Digital Watch newsletter – Issue 49 – April 2020

Home | Newsletters & Shorts | Digital Watch newsletter – Issue 49 – April 2020

Download your copy

EN FR

Each month we analyse hundreds of unfolding developments to identify key trends in digital policy and their underlying issues. These were the trends in April.

LATEST: ICANN stops the sale of .org 
On 30 April, the Internet Corporation for Assigned Names and Numbers (ICANN) decided to reject the proposed sale of the .org registry from the Internet Society to equity firm Ethos Capital. After months of controversial policy debates on what many saw as an attempt to privatise a public resource, this decision opens many questions on the future of the Internet Society, ICANN, and the overall domain industry. Read more.

1. Tackling misinformation and protecting media freedom in a time of crisis

Since the beginning of the COVID-19 crisis, misinformation and unproven theories about the virus, its origin, and ways to prevent or cure the disease have been spreading online at a fast pace, leading to what UN Secretary-General Antonio Guterres recently called a ‘global misinfo-demic’. Misinformation remains an important concern for governments, intergovernmental organisations, and Internet companies, as they take new measures to tackle it.

The World Health Organization (WHO) has launched a chatbot on Facebook Messenger to connect people to credible COVID-19-related information on social media. Governments are also launching chatbots to provide reliable information to their citizens, for example the USA, India, and Spain.

Internet companies have committed to taking new actions to help curb the spread of misinformation. Facebook announced it will start alerting users about COVID-19 misinformation, while WhatsApp has imposed a limit on message forwarding to slow the spread of fake news. Twitter has broadened its guidance on unverified claims, noting that content which has ‘the potential to incite people to action, could lead to the destruction or damage of critical infrastructure, or cause widespread panic/social unrest may be considered a violation of [its] policies’. 

Governments around the world have started to implement tougher measures against misinformation. The United Arab Emirates, for example, has announced larger fines for those who share medical disinformation about COVID-19 (up to US$ 5500) and India started arresting citizens who post fake information about Coronavirus on social media.

But some of the measures taken by governments in this context have led to concerns related to freedom of expression and media freedom. Excessive criminal penalties for the spread of misinformation, restrictions on journalists’ access to information, attempts to ban opinion articles, and other such measures are looked at with concern, as they are implemented around the world. Data collected by the International Press Institute by the end of April 2020 shows that there were 152 cases of media freedom violations, ranging from verbal or physical attacks against journalists to censorship and even arrests and charges.

The Council of Europe (CoE) and its Commissioner for Human Rights have called on governments to ensure that exceptional measures introduced during the crisis do not undermine freedom of expression and media freedom, and that any such measures will be lifted as soon the crisis has passed. 

2. Privacy in the spotlight: from data hacks to data tracing apps

Issues related to privacy and data protection have been in focus in April. Data hacks were revealed, Internet companies announced updates to their privacy policies, and measures taken in the COVID-19 context raised privacy challenges.

The Marriott hotel chain disclosed a major security breach that may have exposed personal data (e.g. names, phone numbers, birthdates) of 5.2 million guests.[ Cybersecurity company Cyble found the identities of 267 million Facebook users on sale for €500.[ Similarly, the personal data of Iranian and Pakistani citizens went up for sale on the dark web. These few examples of data hacks show that individuals and organisations remain vulnerable to cyber-attacks and that stricter measures need to be taken to strengthen security practices.

Several tech companies have recently introduced changes to their privacy practices. Video-conferencing company Zoom, heavily scrutinised during the COVID-19 crisis (having acquired a significant number of new users over the past few months), announced a series of new privacy measures. Twitter sparked controversy after removing a privacy feature that allowed all users to disable sharing of some information with advertisers (such as the ads seen by the user); such information will now be shared by default, except for users in member states of the EU and the European Free Trade Association, and the UK.

Most privacy-related developments in April were connected to the COVID-19 pandemic, as some of the measures explored or taken by governments to control the pandemic have privacy implications. More and more countries are implementing contact-tracing apps to help in the fight against COVID-19. While many agree that using technology to track infections and their routes is essential, concerns have been raised over issues such as the type of data made available via tracing apps, whether such data is collected by tech companies or governments, and whether such measures are temporary or could open the door to mass government surveillance. Read more on pages 7–9.

Concerns have also been raised with regard to the processing of health data and the way in which tech companies share data with authorities. In this context, entities such as the European Data Protection Supervisor, the European Data Protection Board, and the Electronic Frontier Foundation have issued guidelines and recommendations on protecting privacy when processing health data or aggregating location data. Google announced measures to ensure that location data sharing with health authorities respects privacy. Facebook also launched new tools to help health researchers track COVID-19, while respecting privacy.

