South Korea Admits Keeping Personal Data Of 2015 MERS Outbreak Patients
SARAH MCCAMMON, HOST:
South Korea has what is arguably the world's most advanced contact tracing system, and that's enabled the country to control the spread of the coronavirus without resorting to lockdowns. Most people in South Korea approve of the system and the government's performance. But as NPR's Anthony Kuhn reports from Seoul, privacy advocates say that the tracking system has caused unnecessary harm to citizens' rights.
ANTHONY KUHN, BYLINE: South Korea built its contact tracing system in the wake of the 2015 outbreak of Middle Eastern Respiratory Syndrome, or MERS. It revised laws to allow the government to use cellphone data, credit card histories and surveillance cameras to track infected persons. But it also has a Personal Information Protection Act, which says that after the data has served the purpose it was collected for, the government must delete it. So we asked the government, has it deleted the data from the MERS outbreak? Kwon Jun-wook, director of the National Institute of Health, replied at a press briefing.
KWON JUN-WOOK: (Speaking Korean).
KUHN: When the outbreak ended, he said, public opinion was that the government should take follow-up measures to address any complications or patients' health issues, even after they're released from treatment. So the government and health authorities decided to retain the patients' information permanently. Seo Chae-wan, an attorney with a civic group called Lawyers for Democratic Society, says that the only justification for the government collecting such data is an emergency. And in the case of the MERS outbreak, that emergency is clearly over.
SEO CHAE-WAN: (Speaking Korean).
KUHN: Several years have passed since the last MERS patient, he says, and it seems clear that the government is violating that limitation. Oh Byoung-il is a privacy advocate with the group Korean Progressive Network. He says the government's handling of the last epidemic has serious implications for the current one, which involves far more patients and data.
OH BYOUNG-IL: (Speaking Korean).
KUHN: It reveals a conflict, he says, between their declaration that they'll delete COVID-19 patients' information and the practice that they've followed so far, which is to not delete the MERS information. He argues that the government largely has the COVID-19 outbreak under control, so it should be making its data collection less invasive, not more. Instead, he notes, the government recently responded to an infection cluster in several nightclubs not just by collecting information of patients and those with them in the nightclubs, but of everyone whose cellphone signal was detected in the district.
OH: (Speaking Korean).
KUHN: Our concern is that the South Korean government has been so invigorated by global praise for its success in containing the outbreak, he says, that it's become a bit paranoid about getting case numbers down to zero. Privacy advocates point out that patients whose data is leaked can be stigmatized by society. The government counters that the law mandates stiff penalties for anyone who leaks the data. But Seo Chae-wan argues that deleting data that's served its purpose is better than punishing leakers after the fact. Seo says his group is considering suing the government for violating data privacy laws, but he admits the odds are against them.
SEO: (Speaking Korean).
KUHN: The biggest problem with the South Korean judiciary, he says, is that it interprets citizens' rights to control their own personal information very narrowly. Opinion polls show the South Korean public generally trusts health authorities and approves of their contact tracing system. But the way the privacy advocates see it, retaining patients' personal information indefinitely is a significant step towards damaging that trust.
Anthony Kuhn, NPR News, Seoul.
(SOUNDBITE OF VETIVER'S "CURRENT CARRY") Transcript provided by NPR, Copyright NPR.