Balancing ethics and privacy rights amid COVID-19

While the right to privacy is enshrined in South Africa’s constitution, the role of ethics is forcing a change in mindset – from not only strict compliance with regulation, but also consideration of whether or not the data subject is being adequately protected.

The issue of privacy and ethics is under the spotlight as personal data is being readily exchanged amid the COVID-19 pandemic, raising the questions of where does this information go, who has access to it and why?

Speaking on day 1 of the ITWeb Security Summit 2020, Yvette du Toit, Associate Director at PwC, presented on the topic of data privacy and ethics, starting with the distinction between ethics and law: while ethics defines what is good for individuals and society and is about creating morally good people, the purpose of law is to regulate human behaviour and create a society devoid of evil and injustice.

Du Toit outlined the evolution of privacy law in line with changing technology, saying “it’s something that has come quite a long way” since the 1950’s right to respect for private life, to the 1980 OECD Standard, through to the European directive in 1995, GDPR in 2016 and finally the CCPA (California Consumer Privacy Act) and POPIA in 2020.

“Ethics is moving the conversation from ‘are we compliant’ to ‘are we doing the right thing’ – are we protecting the data subject?” she said.

Du Toit mentioned several ethical challenges to privacy, including different applications of AI within medical science such as drug development, disease diagnostics, digital consultation and analysis of health plans, among others.

“The medical industry is mixing with AI and the construct of privacy and ethics still needs to be maintained within how we devise these technologies.”

Du Toit added that when it comes to data collected by AI in medical science, such as screening for example, diagnosis and even treatment assignments, that source of information is used to provide treatment and it is interesting because if the data is wrong, that could impact on the quality of treatment.

She also spoke about the predictive capabilities of AI technology and the ethical challenges this poses – for instance, the predicted health of a person can become their electronic record, which can be misused; or it can lead to psychological harm as a person can be traumatised by knowing they will likely suffer from a disease in later life.

Data privacy laws in Africa

ITWeb reported that according to independent security expert Susi du Preez, African countries are lagging in enacting data protection laws, leaving citizens vulnerable to cyber attacks.

Du Preez, who also spoke at the ITWeb Security Summit on Tuesday, compared the pros and cons of data protection and privacy legislation and the need for a global response, and said of the 54 countries on the African continent, only 17 have data protection laws in place.

Du Preez said: “There are 17 countries in Africa that have enacted comprehensive personal data protection legislation, namely: Angola, Benin, Burkina Faso, Cape Verde, Gabon, Ghana, Ivory Coast, Lesotho, Madagascar, Mali, Mauritius, Morocco, Senegal, Seychelles, South Africa, Tunisia and Western Sahara.”