Vint Cerf suggests GDPR could hurt coronavirus vaccine development TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for Indian outlet Medianama titled “Internet Lessons from COVID19”, Cerf – a Google …
GDPR is there to prevent your data being used without your consent.
It isn't hard to get consent, to use the data only for the purposes stated and to delete it when it's no longer required for those purposes.
It's particularly important to get consent in exceptional circumstances, such as the present, because the last thing you need is people refusing to cooperate or deliberately sabotaging your otherwise worthwhile project.
Vint began his war on privacy long before coronavirus came along. It's just a convenient excuse to rekindle it.
Actually that's not the case. Consent is only one of the lawful bases for processing.
And it won't hinder vaccine development. There's a specific provision - Article 9.2(i) - that permits the (otherwise prohibited) processing of the "sensitive" categories "[...] for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health [...]".
The GDPR is not a barrier to any legitimate processing by any organisation provided its requirements (intended to respect the human rights of data subjects) are fulfilled.
It's about time someone actually read the GDPR before pronouncing on it, particularly where the person pronouncing is high profile and likely to be taken as an authority..
If the government allows itself to know everything about everyone, there are ways to apply the information for things like infection control. That doesn't mean that it'll get done. And what else will?
I have in mind thought experiments about how to capture and misuse data, and in the case of coronavirus tracking I can see it being used to do something about homosexuals. And organized labor as well, if everybody's phone is going to record where they go and who they meet, but to identify homosexuals, you're usually looking for about two phones of the same sex alone in an isolated place, and stationary. Or, since many phones have movement sensors, they may be jiggling around in a distinctive way. Once the government has identified the homosexuals, they can intervene themselves or else pass it to church groups to take the necessary action and inform the next of kin. The same technology also can deal with other unnatural performances, with miscegenation, and with the race problem in general. And church attendance, of course.
So let's just stick with wearing rubber masks for now. When we still have a choice.
It's about time someone actually read the GDPR before pronouncing on it
Indeed. But it didn't suit Cerfs paymasters to do that. It's sad, but he's pretty much living proof that have done some good tech things in the past doesn't mean that everyone has to listen to him with an uncritical mind.
The USA has been doing that for two hundred years and look where that's got them.
It's the spirit of the law that should count, not the letter, but you just can't write something that cannot be interpreted in a manner that was not intended. Courts should be there to keep things in the spirit of the law, but they have been undermined by decades of reinterpretations of script.
Unless you have a robust corps of judges who are well versed in the spirit of the law and hell-bent on refusing alternate interpretations, your legal system will break down.
And, on top of those issues, you have the lawmakers who can very well make laws for their own interest or financially-interested parties, instead of making laws that ensure that actual, living, breathing humans* have a chance at a decent living.
* I wrote people first, then realized that, in the USA, corporations have the same rights, so I had to correct that
The difficulty with framing legislation is that it's not possible to anticipate all situations, especially when the situations include technology or changes in society that couldn't even be visualised at the time. That's why the UK and US legal systems rely on judges interpreting the law as it applies to the case before them. From time to time legislation can catch up to take advantage of what was learned applying the previous law and adapting to changes in the environment in which it has to work. Without that element legislation would be too inflexible.
That's one of the main differences between western Europe and the USA - or at least between conservatives and liberals.
Broadly speaking, conservative judges tend to apply the law the way it was written by the (representative) legislature while liberal judges tend to rule based on how they believe the law should have been written.
That is not to say that conservative judges agree with all laws, it's just that they tend to leave it to the legislature to change the laws rather than changing them on their own.
Add to that confirmation hearings. In general (again) you will hear the more liberal senators asking the candidate what they think about a specific issue while the conservatives tend to focus on whether the candidate would apply the law, whether they approve of the law or not.
I think it was Justice Thomas who said that he doesn't need the parade of people who might be disenfranchised if the Court ruled a certain way. His take is whether a specific issue is constitutional or not. It's up to the states to change the Constitution if that's desired.
