coronavirus disease (COVID-19) as a global pandemic. The rapid spread of COVID-19 prompted governments all around the world to take steps toward controlling the pandemic and its significant socio-economic impacts. Digital technology has been relied upon to provide innovative solutions to aid efforts of stopping the spread of COVID-19. One such innovation is the development and implementation of contact tracing applications or apps. The use of these apps allows public health authorities to track confirmed cases of COVID-19 and mitigate its transmission. However, as useful as they may be, there exists a well-grounded fear that contact tracing apps may be used as a tool to broaden government surveillance powers. This is especially true among member nations of the Association of Southeast Asian Nations (ASEAN), where domestic regulations guaranteeing the right to privacy and protection of personal data are relatively weak. Additionally, ASEAN lacks a comprehensive and strong regional mechanism for the protection of human rights and personal data. This paper aims to analyze the implementation of contact tracing apps in ASEAN member states, whether its implementation fulfills the international standards of the protection of the right to privacy and personal data, as well as provide recommendations to ensure that countries do not spiral towards a state of unrestricted government surveillance.

Downloads

Download data is not yet available.

References

  1. 1 ‘Coronavirus disease (COVID-19) Situation Report – 196’, World Health Organization (WHO), 3 August 2020, available at https://www.who.int/docs/default-source/coronaviruse/situation-reports/20200803covid-19-sitrep-196-cleared.pdf?sfvrsn=8a8a3ca4_4, accessed on 3 August 2020.
  2. 2 ‘A UN framework for the immediate socio-economic response to COVID-19’, United Nations (UN) Sustainable Development Group, April 2020, p. 3, available at https://unsdg.un.org/resources/un-framework-immediate-socio-economic-response-covid-19, accessed on 3 August 2020; ‘A Crisis Like No Other, An Uncertain Recovery’, International Monetary Fund, June 2020, available at https://www.imf.org/en/Publications/WEO/Issues/2020/06/24/WEOUpdateJune2020#:~:text=A%20Crisis%20Like%20No%20Other%2C%20An%20Uncertain%20Recovery,-Read%20full%20report&text=The%20COVID%2D19%20pandemic%20has,is%20projected%20at%205.4%20percent, accessed on 3 August 2020.
  3. 3 ‘Critical preparedness, readiness and response actions for COVID-19’ WHO, 24 June 2020, pp. 3-7, available at https://apps.who.int/iris/rest/bitstreams/1283590/retrieve, accessed on 25 July 2020.
  4. 4 ‘Coronavirus disease (COVID-19) Situation Report – 196’ (n 1); See also Anna Jones, ‘Coronavirus: How 'overreaction' made Vietnam a virus success’, BBC News, United Kingdom, 15 May 2020, available at https://www.bbc.com/news/world-asia-52628283, accessed on 27 July 2020.
  5. 5 ‘Coronavirus disease (COVID-19) Situation Report – 196’ (n 1); See also Alya Nurbaiti, ‘Indonesia’s daily average of new COVID-19 cases continues to climb: WHO’, The Jakarta Post, Indonesia, 17 July 2020, available at https://www.thejakartapost.com/news/2020/07/16/indonesias-daily-average-of-new-covid19-cases-continues-to-climb-who.html, accessed on 27 July 2020.
  6. 6 ‘Tracking the Global Response to COVID-19’, Privacy International, available at https://privacyinternational.org/examples/tracking-global-response-covid-19, accessed on 27 July 2020.
  7. 7 ‘Ethical considerations to guide the use of digital proximity tracking technologies for COVID-19 contact tracing’ WHO, 28 May 2020, p. 1, available at https://apps.who.int/iris/rest/bitstreams/1278803/retrieve, accessed on 25 July 2020.
  8. 8 ‘Joint Civil Society Statement: States use of digital surveillance technologies to fight pandemic must respect human rights’, Human Rights Watch (HRW) 2 April 2020, available at https://www.hrw.org/ 1 ‘Coronavirus disease (COVID-19) Situation Report – 196’, World Health Organization (WHO), 3 August 2020, available at https://www.who.int/docs/default-source/coronaviruse/situation-reports/20200803covid-19-sitrep-196-cleared.pdf?sfvrsn=8a8a3ca4_4, accessed on 3 August 2020.
  9. 9 Kim Zetter, ‘Anonymized Phone Location Data Not So Anonymous, Researchers Find’, WIRED, 27 March 2013, available at https://www.wired.com/2013/03/anonymous-phone-location-data/, accessed on 25 July 2020.
  10. 10 Universal Declaration of Human Rights, 10 December 1948, UNGA 217 A (III) (UDHR), art. 5; International Covenant on Civil and Political Rights, 23 March 1976, 999 UNTS 171, New York, 16 December 1966 (ICCPR), art. 17.
  11. 11 ‘COVID-19 Guidance’, UN Office of the High Commission of Human Rights (UN OHCHR), 13 May 2020, p. 1, available at https://www.ohchr.org/Documents/Events/COVID-19_Guidance.pdf, accessed on 25 July 2020.
  12. 12 ‘Emergency Measures and Covid-19: Guidance’, UN OHCHR, 27 April 2020, p. 1, available at ohchr.org/Documents/Events/EmergencyMeasures_COVID19.pdf, accessed on 25 June 2020; See also Maria Pia Sacco et.al, ‘Digital Contact Tracing for the Covid-19 Epidemic: A Business and Human Rights Perspective’, International Bar Association, 4 June 2020, p. 2.
