Data Protection During a Pandemic – African DPAs Respond

In an attempt to curb the COVID-19 pandemic, governments are using citizens’ personal data by collecting health data and contact information of people suspected to have been infected by the virus. This has led to countries adopting contact tracing measures which involve the surveillance of citizens through the collection of personal data at checkpoints, hospitals, workplaces and from electronic communications service providers.

Contact tracing involves the development and maintenance of a database containing the personal data of persons who are known or reasonably suspected to have come into contact with any person known or reasonably suspected to have contacted COVID-19. This information usually includes the names, identity numbers, residential address and other address where the individual could be located, as well as, cell-phone numbers of all persons who have been tested for COVID19 or the people they may come in contact with. 

In addition, a number of countries have directed electronic communication service providers to provide the location or movements of any person known or reasonably suspected to have contracted COVID-19. This collection and processing of personal data is regulated, not only in terms of data protection laws in different territories but also also in international law; such as Article 12 of the United Nations Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights. Generally, the right to privacy entails the protection of persons from arbitrary interference with their privacy, family or correspondence. This right also protects persons from attacks on their honour and reputation.

Nonetheless, the United Nations Secretary General, Antonio Guterres, advised that the severity of the COVID-19 pandemic justifies the limitation of rights such as the right to privacy, in order to curb the spreading of the pandemic. Additionally, member states were encouraged to adopt responses that are proportionate to fighting the pandemic while retaining the trust of citizens. Accordingly, several Data Protection Authorities (DPA) in Africa have responded to the use of contact tracing within their respective territories. In a nutshell, the DPAs provide that the pandemic calls for certain limitations to data privacy in an effort to flatten the curve and curb the COVID-19 pandemic. Howe