You see it in the lower courts as well. There have been rulings that referred to the defendant's own sense of right and wrong and concluded that a lesser sentence was warranted because the perpetrator did not deem his own actions to be all that objectionable. In addition, at times more liberal courts will conclude that a specific act, while considered egregious under local law, is not considered objectionable in the defendant's own culture or country of origin.
I had a (conservative) lawyer friend of my explain that a crime involves a criminal act and a criminal mind. So the state of mind of the defended at the time of the alleged crime really does matter.
Consider, for instance, that many statutes include phrases like "willing and knowingly..." In the case of murder, we distinguish premeditated from heat-of-the-moment from accidental killings
This post has been deleted by its author
I don't dispute the existence of two schools of thought, but I don't agree that "conservative" and "liberal" are the appropriate labels. Those two words have too many political connotations and I don't think the split in legal interpretation aligns with political leanings.
The opening paragraph of https://en.wikipedia.org/wiki/Plain_meaning_rule touches on this concept and links to notions like "literal rule", "textualism" and "originalism".
I was taught at law school that "Black Letter Law" is an abomination and denies the need for judges. The statute should point the direction, but not define the route taken nor the specific end point. I used to agree with that, but I now think that it misses a key point - the statute needs to be clear about the direction. The current state of statute writing is so shit that judges need to be far more disciplined in their interpretations.
.
... then realized that, in the USA, corporations have the same rights ...
Indeed ...
That specific issue has been nothing short of the beginning of the end of representative government in what is left of the free world.
That the rights of corporation end up being more worthy of consideration than the rights of individuals or even of a duly elected government (as the SCOTUS has proven many times over with its rulings) will prove to be the downfall of whatever good is left of western society as we know it.
O.
A corporation is a group of people united by contract and recognized by the State as a separate entity. This entity can engage in further contracts, and we want those contracts to be enforced by the courts. In American jurisprudence, that means that they are "persons" under the law, as only legal persons appear before the courts. (If a dog attacks you and you get hurt, you cannot sue the dog, only the owner.)
There has been some back and forth as to which rights of the individual can survive incorporation. We has a strange situation for several decades where some corporations (labor unions, political parties) could incorporate the right of advocating politically, but not others. (This statute was created by a miffed politician after he faced more money in a campaign than he had expected.)
The Citizen's United case affirmed that political advocacy was a generally incorporatable right.
Nice try, but in the world today the company using the data get to decide what counts as "malicious" use - remember "Don't be evil"? The GDPR has not been effective, it's just something that corporate lawyers work around... "That's not your data sir, it's our data, we collected it."
I suggest that we make it OK for everyone to share their personal data but immediately close down and jail any individual, company, organization, or political party that uses personal information in a way that any court decides was not intended by the person making the information available.
This would put the the legal devil on the backs of everyone processing the data.
IMHO GDPR was to prevent malicious use of personal data.
Then you should freshen up on the law. Any use of personally identifiable data, apart from a few statutory exceptions, requires the explicit consent of the person involved. Malicious is open to interpretation which is why it's not mentioned in the law.
Ah, the delicious irony of telling someone to freshen up on the law when they themselves don't have a fucking clue what they are talking about.
a) consent
b) contract
c) legal obligation
d) vital interests
e) public task
f) legitimate interests
These other 5 are not "a few statutory exceptions"
"Its time to understand the difference between the letter of the law and the spirit of the law isn't it?"
I have a novel suggestion: ASK the person that owns the data if it can be used, in writing, and THEN ensure proper privacy protection as much as possible.
Then you comply with GDPR [as I understand it], and are STILL able to do whatever research you need with the data.
Yeah, treating the owners of the data as PEOPLE instead of STATISTICS - what a novel concept!
