New book on African Data Privacy Laws

A new book—African Data Privacy Laws (ed) Alex Makulilo— has been recently published by Springer. This volume presents analyses of data protection systems in 20 jurisdictions in Africa. In addition, it covers all sub-regional and regional data privacy policies in Africa including the recently adopted African Union Cyber Security and Data Protection Convention 2014.
Apart from analysing data protection law, the book focuses on the socio-economic contexts, political settings and legal culture in which privacy laws developed and operate in Africa. It bases its analyses on the African legal culture and comparative international data privacy law. This book promises to be a valuable source of literature about privacy and data protection law in Africa and its recent developments of which I am happy to have contributed the chapter on Nigeria.

Unlocking Wi-Fi Encryption during Disaster Response Operation: Implications for Privacy and Information Security

Link

 

Responding to natural disasters has always been a very difficult and compassionate task. This is especially so when there are high death toll and colossal damage to property as recently witnessed in the 6.2 magnitude earthquake that struck central Italy and killed close to 300 people.[1] As always, on-the-ground activities are necessary for such emergencies, involving civil protection agencies, humanitarian organizations, and volunteers who quickly engage in search and rescue activities as well as other physical assistance to the victims and their community. But sometimes despite these rapid disaster response efforts, telecommunications breakdown can undermine humanitarian activities as seen, for instance, in Haiti in 2010.[2] The ability of the response team to communicate and use ICT devices is usually vital in the aftermath of a disaster and the impact of ICTs at such point cannot be overlooked.  In some cases, the deployment of ICTs is  indispensable, ranging from the use of drones to the activation of Facebook’s Safety Check and other online activities such as crowdsourcing and mapping of real-time information.

The recent earthquake in Italy, however, brings this to a new dimension: in the course of the response operations, the Italian Red Cross posted a message on its Twitter account asking residents within the affected locations to unlock their Wi-Fi network, including a step-by-step guide on how they can switch off their Wi-Fi network encryption.[3] The aim of this action is to facilitate communications and rescue operations, and this request was retweeted 3039 times at the time of this writing. A similar request was reportedly made by the Italian National Geological Association and Lazio Region.[4] It is noteworthy that this is not the first scenario that such a call had been made during a disaster response operation. In 2013, one NGO, Disaster Tech Lab, tweeted a called for people to open their Wi-Fi networks in the wake of the Boston bombing.[5] The tweet got minimal attention and was only retweeted 20 times, apparently because this organization is not as popular as the Red Cross.

While it was good news that the Internet functioned amidst such an enormous damage caused by the Italian earthquake, the call for opening up private Wi-Fi though with good intentions may have other risk implications on privacy and information security of the residents. Although such concerns may appear trivial when weighed against the massive damage caused by the disaster and the need for the rescue operations to go on smoothly in the short term, the long-term effect of having unencrypted networks in the whole neighbourhood cannot be overlooked. Especially, if no conscious efforts are made in the post-response phase of the disaster to ensure that residents lock back their network properly. As pointed out already by one commentator on Twitter, a malicious user in such cases could cause havoc for the owner of the network such as: sending illegal communications through such an open network; downloading illegal material; breaking into all the computers on the network; controlling any Internet-connected device on the network and/or hacking them as well as monitoring all communications traffic on the network.[6]  The implications of the above may not be trivial,[7] especially as many of the residents may not have adequate knowledge of what information security breach entails. Privacy implications of surveillance when the network communications and devices are monitored without the owner’s knowledge may be huge and could last for a long time.

Amidst this unprecedented calls, experts have suggested others less intrusive alternatives such as setting up a guest access point on the wireless network which may not require a password to log on.[8] Although this may not be easy to set up by a good number of WiFi owners, the risk is not absolutely zero because creating such access points may mean that the guest will use the owner’s traffic and might lock the account. Furthermore, the issues of responsibility and misuse such as downloading illegal material are still present. In Germany for instance, the Federal Court of Justice ruled in the Sommer unsere Leben decision [9]  that the private owner of a WLAN has the duty to examine the internet connection for reasonable security measures against the risk of unauthorized use and copyright infringement, which at the minimum, requires sufficient password-protection on the network.[10] Although the recent ruling by the Court of Justice, EU in Tobias Mc Fadden v Sony Music Entertainment Germany GmbH,[11] indicates that a private person that provides a free WiFi could benefit from the mere conduit exemption under Article 12 (1) of e-Commerce Directive, such a person is in principle, not precluded from an injunction which requires him on pain of payment of a fine to prevent third parties from infringing copyright via his Internet connection through technical measures such as password-protecting the network. He may also be required to reveal the identity of users of his network.

