Privacy Rights/Limitations - Restrictions/Specific limitations
Is this right subject to specific limitations in event of emergency (war, brief natural disaster [weather, earthquake], long-run natural disaster [volcano, fire, disease])? Can such limitations be defined in advance with reference to the disaster in question?
Privacy protections are typically limited in times of emergency, but the type of emergency seems to dictate its limitations.
Natural Disasters
A Wilson Center report from 2013 outlines various times in which natural disasters have elicited temporary easing of privacy rules to aid in searching for missing persons. The first examples were from Australia after the 2002 Bali earthquake and the 2004 Boxing Day tsunami. During the Bali earthquake, many governmental agencies had to spend time creating their own missing persons reports (Reidenberg, Gellman, Debelak, Elewa, & Liu, 2013, 12). This was recognized as a waste of resources in light of the disaster and the importance of timeliness (Reidenberg et al., 2013, 12). The 2004 tsunamis renewed this sentiment (Reidenberg et al., 2013, 12). In response to these impeded disaster responses, Australia passed Part VIA to the Australian Privacy Act in 2006 (Reidenberg et al., 2013, 13). Part VIA allows for sharing of otherwise protected information through a government emergency declaration if “(1) the entity reasonably believes that the individual may be involved in the disaster; and (2) the collection, use or disclosure of personal information is for a permitted purpose related to the disaster” (Reidenberg et al., 2013, 13, 14). It also has stipulations on how long these special provisions can be in place and works for events both in and out of Australian borders while specifically preventing disclosure to media outlets (Reidenberg et al., 2013, 13-14) . Despite New Zealand’s comprehensive privacy laws, similar actions were taken in New Zealand after the 2011 Christchurch earthquake. There were stipulations in the Privacy Act to permit the sharing of information in some circumstances, it was unclear if they directly applied to natural disaster emergencies (Reidenberg et al., 2013, 15). This lack of clarity was impeding rescue efforts and the Privacy Commissioner, who is granted some discretion through the Privacy Act, took steps to allow temporary authorization of information sharing concerning the emergency at hand (Reidenberg et al., 2013, 16). Incidentally, many realized that this liberation of privacy issues reassured a variety of sectors’ information sharing in their emergency response (Reidenberg et al., 2013, 17). These reassurances caused the Privacy Commissioner to propose and pass the Civil Defence National Emergencies (Information Sharing) Code in 2013, allowing for these different privacy stipulations to be counted on during emergency planning (Reidenberg et al., 2013, 19).
The United States notoriously lacks privacy law. However, there is regulation in the medical field – Health Insurance Portability and Accountability Act of 1966 (HIPAA). HIPAA was somewhat suspended after Hurricane Katrina in light of nine of the eleven New Orleans hospitals incapacitated and people fleeing to surrounding states to receive medical attention (Reidenberg et al., 2013, 19-21). It prioritized providing treatment over payment and aided in locating missing persons by publishing facility directories (Reidenberg et al., 2013, 21). This privacy law alteration was less comprehensive than those in New Zealand and Australia after natural disasters, but it shows that the response regarding privacy exceptions is dependent on need.
All of these disasters culminated in the creation of the Missing Persons Community of Interest (MPCI), in which non-government actors collaborated to create standardized missing persons databases after disasters (Reidenberg et al., 2013, 25). At the time the report was written, there were five interlocking systems to record who was missing and try to connect these people with worried family (Reidenberg et al., 2013, 27). These systems were used multiple times from 2006 to 2012 when this report was written (Reidenberg et al., 2013, 27). The systems all have varying balances of access and privacy and, interestingly, one of these services is run by the International Committee of the Red Cross out of Geneva, Switzerland and is explicitly exempt from the Swiss Federal Act on Data Protection (Reidenberg et al., 2013, 29, 35). Additionally, in 2011, the International Conference of Data Protection and Privacy Commissioners on Data Protection and Major Natural Disasters asked countries to review their privacy laws to make sure they were flexible in the event of a major natural disaster (Reidenberg et al., 2013, 73).
Disease
Rothstein (2020) suggests the following be considered when creating policy exceptions and interventions to health information during disease outbreaks: (1) necessity and effectiveness, (2) proportionality and minimal infringement, (3) purpose limitations, and (4) justice (1374) . Policies that become altered during the outbreak should remain monitored for continued justification of the alteration and should discontinue at the end of the outbreak (Rothstein, 2020, 1375) .
During the COVID-19 pandemic, Canada realized the conflict between the creation of a public health database and data privacy law. Data privacy laws vary by province (some have legislation, others default to federal law), sector (public and private), and profession (i.e., healthcare data is strictly regulated) (Bernier and Knoppers, 2020, 454-455). Generally, data cannot be shared between provinces, though this is debated based on local and federal laws, nor used for purposes other than for which it was collected (Bernier and Knoppers, 2020, 455). However, all these limits can be loosened during public health emergencies. There are legislative carve-outs for combating health risks, and during COVID-19 the Privacy Commissioner allowed officials to forgo consent from each individual, a privilege that is repealed after the emergency (Bernier and Knoppers, 2020, 455).
War
McDonald (2020) describes privacy as a social good and notes there is a trade-off between privacy and national security, claiming these rights are dependent on context (380). As such, these privacy limitations can be toward individuals or society, but they usually come to light ex parte (McDonald, 2020, 385, 380). However, it is unclear who dictates when this trade-off between privacy and security begins, ends, or how invasive it is as war surveillance is largely unregulated; there is no law of war regarding privacy (McDonald, 2020, 385, 386). It seems feasible violations can be committed by both one’s own country and the opposition. By one’s own country in the sense that they don’t want traitors, resulting in actions similar to how the United States placed Japanese Americans into internment camps during WWI or passed the Sedition Act of 1798 (Share America, 2015) . Alternatively, the opposition can somewhat feasibly be expected to also survey those they are at war against, especially when attacking and trying to avoid civilian injury (McDonald, 2020, 381). Enemies may also invade privacy through espionage and intelligence which isn’t necessarily legal under international law though it is not limited to wartime (Pun, 2017, 360-361, 364; McDonald, 2020, 384).
References:
Bernier, A. & Knoppers, B.M. (2020, June 26). Pandemics, privacy, and public health research. Canadian Journal of Public Health 111(4), 454-457. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7318908/pdf/41997_2020_Article_368.pdf
McDonald, J. (2020). Information, privacy, and just war theory. Ethics & International Affairs 34(3), 379-400. https://doi.org/10.1017/S0892679420000477
Pun, D. (2017, Summer). Rethinking espionage in the Modern Era. Chicago Journal of International Law 18(1), 353-391. https://chicagounbound.uchicago.edu/cjil/vol18/iss1/10/
Quinton, A. (1988, Autumn). Plagues and morality. Social Research: An International Quarterly 55(3), 451-462. https://www.jstor.org/stable/40970516
Reidenberg, J.R., Gellman, R., Debelak, J., Elewa, A., & Liu, N. (2013). Privacy and missing persons after natural disasters. Woodrow Wilson International Center for Scholars Commons Lab. https://www.wilsoncenter.org/publication/privacy-and-missing-persons-after-natural-disasters
Rothstein, M.A. (2020, Aug. 12). Public health and privacy in the pandemic. American Journal of Public Health 110(9), 1374-1375. https://www.doi.org/10.2105/AJPH.2020.305849 Share America. (2015, Apr. 6). Civil liberties in wartime. United States Department of State. Retrieved October 18, 2021, https://share.america.gov/civil-liberties-wartime/