Introduction

COVID-19 has not only been a health crisis but also a financial and human rights pandemic. Over the last 17 months, the coronavirus has inadvertently compelled sovereign powers to breach their citizens’ Human Rights, as proffered in The Universal Declaration of Human Rights (UDHR). We are not talking about economies with a chequered history of such violations, but the supposed flag bearers and frontrunners of civil liberties, such as the United States of America. 

Against this backdrop emerged America’s lawsuit against The People’s Republic of China (“PRC”), claiming, in part, that the PRC was essentially responsible for draconian regulations imposed by governments around the world, including the United States. This paper upholds America’s legal position that wholesale human rights violations by victimized nations mandates sovereign accountability. This paper does not confer any liability on PRC in terms of the spread of COVID and nor does it go into the outcomes of the human rights violations; instead, it merely examines America’s stated position to drive an important argument.

Piercing Sovereign Immunity

Generations of governments have routinely armed themselves with the doctrine of immunity to avoid answerability for human rights violations or to shield themselves from virtually any suit, including commercial ones. The piercing of sovereign immunity is mired in controversy and the jurisdiction (which court system should try such an action) is oftentimes not as clear cut as it might seem.

State-based litigators who pursue claims against sovereign powers occasionally experience a rare victory in the International Courts of Justice or under the umbrellas of organised initiatives like the Paris Club deal, but the sheer complexity of such proceedings is a deterrent. Then, of course, there are the “specialised organs” of the United Nations who have reduced jurisprudence to issuing advisory opinions. Then there are the District (Federal) Courts in the United States’ that have sometimes, in most exceptional cases, taken up such causes of action. 

No one would like a process which continues ad nauseum and the success or failure of such a precedent-setting action requires finality. The strict compliance to process, the implicit denial of appeals, the recognized independence, the bias for human rights causes and the fact that the ICJ forms a precedent for all International Law, and paves the path for all jurisprudence, makes the ICJ the right forum for such a matter. 

Innocent women and children in Israel suffer a breach of privacy under drones surveying their home windows ensuring lockdown orders are followed; politically disparate young adults in South Africa are robbed of their voices because countries wanted to stop media coverage of COVID; and countless creditors both private and public were unable to collect debts (while nations uploaded more debt) – all because of the coronavirus. Different economies, different symptoms. America’s action speaks not for the continental United States but calls for action on behalf of the world economies and therefore this paper suggests a two-fold or a two-prong action, the guilty phase and the penalty phase. 

That is the first step that would determine if China is directly or vicariously responsible for the violations and in the second step the courts would decide the penalty of such an action. Rather, it is submitted that once the ICJ determines the guilt (or innocence), the ICJ would establish a Tribunal that would determine the quantum of the damages for each country based on factors such as impact on GDP, loss of lives and other economic loss. 

Coronavirus Correlation

Today, COVID-19 has spawned a hoard of accusations against states for human rights abuses, varying from the silencing of protests to (data) privacy infringements. Nations are defending these allegations by the legal doctrine of force majeure respective to the COVID-19 virus and pandemic. By way of illustration, it was “the unforeseeable circumstance”, the force majeure, of COVID-19 that made the US government impose draconian regulations that infringed on their citizens’ rights – “to ensure safety”. 

History has presented a pattern of personal liberties declining in times of crisis, such as with the Patriot Act (2001) at the advent of 9/11 in the United States of America, when the government tapped all mobile communications nationwide. In the aftermath of World War II with the Red Scare, the McCarthy trials commenced wherein any deviation from the government was considered communist, consequently imprisoning thousands for libel. Likewise, with the COVID-19 pandemic, the freedom of movement, the inability to question the effectiveness of governmental efforts, and “track and trace applications”, are brute infringements of human rights (UDHR) and any redemption is but safeguarded by sovereign immunity yet again. 