3.Digital policy discussions are moving online

The COVID-19 pandemic has prompted governments to impose lock-down measures which now span months. As a consequence, some digital policy events have been cancelled or postponed, while others have been moved online. In April, for instance, the Global Privacy Summit and the Internet Freedom Festival were cancelled, the World Summit on the Information Society Forum was postponed, and the World Intellectual Property Day and UNCTAD E-commerce Week shifted online.

Online meetings pose both opportunities and challenges. They can foster more inclusiveness, as more people can participate more easily. But, as the number of online events and discussions increases, several questions need to be answered: How many online meetings can a person be expected to attend? How effective are such meetings? And to what extent do people actually participate? Considering issues such as attention spans and fatigue could be essential in improving online meetings.

There are also many security and privacy aspects that impact online meetings in one way or another. How to protect the confidentiality of online discussions and how to ensure that online meetings are not disrupted by bad actors (as has been the case with the so-called Zoom-bombing) are just two of the issues that meeting organisers and tech companies are trying to address.

When intergovernmental organisations host online meetings, this also brings diplomatic challenges. Diplomatic protocol and rules of procedures have to adjust to online settings to ensure the appropriate conduct of meetings. Challenges inevitably appear with facilitating online negotiations or organising secure online voting.

Diplo’s Conference Tech Lab has developed a guide to help organisations effectively transition from onsite to online meetings.

Online meetings

Digital policy developments

The digital policy landscape is filled with new initiatives, evolving regulatory frameworks, and new legislation and court judgments. In the Digital Watch observatory – available at dig.watch – we decode, contextualise, and analyse ongoing developments, offering a digestible yet authoritative update on the complex world of digital policy. The monthly barometer tracks and compares the issues to reveal new trends and to allow them to be understood relative to those of previous months. The following is a summarised version; read more about each development by clicking the blue icons, or by visiting the Updates section on the observatory.

Global IG architecture


same relevance

The International Telecommunication Union (ITU) and the office of the UN Under-Secretary-General Fabrizio Hochschild launched a series of webinars on digital co-operation in response to COVID-19.

Sustainable development


increasing relevance

The annual report of the UN Conference on Trade and Development shed light on development and the digital economy. The UN Economic and Social Commission for Asia and the Pacific released a Digital and Sustainable Regional Integration Index.

The United Nations Economic Commission for Africa and the Global Partnership for Sustainable Development Data partnered to strengthen Africa’s data system.

The Broadband Commission for Sustainable Development called for action to extend Internet access and boost capacity to fight COVID-19. The Alliance for Accountable Internet issued recommendations on enhancing Internet access.

The ITU released a report on the role of digital technologies in protecting the environment.

Security


same relevance

The UN Under-Secretary-General called for a ‘digital ceasefire’ during the COVID-19 pandemic.

UNICEF warned of increased child vulnerability during the pandemic.

USA and Australia issued joint guidance on detecting and preventing web shell malware. Energy company Energia de Portugal was hit by ransomware. Signal may leave the USA if the EARN IT Act passes.

E-commerce and Internet economy


increasing relevance

Airbnb extended the refund window due to COVID-19. Uber launched Work Hub to help drivers find work. Ride-hailing companies devised approaches to compensate workers during the pandemic.

Indonesia accelerated digital tax reforms amid the COVID-19 outbreak.

Facebook announced changes to its Libra cryptocurrency plans. The G20’s Financial Stability Board outlined draft recommendations for global stablecoin arrangements. The People’s Bank of China launched internal tests for its central bank digital currency.

Google will require all advertisers to complete a verification process.

Digital rights


increasing relevance

New data breaches exposed data of Marriott guests, Facebook users, and Iranian and Pakistani citizens.

Zoom and Twitter announced changes to their privacy policies.

Brazil postponed the entry into force of the General Data Protection Law.

Contact tracing apps generate privacy concerns around the world. The European Data Protection Supervisor called for a pan-European COVID-19 mobile app. The European Data Protection Board adopted guidelines on health data processing and on geolocation and other tracing tools. EU member states developed a toolbox for the use of contact tracing apps.Apple and Google clashed with France and the UK over tracing apps and privacy issues.

The CoE published guidance on freedom of expression and information in times of crisis. Google and Facebook launched funds to support news outlets.

The World Wide Web Foundation and the World Association of Girl Guides and Girl Scouts called for a safer online space for women and girls.

Jurisdiction and legal issues


increasing relevance

A US judge decided that Twitter cannot reveal surveillance requests from the government.