  13. 13 General Comment No. 16: Article 17 (Right to Privacy), The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation, UN Human Rights Committee (HRC), 8 April 1988, U.N. Doc. HRI/GEN/1/Rev.9 (General Comment No. 16), paras 3-4.
  14. 14 'Digital Trust NewsFlash', PwC, May 2020, available at https://www.pwc.com/id/en/publications/digital/ digital-trust-newsflash-2020-02.pdf, accessed on 30 July 2020.
  15. 15 ‘ASEAN Member States’, Association of Southeast Asian Nations, available at https://asean.org/asean/aseanmemberstates/, accessed on 4 August 2020.
  16. 16 Amitav Acharya, ‘Culture, Security, Multilateralism: The ‘ASEAN way’ and Regional Order’, Contemporary Security Policy p. 55, volume 19:1, 2007, p. 8.
  17. 17 Charter of the Association of Southeast Asian Nations, December 2008, Singapore, 20 November 2007 (ASEAN Charter), art. 20.
  18. 18 Treaty of Amity and Cooperation in Southeast Asia Indonesia, Bali, 24 February 1976, art. 2; ASEAN Charter, art. 2(2).
  19. 19 ASEAN Agreement on Transboundary Haze Pollution, 2003, Kuala Lumpur, 10 June 2002 (AATHP).
  20. 20 AATHP, art. 3(2); Prischa Listiningrum, ‘Transboundary Civil Litigation for Victims of Southeast Asian Haze Pollution: Access to Justice and the Non-Discrimination Principle’, Transnational Environmental Law p. 119, volume 8:1, 2019, p. 125.
  21. 21 ASEAN Human Rights Declaration, 18 November 2012, Phnom Penh (AHRD), art. 21.
  22. 22 ‘Civil Society Denounces Adoption of Flawed ASEAN Human Rights Declaration’, HRW, 19 November 2012, available at https://www.hrw.org/news/2012/11/19/civil-society-denounces-adoption-flawedaseanhuman-rights-declaration, accessed on 23 July 2020.
  23. 23 Graham Greenleaf, Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, UK, 1st edition, 2014, p. 26.
  24. 24 The 16th ASEAN Telecommunications and Information Technology Ministers Meeting and Related Meetings: Joint Media Statement, ASEAN, 26 November 2016, Bandar Seri Begawan, para. 4.
  25. 25 Framework on Personal Data Protection 2012, ASEAN Telecommunications and Information Technology Ministers Meeting (Telmin), para. 6, available at https://asean.org/joint-media-statement-the-16th-aseantelecommunicationsand-information-technology-ministers-meeting-and-related-meetings/.
  26. 26 Benjamin Wong, ‘Data Localization and ASEAN Economic Community’, Asian Journal of International Law Haze Pollution: Access to Justice and the Non-Discrimination Principle’, Transnational Environmental Law p. 119, volume 8:1, 2019, p. 125.
  27. 21 ASEAN Human Rights Declaration, 18 November 2012, Phnom Penh (AHRD), art. 21.
  28. 22 ‘Civil Society Denounces Adoption of Flawed ASEAN Human Rights Declaration’, HRW, 19 November 2012, available at https://www.hrw.org/news/2012/11/19/civil-society-denounces-adoption-flawedaseanhuman-rights-declaration, accessed on 23 July 2020.
  29. 23 Graham Greenleaf, Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, UK, 1st edition, 2014, p. 26.
  30. 24 The 16th ASEAN Telecommunications and Information Technology Ministers Meeting and Related Meetings: Joint Media Statement, ASEAN, 26 November 2016, Bandar Seri Begawan, para. 4.
  31. 25 Framework on Personal Data Protection 2012, ASEAN Telecommunications and Information Technology Ministers Meeting (Telmin), para. 6, available at https://asean.org/joint-media-statement-the-16th-aseantelecommunicationsand-information-technology-ministers-meeting-and-related-meetings/.
  32. 26 Benjamin Wong, ‘Data Localization and ASEAN Economic Community’, Asian Journal of International Law p. 1, volume 10:1, 2020, p. 22.
  33. 27 ‘Ethical considerations’ (n 7) p. 1.
  34. 28 Ibid; Mohamed E El Zowalaty and Josef D Järhult, ‘From SARS to COVID-19: A previously unknown SARS- Related Coronavirus (SARS-CoV-2) of Pandemic Potential Infecting Humans - Call for a One Health Approach’, One Health p. 1, volume 9: 100124, 2020, pp. 2-3.
  35. 29 ‘Ethical considerations’ (n 7) p. 1.
  36. 30 Dejian Lai, ‘Monitoring the SARS Epidemic in China: A Time Series Analysis’, Journal of Data Science,, volume 3, 2005, p. 290.
  37. 31 Kevin Shepherdson, ‘How intrusive are contact-tracing apps in ASEAN?’, TECHINASIA, 24 June 2020, available at https://www.techinasia.com/intrusive-asean-contacttracing-apps, accessed on 30 July 2020.
  38. 32 Rizki Fachriansyah and Ardila Syakriah, ‘Indonesia Develops Surveillance App to Bolster Contact Tracing Tracking’, The Jakarta Post, Indonesia, 30 March 2020, available at https://www.thejakartapost.com/news/2020/03/30/covid-19-indonesia-develops-surveillance-app-to-bolster-contact-tracing-tracking.
