Pedestrians wearing masks to prevent the spread of the coronavirus disease (COVID-19) walk in a shopping district in Seoul, South Korea. Photo: Reuters/Kim Hong-Ji
On May 11, 2015, a 68-year-old South Korean businessman, recently back from the Arabian Peninsula, went to a hospital with symptoms of fever and cough. After four more visits, he was finally admitted to a hospital in Seoul with pneumonia, and on May 20, he was diagnosed as infected with the Middle East respiratory syndrome (MERS) coronavirus first reported in Saudi Arabia in 2012. The day after this first confirmed MERS coronavirus case, the South Korean government confidently announced that the situation was “under control.” Yet, as seems all too familiar to those of us who lived through 2020, the country lacked a national strategy to control the outbreak. To make things worse, during the initial phase of the outbreak, the government withheld most of the information regarding MERS patients, leaving hospitals and local governments scrambling to identify patients and potential contacts. This lack of transparency eviscerated trust, as well as any hope of effective contact tracing and disease control. The result was 186 infections and 38 deaths in South Korea, the biggest MERS outbreak outside Saudi Arabia.
This system has allowed tracking and investigation of confirmed COVID-19 cases in less than 10 minutes, rather than a day or more before the EISS. Data privacy and security are ensured by making sure that only KDCA investigators with the necessary legal authority can access the EISS, and by logging every system access for security incidents. To minimise the collection of personal information, the maximum data collection period for each case is set at 14 days, the incubation period of the disease. And the system is temporary: At the end of the COVID-19 pandemic, all the personal information will be destroyed.
Second, South Korea has been using a smartphone app to monitor compliance by those under isolation or quarantine—those confirmed to have COVID-19, those in close contact with a confirmed case, and international travellers. Throughout the pandemic, South Korea has not closed its borders to any international travellers entering the country. Instead, it has implemented special entry procedures mandating a 14-day self-quarantine and free COVID-19 testing to prevent spread. The Self-Quarantine Safety Protection App is a two-way app that enables the quarantined person to report any symptoms and the designated case officer to monitor the individual’s quarantine compliance via GPS-based location data with consent. While quarantine compliance monitoring via the app is strongly recommended, it is not mandatory. Those without smartphones or those who wish to opt out can be monitored via the traditional method of phone calls by a case officer. Still, the adoption rate of the app was at 91.8% as of Sept. 1, and both South Koreans and travellers are reassured by knowing that those at risk of spreading COVID-19 are compliant with self-quarantine measures.
Third, South Korea has made special efforts to provide accurate COVID-19 information to the public. Twice-daily official government briefings ensure that the public receives the most up-to-date and accurate information related to COVID-19. In addition, a consortium of South Korea’s police, health, and communications agencies is operating a situation room to monitor COVID-19-related fake news on major websites. The government has also requested that key international internet platforms including Google, Facebook, and Twitter prioritise official COVID-19 information by the government, which they have done.
Privacy concerns
Of course, this is not to say that South Korea got everything right. Its use of location data to track COVID-19 cases has raised privacy concerns, and the Self-Quarantine Safety Protection App was found to have security flaws (which were subsequently fixed). Generally, however, South Koreans appear to be satisfied with the government’s COVID-19 response and have not experienced any critical privacy or security violations. In fact, a survey by a leading South Korean policy think tank, STEP I, found that South Koreans now favour continuous public health measures for infectious disease control, including health surveillance.
These measures of coordination, communication, and collection of location data could work in the United States, but they have been held up by poor national leadership and fears of infringement on civil liberties and privacy rights. The Biden administration has promised a return to science-based effective leadership, but fears of public health surveillance remain. We share many concerns about the dangers of surveillance, but properly constrained, temporary public health surveillance is the only way to fight a deadly pandemic. For this to work, we have to be able to trust public surveillance, particularly the way that public authorities use the sensitive personal data about our health and location that an effective system requires. This erosion of trust is why only 42% of Americans support using contact-tracing apps, stating concerns about what both tech companies and the government might do with the data. In fact the uptake of these apps in available states is even lower, with download rates ranging from 1 to 13% of state populations despite the privacy-preserving features of many apps. Moreover, without any coordinated national strategy, not all states’ apps are interoperable through a common key server.
By contrast, despite its own flaws, South Korea’s COVID-19 health surveillance is operating on a foundation of the strong public trust rebuilt in the years following the MERS disaster. After that failure, Korea’s public health law was amended to “mandate” public disclosure of information such as “movement paths, transportation means, medical treatment institutions, and contacts of patients of the infectious disease” once an infectious disease crisis reaches a certain level. Transparency of this kind of data does carry an inherent tension with privacy risks, but South Korea’s emphasis on information transparency is safeguarded by one of the strongest comprehensive data privacy laws in the world, its Personal Information Protection Act. In addition, its public health law includes provisions that ensure rigorous protection of personal data—making sure it is used to help fight the pandemic and not for any other purpose. By contrast, the U.S. lacks a comprehensive federal data privacy law, and during the early phase of the pandemic, Congress scrambled to introduce multiple contact-tracing data privacy bills without success.
This piece was originally published on Future Tense, a partnership between Slate magazine, Arizona State University and New America.