This post has been deleted by its author
Yes, but what he says seems to imply that the EU's GDPR isn't a problem but that other legislation inspired by or derived from it may have unintended consequences. For instance, the German phone networks have been providing anonymised phone location data to the Robert Koch Institute to help their modelling for months now and this is okay within the bounds of GDPR, but this might not be possible in other countries.
Elsewhere it should be noted that Google and the other titans have been lobbying intensely to get hold of patient data. This is, in my opinion, an accident waiting to happen as.
As for off-premise commerce: it's been happening for decades with things like catalogues. Just took a bit longer to happen. And we could have had video conferences since the 1970s except that no one thought they were worth the price. Even now, where they are nearly free, it's hard to argue that the video part really adds much.
His statement is a bit nebulous, but I think he is referring to other countries (read: USA) that are in the process of initiating their own versions of the GDPR.
The more such new laws resemble the GDPR the greater his concern (for Google's bottom line).
California has a weaker version of the GDPR and the last thing Google wants is something stronger - especially at the federal level.
I hear echos of Saul Alinsky when he says that privacy laws are going to end up killing people. "Never let a crisis go to waste."
> what he says seems to imply that the EU's GDPR isn't a problem but that other legislation inspired by or derived from it may have unintended consequences
EU's GDPR isn't something they can fight anymore, but they can always try to prevent the disease from spreading to the rest of the herd. This starts by accusing GDPR of anything and everything: GDPR's secret agenda is to starve the honest god-fearing citizens (like *you*) (and take your guns away!), GDPR caused Covid-19, it's the reason of all those hurricanes, tornadoes and the great drought, and most of all it's trying to turn our children gay. Did I forget something?...
As a Google propagandist, Cerf is just producing the sound bite he's paid for. Covid-19 is very handy for this, as it affects everybody and you can claim anything around it.
Passing a driving test is an onerous chore.
Washing your hands before preparing food is an onerous chore.
Treating a patient or taking them to the toilet and cleaning their bum is an onerous chore.
We do all those things because they are necessary, not because they are easy.
This post has been deleted by its author
* With wearables we could collect the health data of millions of individuals
* With these data, we can do research
* With this reseach we could cure <insert the latest medical problem that's really en vogue>
* But, wait, the GDPR prevents us from collecting the data in the first place, ohh the humanity!
* GDPR prolongues <insert the latest medical problem that's really en vogue>
--> never mind the handwaving involved in point 3
And there you have it, the techies cry foul, the media report, an nobody is ever the wiser.
Techies should stick to tech, law people to law; it doesn't bring any good, if suddenly techies decide laws do not apply to them.
Robert Koch Institute, in Germany, has an app to collect health data from smart watches to help with diagnosing Corona. The app stays within GDPR, because it has a privacy statement and is opt-in.
The data is anonymised and is used to help them detect early signs of COVID-19.
GDPR gets blamed for making things impossible, when it only makes people actually have to think about what they are doing and to get the correct permissions and to ensure the data is handled accordingly.
"And properly educate tech people about the law, it goes both ways."
Yes, but most techies will admit that they don't know the intricacies of the law, whereas most lawyers/politicians won't admit to being ignorant about anything other than the bar and hotel bill under the name of that lovely young person over there. They'll demonstrate ignorance on all sorts of topics, that's different.
You've never witnessed a discussions between techies about licenses, then. Because that's really a place they demonstrate their ignorance, while not admitting anything of the sort.
I spend enough time on IRC channels with techies working at Google, RH, and other famous places to see how in general, they have strongly held opinions on plenty of topics which they don't quite understand.
Admitting ignorance is not something they do any better than the lawyers or politicians you appear to despise. Without knowing much about them either, it sounds like.
of all the things Cerf has taken note of, lambasting ISPs for immoral interpretation of the word "unlimited", specifically not making any efforts to improve bandwidth and coverage, and doing their damnedest to ensure that their contracts are as nebulous and incomprehensible as possible while maximizing their profits is nowhere in the list of things that His Cerfness deems an issue.
Obviously, demanding government handouts is the way to go when you've sold out.