According to the World Bank, the globe has never witnessed such a universal breach of human rights violations, which is why the question of “who is responsible?” uncovers itself more sternly than ever. The USA and even other superpowers have inculpated The Peoples’ Republic of China – given that the virus originated in Wuhan – and America has filed numerous lawsuits against China pressing for damages, as stated above. 

The Case Against China

Moreover, it is the force majeure of COVID-19 in tandem with the human rights violations across the globe for which the USA has filed lawsuits against China. Their argument: “had it not been for China, this covid ravaged world would not be as (freedomless as) it is now”. Here, the draconian pandemic-regulations governments have imposed on their citizens are primarily attributed to China’s negligence in failing to notify the W.H.O. and the world community about the coronavirus at its first appearance in Wuhan:

“…During the critical weeks of the initial outbreak, Chinese authorities deceived the public, suppressed crucial information, arrested whistleblowers, denied human-to-human transmission in the face of mounting evidence, destroyed critical medical research, permitted millions of people to be exposed to the virus, and even hoarded personal protective equipment – thus causing a global pandemic that was unnecessary and preventable.”

Due to China’s alleged negligence, as articulated above, it rests upon the ability of America to prove ample causation of China’s proliferation of the virus worldwide, to the effect of the drastic increase in the scope of governments by virtue of imposing gargantuan pandemic regulations – hence infringing on citizens’ human rights. Regardless of the controversial nature of this argument, it has been widely perceived to hold validity from a legal standpoint.

The Arguments

Indubitably, however, China is protected by immunity; the Foreign Sovereign Immunities Act (FSIA) of America offers hints of an alleviation because the act expounds many exceptions. When in accordance with the act’s exceptions to breach immunity, the “foreign state shall be liable in the same manner and to the same extent as a private individual under like circumstances,” – the applicability of FSIA exceptions are certainly one of the benefits of suing China in America, and not in an international court. 

Furthermore, due to the dependency of any American victory solely relying upon the prevalence of the FSIA’s exceptions in the essentials of this lawsuit, which are a) the commercial activity exception, b) the territorial tort exception and c) general legislative proposals, this paper will elaborate and critique their viability. Primarily, the commercial activity exceptions in the FSIA details three central themes: a commercial activity within the USA; a commercial activity in the USA based from the same act in a foreign state; a commercial activity outside the USA instigated by a foreign state which causes a “direct effect {causation}” to the USA. Precisely, it is the latter most exception which America nominates to prove in their lawsuit: that China pursued such actions for (improper) commercial gain. America’s attack against the barrier of immunity lies in their preference of defendants, which is the Chinese Communist Party (CCP), as opposed to solely the State of The People’s Republic of China, which is allegedly not a foreign state and purported to have no shield of immunity, complementally. 

Therefore, America must, as evidence, delineate the “commercial research” of viruses within the Wuhan Institute and Chinese Academy of Sciences, proffer the effectiveness of healthcare services in Wuhan, elucidate the abuse of false material and information for “commercial gain”, and conduct a cross examination of China’s PPE to hold them liable for damages. In addition to this evidence, America must employ the fundamental legal theory of causation yet again. Ergo the general criticism which applies to America’s case would be the inability to demonstrate the “immediate consequence” of causation given the universality of the COVID-19 pandemic. If America fails to prove China’s alleged commercial activities, then the accusation of concealing information from the world community is simply a moral regard and deviates from a chance to breach immunity, but may hold ground in the ICJ if proved they failed to notify the WHO.