  39. html, accessed on 15 July 2020; ‘Mobile Location Data and Covid-19: Q&A’, HRW, 13 May 2020, available at https://www.hrw.org/news/2020/05/13/mobile-location-data-and-covid-19-qa, accessed on 25 June 2020.
  40. 33 ‘PeduliLindungi’, Indonesian Ministry of Communication and Information Technology (MoCIT), available at https://pedulilindungi.id/, accessed on 15 July 2020; ‘MyTrace, a Preventive Counter Measure and Contact Tracing Application for COVID-19 - FAQ’, Malaysian Ministry of Science, Technology and Innovation (MoSTI), available at https://www.mosti.gov.my/web/en/mytrace/#15885210617201739856b-c49b, accessed on 13 July 2020; Aarron Holmes, 'Singapore is using a high-tech surveillance app to track the coronavirus, keeping schools and businesses open. Here's how it works', Business Insider, 24 March 2020, available at https://www.businessinsider.com/singapore-coronavirus-app-trackingtestingno-shutdown-how-it-works-2020-3?r=US&IR=T, accessed on 24 July 2020; ‘Vietnam launches Covid-19 contact tracing app’, Vietnam Insider, 21 April 2020, available at https://vietnaminsider.vn/vietnam-launches-covid-19-contact-tracing-app/, accessed on 25 July 2020; ‘StaySafe.ph mobile app with contact tracing, scan area features now on Google Play’, ManillaStandard.net, 15 May 2020, available at https://manilastandard.net/tech/gadgets/323804/staysafe-ph-mobile-app-with-contact-tracing-scanareafeatures-now-on-google-play.html, accessed on 25 July 2020.
  41. 34 Fachriansyah and Syakriah (n 32).
  42. 35 'Contact tracing apps: A new world for data privacy', Norton Rose Fulbright, July 2020, available at https://www.nortonrosefulbright.com/en-id/knowledge/publications/d7a9a296/contact-tracing-apps-a-newworldfor-data-privacy#indonesia, accessed on 25 July 2020
  43. 36 ‘PeduliLindungi’ (n 33).
  44. 37 2020 Decree of the Indonesian Minister of Communications and Information Technology No. 171 (MoCIT Decree No. 171), 2020, Indonesia, para. 5.
  45. 38 ‘Open Letter to KOMINFO Requesting for Strong User Privacy Protections in the PeduliLindungi App’, ELSAM, 26 June 2020, available at https://elsam.or.id/open-letter-to-kominfo-requesting-for-stronguserprivacy-protections-in-the-pedulilindungi-app/, accessed on 27 July 2020.
  46. 39 Ibid.
  47. 40 1999 Law No. 39 concerning Human Rights, Indonesia, 1999, arts. 31-32; KPKPN v KPK, Indonesia Constitutional Court Case Number 006/PUU-I/2003; Mulyana v KPK, Indonesia Constitutional Court Case Number 012-016-019/PUU-IV/2006.
  48. 41 Law No. 11 of 2008 on Information and Electronic Transaction as amended with Law No. 19 of 2016 (ITE Law), Indonesia 2008; ‘Personal Data Protection in ASEAN’, ZICO, April 2019, available at https://zico.group/publication/personal-data-protection-in-asean/, accessed on 24 July 2020.
  49. 42 Greenleaf, Asian Data Privacy Laws (n 23) p. 386.
  50. 43 ITE Law, art. 26.
  51. 44 ‘Indonesia: President submits draft data protection bill to the House of Representatives’, OneTrust DataGuidance, 28 January 2020, https://www.dataguidance.com/news/indonesia-president-submits-draftdataprotection-bill-house-representatives, accessed on 10 August 2020.
  52. 45 Brinanda Lidwina Kaliska and Kurniawan Tanzil, ‘A Guide to the Upcoming Indonesian Data Protection Law (Final Draft Law January 2020)’, Makarim & Taira S., February 2020, p. 7, available at https://www.makarim.com/uploads/78289_M&T%20Advisory%20-%20A%20Guide%20To%20The%2Upcoming%20Indonesian%20Data%20Protection%20Law%20(February%202020).pdf, accessed on 9August 2020; Michael S. Carl and Revaldi N. Wirabuana, ‘Prohibitions, Restrictions Under Indonesia’s Personal Data Protection Draft Law’, SSEK, 12 June 2020, available at https://www.ssek.com/blog/prohibitions-restrictions-under-indonesia-s-personal-data-protection-draft-law, accessed on 9 August 2020; ‘Draft Data Protection Law in Indonesia’, Rödl & Partner, p.1, available at https://www.roedl.net/fileadmin/user_upload/Roedl_Italia/Newsletters/Indonesian_Draft_Data_Protection_Law.pdf, accessed on 9 August 2020.
  53. 46 ‘MyTrace FAQ’ (n 33).
  54. 47 Rashvinjeet S. Bedi, ‘Data from Covid-19 app MyTrace kept on phone, not govt servers, says Khairy’, The Star, 8 May 2020, available at https://www.thestar.com.my/news/nation/2020/05/08/data-from-covid19-app-mytrace-kept-on-phone-not-govt-servers-says-khairy, accessed on 13 July 2020.
  55. 48 Ibid.
  56. 49 ‘Covid-19: ‘MyTrace’ app to help in contact tracing, says senior minister’, Malay Mail, 3 May 2020, available at https://www.malaymail.com/news/malaysia/2020/05/03/covid-19-mytrace-app-to-help-in-contacttracingsays-senior-minister/1862624, accessed on 13 July 2020.
