Screenshot 2020-06-10 at 10.31.09 AMThe pandemic has exposed confusing inconsistencies in privacy laws, and once again highlighted the need to scrutinise AI, writes Ronald Yu.



Covid-19 has brought about radical disruptions both to peoples’ lives and routines as well as corporate behaviours and national policies.

It also prompted several technology companies and governments to respond. For example:

  • On April 10, 2020, Apple and Google announced a partnership to develop APIs and operating system-level technology to assist in contract tracing
  • A network of infectious disease epidemiologists launched the Covid-Mobility 19 Data Network in partnership with Facebook, Camber Systems and Cuebiq to provide aggregated data sets for epidemiologists to use
  • Unacast launched a pro bono Covid-19 Toolkit for public health experts, policymakers, academics, community leaders and businesses
  • Facebook announced an expansion of its Data for Good initiative to use aggregated data to provide Covid-19 related tools for policymakers
  • Google announced it is providing mobility reports for Covid-19 efforts, to show movement trends over time by geography.

But there were also unpredictable developments.

New developments, new consequences

Who would have thought that Apple and Google would join forces to use Bluetooth technology to help governments and health agencies reduce the spread of Covid-19 worldwide only to find themselves at loggerheads with France, once one of the staunchest advocates for personal data privacy, over security technicalities in operating systems and questions of how to store contact tracing data because France wanted Google and Apple to relax privacy rules for contract tracing purposes?

Covid-19 also sent compliance and HR departments scrambling to make sense of inconsistent national privacy laws for example discovering that:

  • While you could ask employees about whether they have symptoms in Australia, Denmark, Germany or Spain, you can only do so with limitations in Poland or Italy, and you cannot do so in France
  • In the Netherlands you cannot ask employees or gig economy or agency workers if they have symptoms nor can you ask about their travel history, but you can ask visitors if they have symptoms and ask about their travel history
  • While you can take the temperature of employees, gig economy or agency workers, and visitors in the UAE, you cannot do the same in Sweden or Finland. You can, however take the temperature of employees and gig economy or agency workers with limitations in Hungary, though Hungarian law bans you from taking the temperature of visitors
  • You can ask about any symptoms in an employee’s, gig worker’s, agency worker’s, or visitor’s household in Hong Kong and Singapore, and you can do the same in China and Germany but with limitations, but would be barred from doing so in France. In the Netherlands, while you cannot ask an employee, gig worker or agency worker about symptoms in his/her family, you can ask a visitor such questions.

While most companies and people have examined the issue of population and individual reactions to Covid-19 from a data privacy standpoint, there are other very important developments that have almost been overlooked.

Screenshot 2020-06-10 at 10.26.59 AM
Non-standard standard setting

Shortly after the blow-up between France, Google and Apple (and Germany) regarding the storage of contract tracing data, the UK trialled its own contract tracing app that pooled the data collected into a single database operated by the National Health Service (NHS), arguing this would provide greater insight into the spread of Covid-19 and allow the NHS to decide which users are most at risk. However, as this app was incompatible with the contact tracing system developed by Google and Apple, the UK system did not work as advertised.

While not only embarrassing, it also highlighted the ability of technicians and technocrats in California to affect policy initiatives in Europe.

Furthermore, this instance of de facto standard setting was accomplished without the typical lengthy industry-wide consultation that typically accompanies standards-setting exercises, but instead with the agreement of two major technology players. Though the ostensible purpose of this was for public health, the anti-trust implications as well as the ability of tech giants to effectively impact policy abroad and, by extension, the operation of companies using their platforms should not be ignored.

Upsetting AI

Second, the Covid-19 crisis has caused major shifts in behaviour: e-commerce sales have risen in many places, more students are taking classes online, more meetings are now being conducted online, more people are using tele-medicine, more people are having their food and groceries delivered to their homes and more people are working from home. The permanence of these trends remains to be seen but while much has been made of the supply chain disruptions brought about by Covid-19, these changes have also begun affecting AI systems as machine-learning models trained on normal human behaviour have now discovered that ‘normal’ has changed. This has caused hiccups for the algorithms that run behind the scenes in inventory management, fraud detection, marketing and more.

Companies will now have to update their AI systems to incorporate the latest data so their AI systems remain competitive, that their operations are not compromised, yet at the same time continue their cybersecurity vigilance against bad actors who might try to inject bad data in an attempt to poison a company’s datasets. Thus companies must constantly oversee their AI systems to make sure they do not misbehave.

Screenshot 2020-06-10 at 10.28.58 AM

Continuous, constant oversight is needed

While the primary objective of such oversight is to ensure these systems are providing their expected design outcomes, avoiding liability is also important given the growing list of governments and companies that have faced or are facing public backlash, if not legal action in some cases resulting in damages in the millions of dollars and even legislative investigation for poorly implemented AI.

Governments have already begun laying the groundwork for more careful scrutiny of AI systems. For example, in December 2019 the Australian Human Rights Commission released its Human Rights and Technology Discussion Paper, produced as part of a broader project examining the human rights impacts of emerging technologies, algorithmic bias, artificial intelligence, big data and the fourth industrial revolution. In the paper, the Commission proposed a principle that AI should be accountable in how it is used, that the Australian Law Reform Commission conduct an inquiry into the accountability of AI-informed decision making and proposed new legislation to require that an individual be informed where AI is materially used in a decision that has a legal, or similarly significant, effect on the individual’s rights. It also proposed mandating algorithmic explicability.