Secondly, the territorial tort exception in the FSIA provides that if a foreign state caused personal injury, distress or death(s) in the USA, which also encompasses property loss, the ability to seek damages, or tort, even if it was an employee of a foreign state who committed the action, can prevail breaching immunity. However, sovereign immunity encompasses, or rather, the exceptions in the FSIA excludes, the notion of discretionary functions, which fails for any chance of further elaboration in the FSIA; however, the Supreme Court recognised discretionary functions as that which “covers administrative decisions grounded in social, economic, and political policy” – which China can certainly argue. A recapitulation of oddities with the exceptions is detailing that “any claim arising out of malicious prosecution, abuse of process, libel, slander, misrepresentation, deceit, or interference with contract rights” against a foreign state is still safeguarded by immunity. Therefore it is submitted that these US-based litigators suing the sovereign power of China temper down the plausibility of being racially/maliciously charged, else they would inadvertently strengthen China’s immunity. Ultimately, if America pursues using this exception in the FSIA, the law can hold China accountable only if it is successfully argued that their concealing information, including propagation of the virus, was not a discretionary function, as its clear definition is not within the FSIA, which is a sufficient claim because failing to notify the WHO was, in fact, unlawful, and illegal in terms of international legislation. Additionally, a critical point in America’s argument with this exception would be to prove ample causation – by way of personal injury – yet again. 

As the last of the exceptions, American congressmen drafted numerous bills and amendments to the FSIA, most of which were tailored for the lawsuits against China. H.R. 6444 and H.R. 5619 incorporate the proposition of “discharging” biological and chemical warfare, which is an addition to Section 2333 that details procedures and respondents for international terrorism. Sections 2280(d)(3) and Section 3592 deal with the chemical warfare notion as well, but H.R. 6524 Section 3588 commences in a broader stroke in terms of how it makes an exemption from immunity the “conscious disregard of the need to report information promptly or deliberately hiding relevant information that caused or substantially aggravated the COVID-19 global pandemic in the United States, regardless of where the action or omission occurred”. State-based litigators appraise Section 3588 as offering sufficient measures to seek tort, personal injury and sheer monetary (economical) compensation from China. While such bills deviate from the pool of law and into the realm of politics, the body of these acts seem rather undesirable by virtue of the inevitable aggravations it would cause the two superpowers. 

Causation – Theoretical Analysis

Illustrating the legal theory of causation would require further elaboration to garner a more thorough understanding of how the law can hold China accountable for human rights violations. Primarily utilising causation must present itself unequivocally. These American plaintiffs must identify the a) result, b) conduct, and c) consequence to argue which category China is (criminally) liable for. For such practices of causation there is a two-stage filter demonstrated as “but for”: “If the result would not have occurred but for what the defendant did, then the prosecution has established causation in fact.” The latin terminology of this method is sine qua non (without which, not) – which establishes a preliminary understanding of the cause of action. China can defend themselves by arguing that another action caused worldwide governmental human rights violations in response to the pandemic – like each respective sovereign’s decisions. Plaintiffs must link their defendant to the consequence, ultimately. But to ponder who the victim is – governments or the people – is integral. Governments can be viewed as the feeble victim before the colossal enforcement of such oppressive regulations on its citizens, and comparatively, the citizens can be viewed as victimized by way of the Universal Declaration of Human Rights. 

 If American plaintiffs uncover a break in the chain of causation, and if the but for filter fails, the legal method deviated from the doctrine of causation of “substantial operational” must commence. China’s failure to notify the W.H.O. should be purported as an operating (a continuing) cause, but if any secondary cause is so overwhelming so as to make that initial action merely a part of its history, can it be defended that these human rights violations break the chain of causation from China’s actions? American plaintiffs can argue that failing to notify the W.H.O. was still a substantial cause of the need for governments to impede on citizens’ human rights. And the ideology of a third party interference presents itself as very complex because it relies upon the sheer acts of the third party, which can be negated when purporting a naturally occurring event, for which their exact definitions and identifications are inexplicit. 

A defence on China’s table relies on the daftness test: questioning if the worldwide, oppressive governmental regulations were daft or unreasonable. This paper will continue to address the question of whether the victims (in this scenario, the governments) were daft in the emplacement of their own regulations. China would be unable to defend themselves by mentioning a (prerequisite unknown) characteristic of the USA, such as the states’ dense population or goals of the (previous) administration, because the thin-skull-rule can never break a chain of causation: if it supposed that an individual knocks another down and results in their death because of their “thin skull” (unforeseeable), the perpetrator would still be liable, just as China would be in the respective situations of worldwide governments.  