  57. 50 Laws of Malaysia. Act 709. Personal Data Protection Act 2010 (Malaysia PDPA), 2010, Malaysia.
  58. 51 Greenleaf, Asian Data Privacy Laws (n 23), pp. 324-329.
  59. 52 Ibid, p. 322.
  60. 53 Malaysia PDPA, art. 3(1).
  61. 54 ‘Tech and Covid-19: open source needed for acceptance and success of contact tracing apps’, Information Age, 28 April 2020, available at https://www.information-age.com/tech-covid-19-open-source-neededcontacttracing-apps-acceptance-123489218/, accessed on 24 July 2020.
  62. 55 The Personal Data Protection Act 2012 (Act 26 of 2012), 2012, Singapore. See also Greenleaf, Asian Data Privacy Laws (n 23), p. 290.
  63. 56 ‘Singapore-Data Protection Overview’, OneTrust Data Guidance, November 2019, available at https://www.dataguidance.com/notes/singapore-data-protection-overview, accessed on 25 July 2020.
  64. 57 Roxanne, ‘People’s rights infringed: Petition created to reject the use of wearable contact tracing device’, The Online Citizen, 10 June 2020, available at https://www.onlinecitizenasia.com/2020/06/10/peoplesrightsinfringed-petition-created-to-reject-the-use-of-wearable-contact-tracing-device/, accessed on 25 July 2020.
  65. 58 Dewey Sim and Kimberly Lim, ‘Coronavirus: why aren’t Singapore residents using the TraceTogether contact-tracing app?’, South China Morning Post, 18 May 2020, available at https://www.scmp.com/weekasia/people/article/3084903/coronavirus-why-arent-singapore-residents-using-tracetogether, accessed on 25 July 2020.
  66. 59 Ibid.
  67. 60 ‘DOH Launches New Covid-19 Tracker and Doh Datacollect App Press Release /13 April 2020’, Department of Health Kagawaran ng Kalusugan, 13 April 2020, available at https://www.doh.gov.ph/doh-press-release/DOH-LAUNCHES-NEW-COVID-19-TRACKER-AND-DOH-DATACOLLECT-APP, accessed on 2July 2020.
  68. 61 Gelo Gonzales, ‘LIST: Coronavirus contact tracing apps in the Philippines’, Rappler, 14 April 2020, available at https://rappler.com/technology/features/coronavirus-contact-tracing-apps-philippines, accessed on 24 July 2020; Deepali Roy, ‘Innovative apps support Philippines’ fight against COVID-19’, Geospatial World, 27 May 2020, available at https://www.geospatialworld.net/blogs/innovative-apps-support-philippinesfightagainst-covid-19/, accessed on 24 July 2020.
  69. 62 Republic Act 10173 – Data Privacy Act of 2012, 2012, Philippines.
  70. 63 ‘Personal Data Protection in ASEAN’ (n 41).
  71. 64 Gelo Gonzales (n 61).
  72. 65 Miguel R. Camus, ‘StaySafe.ph developer: Trust issues hound contact tracing app’, inquirer.net, 16 July 2020, available at https://technology.inquirer.net/100896/staysafe-ph-developer-trust-issues-hound-contacttracingapp, accessed on 25 July 2020.
  73. 66 Ibid.
  74. 67 ‘Open Letter Request Strong Privacy Protection’, Association for Progressive Communications, July 2020, available at https://www.apc.org/en/pubs/open-letter-request-strong-user-privacy-protections-philippines-covid19-contact-tracing, accessed on 25 July 2020.
  75. 68 'Thai Covid-19 app raises privacy concerns', UCA News, 19 May 2020, available at https://www.ucanews.com/news/thai-covid-19-app-raises-privacy-concerns/88069, accessed on 25 July 2020.
  76. 69 ‘Thailand Launches Mor Chana Mobile App to Enhance Contact Tracing Efforts to Help Stop the Spread of Covid-19’, Big Chilli, 13 April 2020, available https://www.thebigchilli.com/news/thailand-launchesmorchana-mobile-app-to-enhance-contact-tracing-efforts-to-help-stop-the-spread-of-covid-19, accessed on 25 July 2020.
  77. 70 ‘Getting to Know Thai Chana “Platform”’, Bangkok Tribune, 24 May 2020, available at https://bkktribune.com/getting-to-know-thai-chana-platform/, accessed on 25 July 2020.
  78. 71 ‘CRC is now available to download "Thai Win App"’, Ministry for Digital Economy and Society, 28 May 2020, available at https://www.mdes.go.th/news/detail/2650-ศบค--เปิดให้ดาวน์โหลด--แอปไทยชนะ-ได้แล้ววันนี้, accessed on 24 July 2020.
  79. 72 The Personal Data Protection Act B.E. 2562, 2019, Thailand. See also Greenleaf, Asian Data Privacy Laws (n 23), p. 357.
  80. 73 ‘Thailand Personal Data Protection Act’, Baker McKenzie, 28 May 2019, available at https://www.bakermckenzie.com/en/insight/publications/2019/05/thailand-personal-data-protection-act, accessed on 27 July 2020.
  81. 74 Dhiraphol Suwanprateep, ‘Postponement of Thailand's Personal Data Protection Act (PDPA)’, Lexology, 13 May 2020, available at https://www.lexology.com/library/detail.aspx?g=c628a738-f929-4987-b6dbb0ee00e69b30, accessed on 25 July 2020.