1) Locking people up at night.
2) Restricting the top speed of cars to 20mph.
3) Banning activities such as surfing, sailing, swimming, climbing, travelling abroad.
4) Forcing everyone to have implanted ID chips, capable of letting authorities know where everyone is at any time.
etc.
Sounds great, but wouldn't someone please think of the children?
5) Sequencing every citiziens genes and having the government (maybe through a public-private partnership so it is free of charge) select the optimal partner so there are no more disadvantaged birtths is the only way to go!
It's not just accidents. I'm pretty sure most sex crimes and violents assaults happen at home, too. Also, most such crimes are commited by heterosexuals. So ...
Force everyone to live in communes.
Take egg and sperm samples from all teenagers and then zap them.
Only breed from those samples after the donors have died and can be proven to have lived decent lives.
Icon: Because you never know who might be reading this...
People regularly do die in droves of the flu. Furthermore, considering how quickly it mutates, is difficult to develop lasting immunity against. This is why it is highly recommended that all medical staff have a full and up to date complement of vaccinations: even if it doesn't kill them, it makes them less likely to pass it on to others.
Covid-19 is a serious illness and in many cases fatal but the media frenzy has served to take people's attention from other equally serious illneses. Referrals for serious illnesses to hospitals are significantly down in many countries as a result of people being more scared of Covid-19 than anything else.
The importance of a coronavirus vaccine is equal to the importance of any other flu vaccine.
I agree with this.
Never forget that the mortality has been overrated for other purposes.
While there has been some overstatement, particularly in Italy in the early days, there has also been some understatement, particularly in care homes before mass testing became available. With so many patients having other conditions it's also difficult to call in some cases. But, never suspect a conspiracy when incompentence will do.
Re :"Variations of the European Union’s General Data Protection Regulation (GDPR) are propagating around the world with good intent although implementation has shown some unintended consequences, not least of which may be the ability to share health information that would assist in finding a vaccine against SARS-COV-2."
Now, as I understand it, GDPR allows you to collect personal data for a given purpose, as long as the data subject has opted in. This wouldn't be a problem for Covid apps, because by submitting data, you could be considered to be opting in.
GDPR also requires that the data only be kept for a reasonable length of time, and deleted when that time expires. Not sure GDPR specifies lengths of time, but you aren't allowed to keep the data for years after it is useful.
Neither, as far as I can see, would affect vaccine research.
Not sure if GDPR allows personal data to be transferred elsewhere without express consent, but surely they would only need to transfer anonymised data anyway, in which case, GDPR would likely not apply.
Health data would be good for advertising though.
>Not sure GDPR specifies lengths of time, but you aren't allowed to keep the data for years after it is useful.
Well given the extent to which modern medical research uses historic (personally identifiable) medical records, it would be relatively easy to justify the "useful" retention life of CoVid19 data to be at least 100 years.
>Not sure if GDPR allows personal data to be transferred elsewhere without express consent
You get express consent to permit you to "share data with selected third parties".
My mum is okay, but I've kept her hospital wristband. Slightly curious about the CHI and UHPI numbers and barcodes on it.
She was sent into an isolation room there overnight because someone at a health centre thought she had a bit of a temperature. She did not. Calibrate those meters!
She went in with COPD and could've came out with Covid. She wasn't worried because, "I don't have it!", and I said, aye, not yet. She forbade me from making her laugh.
They were going to make her walk alone from the health centre to the hospital, a death march at her age. And she claps for carers - I'll be giving a slow clap now.
I love the NHS but Germany, the Netherlands, France, Finland have better health care today. This is getting worse, not better.
Even damnation is poisoned by rainbows.
CHI is the Scottish national health identifier, the equivalent of an NHS Number in England (and exists in the same namespace).
The barcodes contain this number, and possibly (I can't recall) a few other bits of info so they can easily be scanned to ensure this is the patient the medic is expecting.
UHPI, I'm not sure about.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