Should Australia’s and other similar initiatives ultimately translate into new laws, this will mean yet another set of legal concerns for companies to worry about.

Navigating complexity, vigilance, swift intervention

Ultimately, companies and their counsel will have to navigate this increasingly complex labyrinth of laws and even technical standards keeping in mind not just the potential legal liabilities but also the potential impact on business competitiveness and operational integrity caused by events such as the Covid-19 crisis.

Covid-19 and the impact of the behavioural changes it has ushered in shows that the need to access data in a timely manner is more important than ever given our increasing dependence on AI systems. Yet the need for vigilance and swift intervention and oversight for unpredictable occurrences remains.


This is an excerpt from a speech given by Ronald Yu as part of the inaugural Empowering Transformation webinar series examining the impact of cross border data flows. Click here for more.


Also by this author:


Official Publication: Asian-mena CounselClick Here to read the full issue of Asian-mena Counsel: Counsels of the Year 2020.

Related Articles by Firm
Foreign Banks Allowed to Operate in Myanmar
After more than 50 years of banning, the Central Bank of Myanmar has issued the first final licenses allowing four foreign banks to operate in Myanmar.
Tanzanian Draft National Energy Policy of 2015
Highlights on the ongoing and upcoming industry developments with focus on the transition of the energy sector since the introduction of the Big Results Now! campaign
Mineral Rights Available in Tanzania
Overview of the mineral rights available in Tanzania, with specific focus on the various categories of mineral rights
The Legal Framework of the Aviation Sector in Tanzania
As attention turns to Tanzania’s trade and energy opportunities, the spotlight has fallen upon the nation’s infrastructure. This update focuses on the capabilities and issues of the Tanzanian aviation sector.
Oil price volatility - Offshore oil storage
Are there any legal concerns with tankers being used for floating storage?
Oil price volatility - risks and opportunities in 2015
While many companies can weather the oil price slide and volatility, some industry players face a real risk of insolvency.
India: Union Budget 2015
A bullet-point overview of changes in Direct Tax, Indirect Tax and Goods and Service Tax in India in light of Finance Minister Arun Jaitley’s first full-year Budget…
Prohibition against transfer of personal data outside Hong Kong
Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong, except in circumstances specified in the PDPO.
Security of payment under FIDIC contracts: more secure, for now
The High Court of Singapore recently handed down an important judgment in relation to the enforceability of Dispute Adjudication Board (DAB) decisions under the FIDIC forms of contract.
Insurance Laws (Amendment) Bill passed as Ordinance in India
The long-awaited Insurance Laws (Amendment) Bill has become a provisional law in India. The Bill amends the Insurance Act (1938), the General Insurance Business (Naturalisation) Act (1972), and the Insurance Regulatory and Development Act (1999).
SICC: now open for business
On Monday 5 January 2015, the Singapore International Commercial Court ("SICC") was officially opened...
Myanmar insurance update
Clyde & Co partner Michael Horn recently visited Myanmar's commercial capital Yangon and reports on the current state of the insurance market...
Launch of the online mining cadastre transactional portal
Plus, a summary of the key mineral rights available in Tanzania; and, a look at the manner in which mineral rights can be transferred.
Restrictions imposed on holders of mineral rights
This briefing looks at some of the restrictions imposed on holders of mineral rights in Tanzania by the Mining Act 2010
Draft local content policy for the oil & gas industry in Tanzania
The first draft of the long-awaited local content policy for the oil & gas industry in Tanzania has now been published by the Ministry of Energy and Minerals ...
Tanzania: Revocation of mining licences
The Tanzanian government recently announced the cancellation of a total of 174 mining licences. This mining update examines the key continuing obligations imposed by the Mining Act upon mining licence holders.
Mining Development Agreements
In this month’s mining briefing we look at Mining Development Agreements (MDAs) and the role that they play in the mining sector in Tanzania.
The Tanzanian railway system: current legal framework
The railway system of mainland Tanzania has a total track length of 3,676 kilometers (km) with two separate networks, run by two separate organisations ...
Related Articles
Covering Ears to Steal Bells: Ignoring insolvency at risk of liquidation
The closest Chinese equivalent to the English idiom of ‘sticking one’s head in the sand’ is ‘covering one’s ears to steal bells’ ...
Mediation in Hong Kong
Hong Kong has been trying for over a decade to grow the commercial space’s appetite for mediation as an alternative dispute resolution (ADR) mechanism to resolving commercial disputes ...
ADR in the time of Covid-19, and why virtual and hybrid hearings are here to stay
To many practitioners’ surprise, virtual hearings have not been as difficult as feared ...
Related Articles by Jurisdiction
Latest Articles
Watch again: “Is Covid-19 taking women lawyers’ careers back to the 1950s?”
A second chance to watch….. the opening Women In Law Dialogue Series Webinars: Asia and North America time-friendly (first aired ‘live’ in August 2020) ...
Covering Ears to Steal Bells: Ignoring insolvency at risk of liquidation
The closest Chinese equivalent to the English idiom of ‘sticking one’s head in the sand’ is ‘covering one’s ears to steal bells’ ...