  82. 75 ‘PDPA Update: Thailand Issues Security Standards for Personal Data’, Tilleke & Gibbins, 30 July 2020, available at https://www.tilleke.com/resources/pdpa-update-thailand-issues-security-standards-personaldata, accessed on 30 July 2020.
  83. 76 ‘Delayed Implementation of Thailand’s Personal Data Protection Act’, Hunton Andrews Kurth, 29 May 2020, available at https://www.huntonprivacyblog.com/2020/05/29/delayed-implementation-of-thailandspersonaldata-protection-act/, accessed on 30 July 2020.
  84. 77 ‘Launch of the BRUHEALTH Application’, Ministry of Finance and Economy, 19 May 2020, available at https://www.mofe.gov.bn/Lists/News/DispForm.aspx?ID=129, accessed on 25 July 2020.
  85. 78 Sareen Han, ‘Gov’t rolls out BruHealth contact tracing app as restrictions loosened’, The Scoop, 14 May 2020, available at https://thescoop.co/2020/05/14/govt-launches-bruhealth-contact-tracing-app/, accessed on 25 July 2020.
  86. 79 Ibid.
  87. 80 James Kon, ‘Public urged to be honest with BruHealth app’, Borneo Bulletin, 17 May 2020, available at https://borneobulletin.com.bn/2020/05/public-urged-to-be-honest-with-bruhealth-app/, accessed on 24 July 2020.
  88. 81 ‘Personal Data Protection in ASEAN’ (n 41).
  89. 82 Ngoc Thuy, ‘Vietnam Launches First Ever Contact-Tracing App to Curb Covid-19’, Hanoi Times, 19 April 2020, available at hanoitimes.vn/vietnams-first-ever-contact-tracing-app-solves-similiar-apps-issuesinformationminister-311800.html, accessed on 25 July 2020.
  90. 83 Ibid.
  91. 84 Ibid.
  92. 85 Law on Cyber Security No: 24/2018/QH14, 2018, Vietnam. See also ‘Personal Data Protection in ASEAN’ (n 41).
  93. 86 Basic Law for the Federal Republic of Germany, 1949, art. 10; Constitution of Spain, 1978, s. 18; Constitution of the Federative Republic of Brazil, 1988, art. 5(X); The Constitution of The Republic of South Africa, 1996, art. 14; Birutė Pranevičienė, ‘Limiting of the Right to Privacy in the Context of Protection of National Security’, Jurisprudence p. 1609, volume 18: 4, 2011, p. 1612; Oliver Diggelmann & Maria Nicole Cleis, ‘How the Right to Privacy Became a Human Right’ Human Rights Law Review p. 441, volume 14:3, 2014, p. 441.
  94. 87 UDHR, art. 12.
  95. 88 ICCPR, art. 17.
  96. 89 Convention for the Protection of Human Rights and Fundamental Freedoms, 3 September 1953, 213 UNTS 221, Rome, 4 September 1950 (ECHR), art. 8(1); AHRD, art. 21; See also American Convention on Human Rights, 18 July 1978, 1144 UNTS 123, San José, 22 November 1969, art. 11.
  97. 90 Sara Joseph & Melissa Castan, The International Covenant on Civil and Political Rights: Cases, Materials, And Commentary, Oxford University Press, UK, 3rd edition, 2013, pp. 533-534; See also Samuel D. Warren & Louis D. Brandeis, ‘The Right to Privacy’ Harvard Law Review p. 193, volume 4:5, 1890, pp. 213-216.
  98. 87 UDHR, art. 12.
  99. 88 ICCPR, art. 17.
  100. 89 Convention for the Protection of Human Rights and Fundamental Freedoms, 3 September 1953, 213 UNTS 221, Rome, 4 September 1950 (ECHR), art. 8(1); AHRD, art. 21; See also American Convention on Human Rights, 18 July 1978, 1144 UNTS 123, San José, 22 November 1969, art. 11.
  101. 90 Sara Joseph & Melissa Castan, The International Covenant on Civil and Political Rights: Cases, Materials, And Commentary, Oxford University Press, UK, 3rd edition, 2013, pp. 533-534
  102. 91 Manfred Nowak, U.N. Covenant on Civil and Political Rights: CCPR Commentary, NP Engel, Germany, 2nd edition, 2005, p. 378.
  103. 92 ‘Privacy Rights in the Digital Age: A Proposal for a New General Comment on the Right to Privacy under Article 17 of the International Covenant on Civil and Political Rights’, American Civil Liberties Union (ACLU), March 2014, pp. 12-4, available at https://www.aclu.org/sites/default/files/assets/jus14-reporticcprweb-rel1.pdf, accessed on 27 July 2020; ‘Guide on Article 8 of the European Convention on Human Rights - Right to respect for private and family life, home and correspondence’, European Court of Human Rights, 31 August 2019, para. 2, available at https://www.echr.coe.int/Documents/Guide_Art_8_ENG.pdf, accessed on 26 July 2020.
  104. 93 General Comment No. 16 (n 13), para. 10; Concluding Observations on France, HRC, 31 July 2008, U.N. Doc. CCPR/C/FRA/CO/4, para. 22; Concluding Observations on Spain, HRC, 5 January 2009, U.N. Doc. CCPR/C/ESP/CO/5, para. 11.
  105. 94 AHRD, art. 21.