The Washington Attorney General sued Facebook over political ads.

The UK Supreme Court ruled that employers are not liable for employee data leaks.

A French court limited Amazon deliveries to essential goods amid COVID-19 risks. The Court of Justice of the EU ruled that AmazonMarketplace does not infringe trademark rights by storing goods.

The French competition authority ruled that Google must pay publishing companies and news agencies for reusing content. Australia announced it will require digital platforms to pay media outlets for reusing content.

Infrastructure


decreasing relevance

The US Federal Communications Commission (FCC) approved Google’s use of the Pacific undersea cable segment. US federal agencies called on the FCC to revoke China Telecom’s licence.

ICANN decided to withhold consent of the transfer of the .org registry from the Internet Society to Ethos Capital.

New technologies (IoT, AI, etc.)


increasing relevance

The World Wide Web Consortium published ‘web of things’ recommendations.

The CoE adopted a recommendation on the human rights impacts of algorithmic systems. The Institute of Electrical and Electronics Engineers (IEEE) issued a statement regarding the ethical implementation of artificial intelligence (AI) systems for addressing the COVID-19 pandemic.

The US Defense Advanced Research Projects Agency launched a programme exploring AI robustness against adversarial deception attacks. The US Army announced it will study human-AI interactions.

Argentina’s Central Bank started testing a blockchain-based payment settlement solution.

IBM and the National University of Singapore launched a partnership on quantum computing. RAND report sheds light on communications security in the quantum computing age.

A digital take on Earth Day

As a response to travel restrictions and stay-at-home measures, the celebrations of Earth Day (22 April) were moved online. In addition to digital climate strikes, the marking of the 50th anniversary of Earth Day consisted of a series of online events, including a 72-hour livestream Earth Day Live that featured training sessions and multimedia artist performances.

Gaming and the environment

The digital edition of Earth Day was regarded as an opportunity to reach out to wider audiences and open up to the online community. For instance, it engaged the gaming industry, whose role in environmental sustainability has already been explored in the Playing for the Planet report released in 2019 by the UN Environmental Programme and the Norwegian foundation GRID-Arendal. With over 2.3 billion users, which  represents about 30% of the world’s population, the industry offers ample opportunity for greater outreach and awareness on environmental issues. Video games such as World Rescue, supported by the United Nations Educational, Scientific and Cultural Organization (UNESCO) and the Mahatma Gandhi Institute of Education for Peace and Sustainable Development, and My Green World give players the opportunity to explore issues of deforestation, drought, and pollution.

Another similar global initiative is Mission 1.5, centred on a mobile game that strives to educate people on climate change. It was launched in February 2020 by the UN Development Programme in collaboration with the University of Oxford and Twitter.

Frontier technologies lead the way on climate action

To mark the anniversary, the ITU published a report entitled Frontier technologies to protect the environment and tackle climate change that assesses the role of emerging technologies such as AI, the Internet of Things (IoT), 5G, digital twins, and robotics in meeting the needs and demands of the world’s population while also tackling some of the needs of our planet. While there is certainly room for improvement in terms of what tech can do for the environment, it is already making significant contributions towards the preservation of biodiversity and sustainability.

For instance, big data and AI algorithms can and are being used to monitor and preserve endangered species on land, as well as provide early warnings of natural disasters such as earthquakes, wildfires, floods, and droughts. Data collection and satellite imagery tools contribute to ensuring ocean sustainability by preventing overfishing and by monitoring the health and pollution levels of marine ecosystems and ocean habitats. Smart grids powered by AI are being used to monitor trends in energy consumption and ultimately reduce greenhouse gas (GHG) emissions.

In addition to AI and big data, another emerging technology that is already transforming the approach to environmental sustainability is the IoT, although the term ‘Internet of Environment’ might be more appropriate in this case. Sensors connected to the Internet have been used to monitor and prevent deforestation that accounts for 15% of global GHG emissions. The IoT has also proven to be useful in tracking endangered animals, monitoring animal behaviour, and implementing smart security and surveillance systems. 

Digital for circular economy

No discussion on climate action and environmental sustainability would be complete without mentioning how digital transformation could facilitate the transition from the current linear economic model towards a more circular one where resources are reused. At present, according to a Gartner survey, machine learning is considered the most used type of digital technology in the context of the circular economy, accounting for 33% of total use. This is followed by advanced analytics and IoT with 32% and 27%, respectively, as these technologies help monitor the use of resources and repair rather than replace damaged products. 

In the coming years, as illustrated by the graph, much hope will be placed in blockchain and AI for generating circular goods and services.

