Merics China Monitor. 24. Juni 2020.

TRACING. TESTING. TWEAKING.
Approaches to data-driven Covid-19 management in China

Kai von Carnap, Katja Drinhausen and Kristin Shi-Kupfer

MAIN FINDINGS AND CONCLUSIONS

China deployed data-driven solutions fast and early in the Covid-19 epidemic.
Responses included upgrading and expanding components of the existing digital
technology ecosystem, most notably facial recognition and “super apps”
like WeChat. Well-established links between government and business enabled
Beijing to draw on large amounts of user data, often in real-time.

Macro and micro tools generated from mobile phone tracking data are at the
core of China’s approach to Epidemic Prevention and Control (EPC). They have
provided inputs to develop the QR-code health apps that enabled quarantine
restrictions to be lifted relatively swiftly.

To identify potentially infected people, China’s government deployed refined
facial recognition technology with added temperature sensors and infrared
identification solutions. Hospitals and doctors used digital platform solutions
for disease monitoring, diagnostics and resource management systems based
on big data and AI, and free online health consultations.

Beijing’s epidemic management prioritizes security over privacy. Laws and regulation
focus on facilitating data aggregation and sharing between stakeholders,
rather than privacy rights. Despite the integration of personal data protection
into the newly established Civil Code, legislation is still fragmented and
mainly addresses the private sector. Government departments have greater
legal scope to collect and share data.

Developers of new contact tracing and health apps have been able to build on
existing user agreements and standard privacy policies that permit them to
share, transfer and disclose personal information without additional consent in
the interest of public safety and public health.

China’s data-driven management of Covid-19 has shown key benefits, i.e. reviving
public life in a strictly controlled form based on rapidly deployed solutions
to trace people’s movements, contacts and health status. Digital platform solutions
have improved medical research, patient treatment and resource management
within the health sector.

However, the swift roll out of data-driven solutions to manage public health
also highlighted several kinds of risks. Technological solutions like the QR
health codes proved only partially functional or serviceable. Personal data has
been misused by companies to collect data for their own commercial interest.
Local cadres have also abused personal data in the drive to detect infected
people and reduce new cases.

Data leaks have resulted in discrimination and stigma against some social
groups, e.g., people from severely affected areas. Data breaches led to publicly
voiced concerns about personal data protection. Overall, Covid-19 has triggered
new debates on privacy in China which, as in Europe, increasingly evolve
around the dilemma of balancing public safety and privacy interests.

Only some of China’s data-driven solutions for managing Covid-19 are appropriate
for use in a European context. Solutions for diagnostics and treatment
should be further assessed and could be relatively easily applied in Europe.
Others, like contact tracing based on excessive data collection and opaque algorithms,
are incompatible with European data protection values and norms

Download vollständige pdf