  106. 95 Rotaru v. Romania, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2000, 5 European Court of Human Rights: Reports of Judgements and Decisions, Application no. 28341/95; S. and Marper v. The United Kingdom, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2008, 5 European Court of Human Rights: Reports of Judgements and Decisions, Applications nos. 30562/04 & 30566/04, paras. 71-77; M.M. v. The United Kingdom, European Court of Human Rights, 2012, ECHR 1906, Application no. 24029/07.
  107. 96 Ibid, para. 43.
  108. 97 Ineta Zimele, ‘Privacy, Right to, International Protection’, Max Planck Encyclopedias of International Law, 2009, para. 2.
  109. 98 UDHR, art. 12; ICCPR, art. 17(2); AHRD, art. 21.
  110. 99 General Comment No. 16 (n 13), para. 1.
  111. 100 Ibid, para. 2.
  112. 101 Evans v. The United Kingdom, European Court of Human Rights, 2007, Judgment on Merits and Just Satisfaction, 1 European Court of Human Rights: Reports of Judgments and Decisions, Application no 6339/05, para. 75; Lozovyye v. Russia, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2018, ECHR 361, Application no. 4587/09, para. 36.
  113. 102 ‘COVID-19: Human Rights Implications of Digital Contact Tracing Technology’, Scottish Human Rights Commission, 18 May 2020, para. 11, available at https://www.scottishhumanrights.com/media/2028/contact-tracing-briefing-180520-final.pdf, accessed on 24 June 2020.
  114. 103 Van Hulst v The Netherlands, HRC, 2004, Communication no. 903/1999, U.N. Doc. CCPR/ C/82/D/903/1999, para. 7.3.
  115. 104 Ibid.
  116. 105 Ibid; Matisse Barbaro, ‘Government Interference with the Right to Privacy: Is the Right to Privacy an Endangered Animal?’, Canadian Journal of Human Rights p. 127, volume 6:1, 2017, p. 148.
  117. 106 Pranevičienė (n 86), p. 1611. See also Roche v. The United Kingdom, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2005, 5 European Court of Human Rights: Reports of Judgments and Decision, Application no. 32555/96, para. 157; Hämäläinen v. Finland, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2014, 4 European Court of Human Rights: Reports of Judgments and Decisions, para. 65.
  118. 107 Dudgeon v. The United Kingdom, European Court of Human Rights, Judgment on Merits, 1981, 149 European Human Rights Reports, Application no. 7525/76, para. 51.
  119. 108 Lorna McGregor, ‘Contact-tracing Apps and Human Rights’, EJIL:Talk!, 30 April 2020, available at https://www.ejiltalk.org/contact-tracing-apps-and-human-rights/, accessed on 24 June 2020.
  120. 109 ICCPR, arts. 12(3), 19(3)(b), 21, 22; ECHR, art. 8(2); The Siracusa Principles on the Limitation and Derogation Provisions in the International Covenant on Civil and Political Rights, UN Commission on Human Rights, 28 September 1984, U.N. Doc. E/CN.4/1985/4, paras. 25-26.
  121. 110 ‘Timeline of WHO’s response to COVID-19, WHO, 30 July 2020, available at https://www.who.int/newsroom/detail/29-06-2020-covidtimeline, accessed on 17 July 2020.
  122. 111 General Comment No. 16 (n 13), para. 2; Halford v. The United Kingdom, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 1997, 523 European Human Rights Reports, Application no.20605/92, para. 49.
  123. 112 General Comment No. 16 (n 13), para. 2; Jorgic v. Germany, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2007, 3 European Court of Human Rights: Reports of Judgments and Decisions, Application no. 74613/01, paras. 67-68; Kononov v. Latvia, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2010, 4 European Court of Human Rights: Reports of Judgments and Decisions, Application no. 36376/04, para. 236.
  124. 113 Report of the Office of the United Nations High Commissioner for Human Rights: The Right to Privacy in the Digital Age, U.N. Human Rights Council, 30 June 2014, U.N. Doc. A/HRC/27/37, paras. 28-29.
  125. 114 Ibid, para. 29. See also Shimovolos v. Russia, European Court of Human Rights, Judgment on Merits and Just Satisfaction, 2011, 6 European Court of Human Rights: Reports of Judgments and Decisions, Application no. 30194/09, para. 68.
  126. 115 Van Hulst (n 103), para. 7.7. See also Pinkney v Canada, HRC, 1977, Communication no. 27/1978, U.N. Doc. CCPR/C/14/D/27/1977, para. 34.
  127. 116 ‘COVID-19: Human Rights Implications of Digital Contact Tracing Technology’ (n 102), para. 14.
  128. 117 Van Hulst (n 103), para. 7.6.
  129. 118 Toonen v. Australia, HRC, 1994, Communication no. 488/1992, U.N. Doc. CCPR/C/50/D/488/1992, para. 8.3; See also Raihman v Latvia, HRC, 2010, Communication no. 1621/2007, U.N. Doc. CCPR/ C/100/D/1621/2007, para. 8.3.
  130. 119 ‘Ethical considerations’ (n 7), p. 2.
  131. 120 Ibid.
  132. 121 Ibid.
  133. 122 Ibid.
  134. 123 Ibid, p. 1.
  135. 124 Ibid.
  136. 125 Peter Beaumont, ‘Coronavirus testing: how some countries got ahead of the rest’, The Guardian, 2 April 2020, available at https://www.theguardian.com/world/2020/apr/02/coronavirus-testing-how-somecountriesgermany-south-korea-got-ahead-of-the-rest, accessed on 27 July 2020.
