June Park, political economist at the National Research Foundation of Korea, explains that “even the like-minded countries of GPAI have revealed their differences and institutional variance in deploying digital technology to fight COVID-19 at a time of grave national emergency and public health crisis.”
On June 15, 2020, in the midst of the COVID-19 outbreak, 11 founding members – Australia, Canada, the European Union, France, Germany, India, Italy, Japan, South Korea, Mexico, New Zealand, Singapore, Slovenia, the United Kingdom, and the United States – came together to launch the first ever global regulatory regime on artificial intelligence (AI) called the Global Partnership on Artificial Intelligence (GPAI), hosted by the OECD as the Secretariat.
The contactless environment propelled by the COVID-19 pandemic has clearly broken the ice on a long-awaited conversation. The launch, in the absence of China, came amid brewing tensions across the Atlantic in the digital realm. The GPAI was launched in the midst of trade wars expanding into tech wars for digital technology and AI: notably, U.S. pressures on Europe to block the adoption of Huawei equipment for 5G roll-outs, Europe’s moves for digital taxation of ‘the Big Four’– U.S. tech firms Amazon, Google, Apple, and Facebook, and the U.S. targeting of General Data Protection Regulation (GDPR, effective since May 2018), Europe’s powerful legal tool equipped with strong punitive measures for global companies in breach of data protection.
While the GPAI has presented an avenue for discussion by like-minded countries on AI, several challenges lie ahead. At such a critical juncture in which an AI-driven way of life is no longer avoidable, even the like-minded countries of GPAI have revealed their differences and institutional variance in deploying digital technology to fight COVID-19 at a time of grave national emergency and public health crisis. The digital divide among the founding members was evidenced by the methods chosen by European states as they pondered launching their own apps in response to electronic tracing by Asian economies to flatten the curve.
South Korea, as a democracy, gained traction from European countries, amid misguided criticisms on the ‘authoritarian residue’ for utilizing Global Positioning System (GPS) location data from cellphones, credit card transaction history, and CCTV surveillance on its Smart Management System (SMS) developed by the country’s Ministry of Land, Infrastructure, and Transportation (MOLIT) as a spin-off of the country’s smart city projects. For example, European states largely overlooked the fact that South Korea’s conditional use and deletion of personal data use to track COVID-19 relied on public demand and a social contract written into law in the revised Infectious Diseases Prevention and Control Act (IDPCA) in the aftermath of the Middle East Respiratory Syndrome (MERS) in 2015 – combined with its Personal Information Protection Act (PIPA). Although South Korea’s SMS is strictly in line with domestic IDPCA and PIPA, it would not be fit for application in Europe, as GPS data use would be unfathomable under the EU’s GDPR.
Given the rapid spread of COVID-19, European states came to the realization that electronic tracing is inevitable. Upon encountering some successful electronic tracing methods in Asia used to identify confirmed cases of COVID-19, European states considered launching their own apps that would use Bluetooth technology in lieu of GPS data. Initial discussions at the EU level were held in April 2020, envisioning a pan-EU app for all EU countries, but such discussion quickly evaporated and countries chose to go their own ways.
Italy was the first to launch its own app with the Application Programming Interface (API) source code from Google and Apple – a software intermediary that allows two applications to talk to each other – but without much public reception. Germany’s ‘Corona Warn App,’ launched on June 15, carried the legal basis of the processing of personal data in relation to the App – the data subjects’ consent pursuant to Article 6(1)(a) and Article 9(2)(a) of GDPR. The Bluetooth-based app was developed by Deutsch Telekom and SAP, also based on the API source code from Google and Apple (based on a limited version of Bluetooth technology), which cost the German government 20 million Euros. France came up with its ‘StopCovid App,’ developed by INRIA (Institut national de recherche en sciences et technologies du numérique), upon receiving a green light from the CNIL (Commission Nationale de l'Informatique et des Libertés) on GDPR-compliance, with some reservations. The UK has tried to develop its own app since May 5, but eventually reversed its decision on June 16 to follow Germany’s path to work with Apple and Google in developing an app based on the API source code. GDPR would still apply to UK entities even if a ‘No-Deal Brexit’ is materialized, as it applies globally, and a UK corona app would be subject to GDPR if the app is used by EU citizens, although the UK would not be part of the future revisions of the GDPR. The reception of these apps varied significantly across borders, as measured by the rate of downloads.
The varied steps taken on COVID-19 tracing apps in Europe – a trend which should increase as the digital transformation into AI is accelerated in the contactless environment of the pandemic – attests to the foreseen difficulties of policy convergence or cooperation on digital issues. In Europe, where there is strong resistance against the use of personal data by the government or big tech, it has been demonstrated that the efficacy of the tracing apps is not prioritized, but rather lost as GDPR is the precondition for use even under the circumstances of emergency. Not only is mobilizing public support for usage of the app difficult, but the lack of voluntary participation in utilizing tech to fight the virus also raises questions on the original purpose of the apps, which are intended to close the gap between the speed of analog contact tracing and the unprecedented pace of mutation and reproduction of the virus. If tracking technologies in the case of Corona apps – a digital method that does not necessarily involve machine learning or deep learning – brings about this much of policy divergence, it goes without saying that machine learning-enabled AI adoption will bring about more social unrest in Europe.
While COVID-19 clearly serves as South Korea’s ‘MERS moment’ for Europe, the region remains caught up in the debate on the choice between personal data protection and public health safety in favor of saving lives. In the accelerated AI-driven era of COVID-19, trade wars are spilling over to tech wars, and global convergence on regulating AI is unlikely. Under such circumstances, there must be considerations to deploy conditional data use in times of national emergencies under the revised version (in particular Article 6) of GDPR for Europe, whereby protecting the lives of EU citizens must be prioritized. Digital proficiency may pave the way for more efficacy and participation in Europe and lessen the reliance on digital monopolies.
No comments:
Post a Comment