To tackle this problem in the context of disaster management, a long-term solution is necessary. A solution that will be managed by the Internet Service Providers (ISPs) and that will be less cumbersome and risky for the end users. For example, a solution where the ISPs make Wi-Fi endpoints part of the end users’ Internet router.[12] Essentially, this means that the modem that the ISPs give their customers also function as router units that may also be public hotspots. In this scenario, the combined modem/router unit will create two separate Wi-Fi networks — one will be the home Wi-Fi network, while the other will serve as a “public” network where others such as the emergency responders could connect and access the Internet. In general, this feature allows any of the ISP’s client to securely access the Internet through any of the ISP’s Wi-Fi endpoints including the ones in individual’s homes. Although the same physical hardware is utilized, this is considered an entirely separate connection and the traffic coming from the public Wi-Fi network will not be counted against the home owner’s bandwidth cap. Besides, it is the ISP that authenticates the users of this public network and manages the isolation of people connected to the public network from the private Wi-Fi network.  The ISPs have large security resources to secure the network as a whole.

This solution is already in place in some parts of the world. In Europe, ISPs such as Telenet, Proximus, BT, SFR, Fon, Telekom, free.fr, etc., have implemented this feature. The US Comcast’s XFINITY Wi-Fi also has it. Even though such services were not primarily developed for emergency situations, they could afford a more secure and less intrusive solution in accessing the Internet during disaster response operations.

On a broader scale, however, emergency response teams should proactively include Internet access policy in their activities. This will give them the opportunity to have a plan for Internet access during emergencies. There are existing platforms which could be currently utilized such as the global solution provided by emergency.lu[13] or by the Disaster Tech Lab’s Disaster Communication Services.[14] As rightly concluded by one commentator, “As the world becomes increasingly Internet-dependent, this discussion is not going to go away. With proper precautions in place, the Italian Red Cross’s initiative is admirable and even sensible, but in an emergency, depending on neighbors for vital communications isn’t a sustainable strategy.”[15]

 

Acknowledgment: Research leading to this blog received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 653748. www.carismand.eu

 

 

 

[1] https://www.theguardian.com/world/2016/aug/27/italian-earthquake-corrupt-builders-blamed

[2] http://emergency.lu/index.php/about/vision-principles

[3] https://twitter.com/crocerossa/status/768387275654885376

[4] http://www.bbc.com/news/technology-37186290

[5] https://twitter.com/DisasterTechLab/status/323927304172605441?ref_src=twsrc%5Etfw

[6] https://twitter.com/Cab4Now/status/768510122033311744

[7] http://www.howtogeek.com/132925/htg-explains-why-you-shouldnt-host-an-open-wi-fi-network/

[8] http://www.wired.com/2016/08/safely-open-wi-fi-network-disaster/

[9] https://openjur.de/u/32452.html

[10] https://www.2b-advice.com/LLC-en/Privacy-News/Training/n/5233/d-german-federal-court-of-justice-decides-on-security-measures-for-private-wlan-access

[11] http://curia.europa.eu/juris/document/document.jsf?text=&docid=183363&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=825214

[12] http://www.howtogeek.com/184727/your-home-router-may-also-be-a-public-hotspot-dont-panic/

[13] http://emergency.lu/

[14] http://disastertechlab.org/

[15] http://www.wired.com/2016/08/safely-open-wi-fi-network-disaster/

Developing a risk assessment methodology for data protection

It appears that all parties involved in the current negotiations of the proposed data protection regulation are happy with the risk-based approach adopted in the proposal. If the Council’s amendments make it in the final draft of the regulation, then data controllers under certain circumstances will have one more thing to worry about. They will be obligated to proactively carry out a data protection impact assessment (DPIA) before processing certain types of data that may present high risk to the data subjects. This precautionary approach is meant to strengthen the accountability requirements in the regulation, and to instill a risk management culture among data controllers. Weiterlesen

Challenges in Integrating Patient Generated Health Data into Clinical Workflow

Patient Generated Health Data (PGHD), that is, data captured outside traditional healthcare settings has been attracting a lot of attention lately. Although not a new phenomenon, for in the past, many patients have recorded and shared their health information with their care providers, however, the proliferation of smart phones, remote monitoring devices, downloadable apps and ubiquitous networks are enabling massive growth of PGHD. Few days ago at its annual conference for software developers, Apple announced that it will roll out a new HealthKit platform that is intended to bring a lot of third-party apps into one place so that a blood-pressure reading from one app might trigger an alert and prompt a call from the doctor. A similar instance in the past has shown the likely saving of a patient with chronic heart failure when clinical staff responded immediately to data from an electronic scale in the patient’s home alerting them to her potentially dangerous overnight weight increase. Remote monitoring has shown to be valuable in the treatment of diabetic and heart failure in a number of cases. This is really a way of empowering the patients: a tremendous shift from the paternalistic healthcare model where only the physician is responsible for sickness diagnosis, treatment prescription, as well as compliance assurance that treatment is carried out as prescribed. With the increase in smart devices, including wearable devices that monitor vital signs, there seems to be a conscious and active engagement of patients in this new regime.

This approach to patient empowerment centres on the beliefs that patients are in charge of their own daily care and could be seen as their own de facto healthcare provider, and as such should be viewed as autonomous and equal members of the healthcare team, whose special expertise (knowledge of self) is central to the efficient management of their health. This is important because of the interwoven nature of healthcare with the social, emotional, cultural, psychological, and demographic fabric of a patient’s life, and as such, effective health management would be difficult to achieve if the patient is passively involved in the decision making.