  137. 126 Siracusa Principles (n 109), para. 11; Sacco et al. (n 12), p. 8.
  138. 127 Ibid, para. 51; Sacco et al. (n 12), p. 5.
  139. 128 Ibid.
  140. 129 Concluding Observations on France (n 93), para. 22; ‘Joint civil society statement’ (n 8).
  141. 130 M.M. (n 95), para. 199.
  142. 131 ‘Mobile Location Data and Covid-19: Q&A’ (n 32).
  143. 132 MoCIT Decree No. 171, para. 5.
  144. 133 Michael Kirby, ‘The history, achievement and future of the 1980 OECD guidelines on privacy’, International Data Privacy Law p. 6, volume 1:1, 2011, p. 6.
  145. 134 The right to privacy in the digital age, 18 December 2013, UNGA A/RES/68/167. See also ‘Data Protection Regulations and International Data Flows: Implications for Trade and Development’, UNCTAD, 2016, p. 24, available at https://www.tralac.org/images/docs/9500/data-protection-regulations-and-international-data-flows-implications-for-trade-and-development-unctad-april-2016.pdf, accessed on 25 July 2020.
  146. 135 Graham Greenleaf, ‘Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories’, Journal of Law, Information and Science p. 1, volume 23:1, 2014, p. 17. See also 'APEC Privacy Framework (2015)', Asia-Pacific Economic Cooperation, August 2017, available at https://www.apec.org/Publications/2017/08/APEC-Privacy-Framework-(2015), accessed on 30 July 2020.
  147. 136 Graham Greenleaf, ‘Five years of the APEC Privacy Framework: Failure or promise?’, Computer Law and Security Report p. 28, volume 25:1, 2009, p. 31; Ellyce R Cooper & Alan Charles Raul, 'APEC Overview', in Alan Charles Raul (ed.), The privacy, Data Protection and Cybersecurity Law Review, Law Business Research Ltd, London, 4th edition, 2017, p. 30; Prapanpong Khumon, 'Regulation for Cross-Border Privacy in Southeast Asia: An Institutional Perspective', 29th European Regional ITS Conference, International Telecommunications Society, Trento, 2018, p. 2.
  148. 137 Pranaya Dayalu & M. Punnagai, ‘GDPR: A Privacy Regime’, International Journal of Trend in Scientific Research and Development p. 713, volume 3:4, 2019, p. 713.
  149. 138 Ibid, p. 715.
  150. 139 Jan Philipp Albrecht, ‘How the GDPR Will Change the World’, European Data Protection Law Review p. 287, volume 2:3, 2016, p. 288.
  151. 140 Dayalu & Punnagai (n 137), p. 713.
  152. 141 ‘Data protection Regulations and International Data Flows: Implications for Trade and Development’ (n 134), p. 58; Beata A. Safari, ‘Intangible Privacy Rights: How Europe’s GDPR will Set A New Global Standard for Personal Data Protection’, Seton Hall Law Review p. 809, volume 47:3, 2017, p. 811.
  153. 142 ‘Asia Pacific Data Protection and Cyber Security Guide 2018’, Hogan Lovells, 2018, p. 4, available at https:// www.hoganlovells.com/~/media/hogan-lovells/pdf/2018/ab-data-protection-and-cybersecurity.pdf, accessed on 25 July 2020; ‘Asia Pacific Data Protection and Cybersecurity Guide 2020’ Hogan Lovells, 2020, p. 3, available at http://documents.jdsupra.com/2380c6d9-41fd-48bb-9f78-3fba5aa25e52.pdf, accessed on 25 July 2020. See also ‘Personal Data Protection in ASEAN’ (n 41).
  154. 143 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 25 May 2018, OJ 2016 L 119/1, Brussels, 27 April 2016 (GDPR), art. 6(1)(f).
  155. 144 Ibid, art. 5.
  156. 145 ‘Artificial Intelligence and Data Protection How the GDPR Regulates AI’, Center for Information Policy Leadership, 2020, p. 5, available at https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl-hunton_andrews_kurth_legal_note_-_how_gdpr_regulates_ai__12_march_2020_.pdf, accessed on 25 July 2020.
  157. 146 ‘The case for the mandatory use of a COVID-19 tracing app’, Medical Brief, 20 May 2020, available at https://www.medicalbrief.co.za/archives/the-case-for-the-mandatory-use-of-a-covid-19-tracing-app/, accessed on 26 July 2020.
  158. 147 ‘Guide to the General Data Protection Regulation (GDPR)’, Information Commissioner’s Office (ICO), 2018, p. 20, available at https://ico.org.uk/media/for-organisations/guide-to-data-protection/guide-to-thegeneraldata-protection-regulation-gdpr-1-0.pdf, accessed on 24 July 2020.
  159. 148 Maikel Mardjan & Asim Jahan, ‘Using Open Source for security and privacy protection’, Read the Docs, 2015, available at https://security-and-privacy-reference-architecture.readthedocs.io/en/latest/10-usingoss.html, accessed on 25 July 2020.
  160. 149 GDPR, art. 5(1)(b); Sumroy & Donovan (n 140), p. 5.
  161. 150 ‘Guide to the General Data Protection Regulation (GDPR)’ (n 147), p. 21.
  162. 151 ‘Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak’, European Data Protection Board, 2020 (Guidelines 04/2020), p. 7, available at https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_20200420_contact_tracing_covid_with_annex_en.pdf, accessed on 25 July 2020.
  163. 152 Ibid.