DATA ANALYSIS Fighting pandemics: contact tracing in the spotlight

As the COVID-19 outbreak continues, new measures on how to mitigate the risk of infection and halt the spread of the pandemic are emerging. One of the measures that has attracted attention is contact tracing. We look at where and how tracing apps are implemented or planned around the world.

What is contact tracing and what are its implications?

Contact tracing refers to the identification of people who might have come in contact with an individual who has contracted a virus. Previous pandemics, including the Ebola outbreak in West Africa, have already seen such practices either through the traditional approach where health workers identify individuals who have been exposed to the virus or through the use of smartphone apps. In practice, this helps detect other users of the app who are in close proximity, with the aim of determining whether people have been in contact with others who have the virus, so they can get tested or quarantined and thus limit the further spread of infection.

As countries recommend or impose the use of such apps, many concerns have been raised about their human rights implications, in particular with regard to user privacy, data disclosure and security (e.g. risks of data manipulation through cyber-attacks and identity theft), and surveillance. Can such apps identify individuals? Should the data collected be shared with public authorities, or stored only on the users’ devices? If the data is centralised, what safeguards are in place to ensure that it is not used for other reasons? Can governments or private companies abuse these apps to track users for other purposes as well? These and other questions are being asked by civil society groups, academics, and data protection authorities worldwide. They are calling on governments and tech companies to seriously consider privacy and security implications.

Different approaches to privacy protection

Apple and Google are developing a technology for tracing apps based on bluetooth that is expected to embed privacy and security protections, for example by ensuring people cannot be tracked and by storing data only on the users’ phones (as opposed to having data sent to a central location). 

At the same time, a recently created Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) group has proposed a European cross-border contact tracing solution that is said to comply with privacy legislation by facilitating data minimisation and privacy by design. This approach involves the storing and processing of data in a central location.

One point of concern around these and other apps developed around the world is related to where the data is stored and processed (i.e. whether on the user’s phone or in a central location).

Centralised vs decentralised approaches

The centralised approach in developing contact tracing apps involves the storing and processing of data on a central server, accessible to public authorities (such as healthcare services). Privacy experts have argued that this approach poses significant data security and privacy risks. Concerns have been raised, for instance, regarding potential abuses by public authorities, who might misuse the data, and by hackers who could break into the system and use the data for malicious purposes.

On the other hand, decentralised systems store anonymised data locally, on users’ phones. Although such a system poses its own risks (e.g. bad actors could eavesdrop on data exchanged locally), it is considered to be more privacy-friendly.[link] This approach is favoured by countries such as Estonia[link] and Switzerland.[linkGermany, which initially opted for a centralised approach, has recently turned to a decentralised one as well.[link] Apple and Google have also opted for the decentralised approach in their joint effort to develop a system for digital contact tracing which will be unveiled in May.[link

Other countries, such as the UK, France, and Australia prefer centralised approaches, arguing that they will provide more insight into the spread of COVID-19.

Tracing apps around the world

Data collected by DiploFoundation shows that 40 countries* have a contact tracing app in place. In more than a half (24) of these countries, the apps can be downloaded and used on a voluntary basis, while in Argentina, Turkey, and Kazakhstan, they are mandatory. This element is unclear for the remaining 13 countries, given the lack of available and credible data.

Six of these applications have been developed by private actors; other six have been created by public-private initiatives; and 27 have been developed by public institutions, including ministries of health, ministries of telecommunications, and authorities in charge of digitalisation. For the remaining country, we could not find clear information on whether the applications have been developed by the government or private actors.

A closer look: economic and trust indexes

Over 40% of the tracing apps have been developed in high-income countries such as SwedenSouth Korea, and the United Arab Emirates, while more than 30% of these solutions have been put in place in upper-middle-income countries, such as North Macedonia, Suriname, and Argentina.

Although they still do not have tracing apps in place, 18 countries have announced they would develop these solutions. The majority of them, over 66%, are high-income countries, while the remaining are lower-middle-income and low-income countries.

Of the countries ranked from 1 to 20 with regard to the overall inclusive Internet index (which covers indicators such as Internet availability, affordability, digital literacy, and trust and safety), three quarters (15 countries) have tracking applications active or under development, and all are high-income countries.

One of the sub-indicators that was most relevant to our research is trust in government websites or apps. Of the countries with the highest overall inclusive Internet index that have tracing apps in place (see the table above), only two (Singapore and Sweden) have high trust in government websites or apps. The remaining countries are ranked 25 and higher according to this indicator.

In some of the countries where tracing apps have been developed by public authorities, the high degree of trust in government apps in general could explain the uptake of the app by citizens. Singapore is an example. State authorities were among the first to develop a tracing app for COVID-19 which up till now has been downloaded by one-fifth of the country’s population.