Be that as it may, ICTs are playing a very significant role in this process. For example, the Internet has immensely improved informational access to patients, and encourages their effective participation in healthcare debates by providing a social and networking platform such as patientslikeme.com and 23andme.com, where patients interact with one another as well as share information. The impact of ICTs here could be seen in twofolds: one is by providing a platform that will integrate the vast amount of informational resources openly available, as well as the computational capabilities that are required for analyzing individual patient’s data in order to generate appropriate knowledge that will allow him/her to make an informed decision (clear and personalized documentation). The second is by providing a platform for patients to generate their own health data that might be useful for their healthcare. This means creating data that was hitherto generated in the clinics.

However, the big question in this respect is how to make use of the e-health transformations so that on the one hand, access to EHRs that are mostly used in-house or among healthcare professionals will be given to the patients via their home health apps or devices, and on the other hand, how to seamlessly integrate the vast amount of information that will be generated by the patients into the clinical workflow that will be useful for both them and the healthcare provider (HCP). There appears to be a lot of challenges in actualising this vision of integrating PGHD into the clinical workflow. First is the regulatory concern that these health apps and smart devices are not certified as medical devices. At least under the European Medical Device Directive, any device or software, whether used alone or in combination, which is intended for diagnostic and/or therapeutic purposes, and to be used for human beings for the purpose of: diagnosis, prevention, monitoring, treatment or alleviation of disease is a medical device. Similar rules apply in the US. Most app developers may not be aware of this, and in a number of cases are not within the reach of law enforcement, as they make use of cloud facilities to host their apps in other jurisdictions. It is also not certain that these smart phones and other devices have gone through any certification process as medical devices as they were not originally manufactured for health purposes. This means that the assurances and validation requirements for offering of these products in the market as medical devices are lacking in these apps and smart devices.

Apart from the certification concern, there are also issues with EU data protection and security law. In a number of scenarios, the app developers and smart devices manufacturers will fall within the definition of data controllers under EU law, which requires that they have legal bases for the data they are processing, as well as maintain certain data protection principles such as purpose limitation. It is also not clear whether appropriate technical and organizational data security measures have been put in place for the transmission and storage of data from patient to these devices and their backends. This is very critical for HCPs in order to integrate PGHD into their clinical workflow. As this is absolutely reliant on interoperability of the health information system with third party systems, there is the possibility of introducing a weak link in the system where sensitive data is processed. So far, there seems to be no universal standards to seamlessly transition between these environments regarding standardized security and privacy protocols. Regarding medical ethics, it is also doubtful whether users of these devices and apps have obtained the required information and counseling they may need as to the nature of the information they are generating, including the psychological impact it may have on them. This also impacts on the nature of informed consent obtained from the users, which may be questionable under ethical guidelines.

One other issue that HCPs would have to consider before integrating PGHD into their clinical workflow is the reliability and liability for information generated by patient outside their control. What would be the legal liability for clinicians relying or not relying on PGHD? The Project HealthDesign research team has outlined some of these liability-related concerns to include:
• Timeliness and cost, that is, whether HCPs have an obligation to respond to any findings based on such information, and whether they are responsible, if support staff fails to respond or inaccurately interpret data. Relatively, will HCPs be reimbursed for the time spent in reviewing or responding to the finding from PGHD?
• Volume of data and adequacy of responses, that is, whether HCPs could manage the unstructured and voluminous nature of the data captured by these apps and devices, and if so, whether it is possible to respond in a timely manner in view of the work load they already have.
• Accuracy, that is, whether HCPs should trust the accuracy of PGHD irrespective of possible inadvertent actions that could compromise data integrity.

Furthermore, semantic interoperability is yet to be addressed as there is no universal standard for PGHD stakeholders. Patients, app developers, EHR vendors, clinicians, and others do not know precisely what standards would be needed to support PGHD given the nascent and fragmented status of this area. The basic question will be whether the existing technical standards for interoperability among clinical information systems and data exchanges will be adequate and adhered to by the developers and implementers of the PGHD tools or should a new standard be developed.

As events are unfolding in this area, one thing is sure: there is need for more education of all the stakeholders. An American Medical Association policy from 2010 on the use of PGHD by physicians has tried to weigh into the conflict by stating that the physician is responsible only for the use of PGHD that the physician has actively chosen to incorporate into the patient-physician relationship. This is just one step to finding a lasting solution. A lot still needs to be done at harmonising the rules globally. The patients will need to understand the intricacies of these tools, while the app developers and smart device manufactures will have to adhere to the regulations in order to give the required assurances. Additionally, HCPs will need clear guidance on how to modify their systems to incorporate PGHD, and to identify best practices in this regard. There is light at the end of the tunel as the current US Federal Health IT Strategic Plan has the empowerment of individuals with health IT in focus.