  164. 153 ‘EDPS Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data’, European data Protection Supervisor, 2019, available at https://edps.europa.eu/data-protection/our-work/publications/guidelines/edps-guidelines-assessing-proportionalitymeasures_ en, accessed on 26 July 2020.
  165. 154 GDPR, art. 5(1) (c).
  166. 155 ‘Guide to the General Data Protection Regulation (GDPR)’ (n 147), p. 27.
  167. 156 ‘Guidelines 04/2020’ (n 148), p. 9.
  168. 157 GDPR, art. 32(1) (a).
  169. 158 Nils Gruschka et al., ‘Privacy Issues and Data Protection in Big Data: A Case Study Analysis under GDPR’, 2018 IEEE International Conference on Big Data (Big Data), Institute for Electrical and Electronics Engineers, Seattle, December 2018, p. 2.
  170. 159 Ibid.
  171. 160 ‘COVID-19 Contact tracing: data protection expectations on app development’, International Commissioner’s Office, 2020, available at https://ico.org.uk/media/for-organisations/documents/2617676/ico-contacttracingrecommendations.pdf, accessed on 26 July 2020.
  172. 161 Thuy (n 76).
  173. 162 GDPR, art. 5(1)(d).
  174. 163 Sumroy & Donovan (n 138), p. 5.
  175. 164 ‘Guide to the General Data Protection Regulation’ (n147), p. 32.
  176. 165 Nancy Ayer Fairbank et al., ‘There’s an App for That: Digital Contact Tracing and Its Role in Mitigating a Second Wave’, Berkman Klein Center for Internet & Society, 2020, p. 25, available at https://cyber.harvard.edu/sites/default/files/2020-05/Contact_Tracing_Report_Final.pdf, accessed on 24 July 2020.
  177. 166 Ibid.
  178. 167 GDPR, art. 5(1) (e).
  179. 168 ‘Guide to the General Data Protection Regulation (GDPR)’ (n 147), p. 40.
  180. 169 ‘Recommendations on Privacy and Data Protection in the Fight against COVID-19’, AccessNow, 31 March 2020, available at https://www.accessnow.org/releases-recommendations-on-privacy-data-protectioncovid19/, accessed on 26 July 2020.
  181. 170 Cindy Mutia Annur, ‘Kominfo Pantau Pasien Covid-19 Lewat 2 Aplikasi, Langgar Aturan Data?’, KataData, 7 April 2020, available at https://katadata.co.id/desysetyowati/digital/5e9a41f600b4d/kominfo-pantaupasiencovid-19-lewat-2-aplikasi-langgar-aturan-data, accessed on 24 July 2020.
  182. 171 GDPR, art. 5(1) (f).
  183. 172 Sumroy & Donovan (n 143), p. 6.
  184. 173 ‘Data Protection Regulations and International Data Flows: Implications for Trade and Development’ (n 134), p. 17.
  185. 174 ‘Octopus sold personal data of customers for HK$44m’, South China Morning Post, 27 July 2010, available at https://www.scmp.com/article/720620/octopus-sold-personal-data-customers-hk44m, accessed on 26 July 2020.
  186. 175 GDPR, art. 2.
  187. 176 Sumroy & Donovan (n 143), p. 6.
  188. 177 Ibid.
  189. 178 ‘Conducting privacy impact assessments code of practice’, International Association of Privacy Professionals, 2014, p. 4, available at https://iapp.org/media/pdf/resource_center/ICO_pia-code-of-practice.pdf,accessed on 26 July 2020.
  190. 179 David Wright, ‘A Comparative Analysis of Privacy Impact Assessment in Six Countries’, Journal of Contemporary European Research p. 161, volume 9:1, 2013, pp. 161-163.
  191. 180 ‘Guidelines 04/2020’ (n 151), p. 9.
  192. 181 Fairbank et al. (n 165), pp. 35-37.
  193. 182 ‘Human Rights and the Government’s Response to Covid-19: Digital Contact Tracing’, United Kingdom Parliament Joint Committee on Human Rights, 6 May 2020, United Kingdom, para. 21(a).
  194. 183 Mark J. Taylor & Tess Whitton, 'Public Interest, Health Research and Data Protection Law: Establishing a Legitimate Trade-Off between Individual Control and Research Access to Health Data', Laws, volume 9:1, 2020, p. 2.
  195. 184 ‘Ethical considerations’ (n 7), p. 3.
  196. 185 ‘Joint civil society statement’ (n 8).
  197. 186 ‘Guide to the General Data Protection Regulation (GDPR)’ (n 147), p. 40.
  198. 187 ‘Recommendations on Privacy and Data Protection in the Fight against COVID-19’ (n 169).
  199. 188 ‘Necessary and Proportionate: International Principles on the Application of Human Rights to Communications Surveillance’, Electronic Frontier Foundation, May 2014, available at https://necessaryandproportionate.org/principles/, accessed on 2 August 2020.
  200. 189 Open Letter to KOMINFO (n 38).
  201. 190 United Kingdom Parliament Joint Committee on Human Rights (n 182), para. 21(b).
  202. 191 Madan Lal Bhasin, 'Challenge of Guarding Online Privacy: Role of Privacy Seals and Government Regulations', Palgo Journal of Business Management p. 59, volume 3:2, 2016, pp. 67-69.
  203. 192 ‘Mobile Location Data and Covid-19: Q&A’ (n 32). See also Privacy in the Digital Age (n 113), para. 28.