On the other hand, South Korea is among the upper-income countries that scores high in the Internet inclusiveness index (6th overall ranking), but whose citizens manifest a very low degree of trust in government websites and apps (94th ranking). This low trust is also reflected in the growing weariness and concerns that are emerging over privacy.

Other uses of contact tracing

The use of contact tracing apps as a basis for potential immunity passports (i.e., certificates that would serve as proof that one has developed immunity or is protected from COVID-19 infection) is another issue that has gained considerable attention over the past few weeks. Such discussions have already emerged in Malaysia, for instance, where it has been announced that applications for interstate travel will be conducted through the app. This, however, will not replace the justification for travel that needs to be given to the authorities.

WHO has warned against immunity passports arguing that at present there is no proof that ‘recovered patients are shielded from the virus’ and that travel could aggravate the spread of the pandemic.

* This study relies on data collected until 1 May 2020. The field is fast evolving with daily developments. The maps and charts will be updated accordingly.

The state of tracing apps around the world and their implications will be addressed in a Right On webinar on 6 May 2020, at 13:00 UTC. Join the discussions.

Policy discussions in Geneva

Due to the COVID-19 crisis, no in situ events were held in April. However, Geneva-based organisations adjusted quickly and started delivering online events. The global focus on health and humanitarian issues has increased the relevance of Geneva dynamics for global governance. The following updates cover the main events of the month. For event reports, visit the Past Events section on the Digital Watch observatory.

Online events

Protecting Data against Vulnerabilities: Questions of Trust, Security and Privacy of Data | 22–23 April 2020

The Road to Bern via Geneva initiative continued with a second dialogue focused on data protection issues, co-organised by the World Intellectual Property Organization and the International Committee of the Red Cross. This and subsequent dialogues – on data commons (26 May) and the use of data (23 June) – will feed into the 2020 UN World Data Summit (18–21 October, Bern). More than 100 diplomats and experts emphasised the need to specifically confirm data protection immunity on data used and held by international organisations, as well as the importance of leveraging Geneva’s multistakeholder dynamics to ensure inclusive data protection discussions. Read our report from the event.

Multilateralism in the time of COVID-19 | 24 April 2020

Organised by the UN Office at Geneva in the context of the International Day of Multilateralism as part of the UN75 Initiative, the online conversation noted that while the world is increasingly turning to unilateralism, multilateral co-operation is more important than ever during the COVID-19 pandemic. Enhancing inclusivity, diversity, equity, and efficiency in multilateral co-operations is a way to put an end to the pandemic as well as to restore trust in multilateralism. Read our report from the conference.

eWeek of Online Events: Dialogues, Webinars, and Meetings | 27 April–1 May 2020

A modified version of the annual eCommerce Week, organised by the UN Conference on Trade and development, eWeek discussed digital solutions and policies to help the world recover from COVID-19, focusing on the digital economy, e-commerce, and the digital divide. Two high-level sessions addressed the role of trade and digital policy in mitigating the economic effects of the COVID-19 crisis in Africa, and the empowerment of women digital entrepreneurs. Other sessions were dedicated to consumer protection, innovation, data ownership and intellectual property, and the role of cybersecurity and privacy in the e-commerce space. Read our reports from the sessions.

Right On | 8, 15, 22, 29 April 2020

Held every Wednesday, the Right On series of online events offers insights into human rights developments during the COVID-19 pandemic, but also goes beyond the current crisis situation. In April, the events addressed issues related to fighting online hate speech and fake news, the consequences of COVID-19 for democracy and the rule of law, inequality and discrimination during COVID-19, and how the crisis is impacting women. Read the summary reports.

Postponed events

The World Summit on the Information Society (WSIS) Forum 2020 | 6–9 April 2020

Intergovernmental Group of Experts on E-commerce and the Digital Economy, fourth session | 29 April–1 May 2020

In April, Diplo hosted a series of webinars exploring various digital policy implications of the COVID-19 crisis. If you missed them, read our summary reports or watch the recordings. And join us for future events.

Upcoming events: Are you tuned in?

Learn more about the upcoming digital policy events around the world, and use DeadlineR to remind you about important dates and deadlines.

Digital rights in focus

Diplo’s digital policy barometer shows that digital rights have been among the most prominent issues over the past few months. This crossword reveals some of the main developments that have brought human rights and freedoms into focus. Some of the clues are in this newsletter, others can be found in updates posted on the Digital Watch observatory. We also invite you to join our weekly discussions on human rights developments, in the framework of the Right On initiative.