The government has clarified directives to track and trace individuals who have come into contact with the Covid-19 virus. Prior to the amendment, it was not made explicit how people’s private data would be protected nor which relevant authorities would have access to the information. Now, with fewer ambiguities, the regazetted directives provide somewhat of a safeguard against the abuse of private information. 

The newly amended track-and-trace directives will, according to the government, target efforts to curb Covid-19.

The directive states that: “The National Department of Health shall develop and maintain a national database to enable the tracing of persons who are known or reasonably suspected to have come into contact with any person known or reasonably suspected to have contracted Covid-19.” 

The database will include identifying information such as the name, surname, identity or passport number, address, telephone number and test results of such individuals. 

This is a backtrack from earlier directives published by the Minister of Communications and Digital Technologies, Stella-Ndabeni-Abrahams, on 26 April, which left much to be desired about how people’s private information might be handled by the state. 

In an interview with Daily Maverick, before the gazetting of these new regulations, amaBhungane’s acting advocacy coordinator, Murray Hunter, said there were concerns that despite the database being compiled in good faith, if not regulated carefully, people’s private data could be vulnerable to abuse. 

“Given the existing evidence that our own law enforcement agencies have abused their spying tools and have failed to respect people’s private information, what happens if, let’s say, the police now say, ‘We want to find out who has been breaking the law’?” Hunter said. 

He pointed out that other concerns were potential threats from cybercriminals who might hack into the database and use the information to the detriment of public security. 

Information obtained from all confirmed or suspected cases must be handed over to the director-general of the health department who is tasked with handling the “Covid-19 Tracing Database”, as is referred to in the amendments. 

The regulation includes safeguards that will protect the private information of individuals during this time, and until the lockdown ends. 

The global pandemic has seen many governments around the world take similar, but more rigorous, measures in the name of combating the spread of the coronavirus.

Reuters reported that network providers in Italy – a country with an alarming number of Covid-19 deaths  – Germany and Austria are providing governments with anonymous data to monitor whether people are complying with movement regulations. In China, many reports have pointed to the massive surveillance that Chinese citizens have been subjected to since the pandemic broke out in the country late in 2019. 

In the case of South Africa, similar regulations delegate the minister of justice and correctional services to appoint a retired High Court judge to oversee information obtained by the government using this directive. 

“The Director-General: Health must file a weekly report with the Covid-19 Designated Judge setting out the names and details of all persons whose location or movements were obtained in terms of [the regulations],” it reads. 

“It further restricts use by providing that information collected under this regulation and included in the database cannot be disclosed “unless disclosure is necessary for the process of addressing, preventing and combating Covid-19”. 

What happens to the information obtained after the National Disaster declaration lapses or is removed? 

First, the government can access the location and movement dates of individuals from 5 March until the date at which the State of National Disaster ends or is removed. Second, the director-general must, after six weeks, notify all people whose private information was obtained using the regulation. 

In addition, six weeks after the State of National Disaster ends or is lifted, the information on the coronavirus database will be anonymised and kept to be “used only for research, study and teaching purposes”. Information that is not anonymised, will be destroyed. 

Investigative journalist Heidi Swart said there are various ways in which governments can trace people’s locations. 

“When done through geo-spacing, at any point in time, if your cellphone settings are set to pick up wi-fi hotspots in any area you visit, your location data is generated. The same with mobile networks; whichever internet tower your phone connects during your movement, that data is recorded,” she said. 

When strongly connected, it can go as far as providing your proximity to the tower or hot spot at any point during your movements, Swart added. 

At a time when disinformation – “fake news” – thrives and spreads with as many detrimental impacts as the virus, governments need to be intentional and explicit when drafting these temporary directives. 

Fake messages are being shared on WhatsApp with panicky and unfounded claims that the government is monitoring every citizen’s cellphone data, including phone calls and social media activity. 

“The people who are involved in drafting these regulations need to explain very carefully what is going on so that it does not leave ambiguous messages. Stopping the flow of disinformation is as important as stopping the spread of the illness itself,” Hunter said. DM