Introspection on Data Privacy Infringements

Furthermore, America can reaffirm their argument on a grander scale, incorporating and using the human rights violations across the world caused, allegedly, by China to aid their offence. An effective response to the COVID pandemic hinges on global cooperation, especially regarding access to data that can assist in identifying potential hotspots, advising national and localised responses, as well as developing testing methods or even vaccines. National data practices have accordingly been adapted to combat the stressful circumstances surrounding the pandemic, instigating a surge in data sharing between authoritative bodies and catalysing the development of such diagnostics. However, this has potentially come at the cost of infringing on our basic right to privacy and data protection all in the name of public interest, which is perhaps a daft decision. Within this section, this paper will analyse the implementation of such executive measures in response to the COVID-19 pandemic within Hong Kong, primarily critiquing its compliance with human rights from a legal standpoint. 

Ever since the onset of the COVID-19 pandemic, disclosing health data has become a daily occurrence, practically to the point of being required for most citizens in Hong Kong. Upon entering public premises, the individual’s body temperature will be taken by infrared digital thermometers. When entering a health facility, the visitor has the additional requirement of providing their travel history within the last 14 days before being processed. Furthermore, starting from 18 February 2021, the government mandated restaurants, along with nine other specified premises, to display QR codes linking to the LeaveHomeSafe contact tracing application, which visitors were required to scan before entering the premises, keeping a record of their visit. (1) All of these measures have been justified as methods of prevention and monitoring contact tracing. However, this comes with the caveat of being a potential threat to data privacy, as a substantial number of citizens have speculated with much suspicion. Although this can be predominantly attributed to the deteriorating relationship and growing public mistrust in Beijing and Hong Kong(), there have been legitimate concerns regarding some of the legal data privacy implications left behind by governmental measures in response to the coronavirus, as well as the need to hold the powers in charge accountable. 

Despite personal data privacy being largely protected under the Personal Data Privacy Ordinance, there exist legal grounds as part of Section 59 that exempt controllers of personal data from having to abide by subsection 3(1) of the Data Protection Principles, the latter of which states “personal data shall not, without the prescribed consent of the data subject, be used for a new purpose”. This inherently enables data users to bypass the safeguards protecting personal data privacy, allowing data to be used for ulterior motives without consent of the data’s subject, on the legal basis that being required to follow these provisions heavily endangers the physical or mental health of the individual or others. Of particular interest, it is possible to disclose personal data that reveals the identity and location of data subjects without their consent to any third party as per section 59(2), utilising the same legal basis as previously mentioned. In the context of the current pandemic, this contradiction in the law can easily be exploited for malicious intentions pertaining to matters unrelated to overcoming the pandemic, under the guise of seemingly being a necessity as part of an efficient response to the pandemic. Therefore, the current legislation itself provides the government with legal immunity when introducing executive measures that tackle the public health crisis at hand, but unfortunately neglects their legal covenants to uphold fundamental human rights of data privacy and data protection.

With regards to the usage of personal data during the COVID-19 pandemic, the then-Privacy Commissioner of Hong Kong issued a statement commenting that, though the right to privacy is guaranteed and largely protected under Hong Kong law, it is not considered to be an “absolute right” that cannot be derogated from under any circumstances , but rather subject to restrictions. (2) It was further justified based on Article 4(1) as part of the International Covenant on Civil and Political Rights (ICCPR), which covered that in the event of a life-threatening nationwide public emergency, State Parties are able to issue measures that derogate from their usual legal obligations, to the extent that is strictly and minimally required in order to preserve society. Although the Privacy Commissioner’s Office has repeatedly conveyed that the Hong Kong Government’s (HKG) executive measures against COVID-19 has complied with the PDPO, (3) it addresses certain data privacy concerns to a limited degree of proportionality, transparency, and accountability in contrast to what was promised, as this paper will discuss below. 

Case Study: Hong Kong Data Privacy Procedures

The HKG took several precautions to secure the healthcare and wellbeing of its citizens amidst a global pandemic, such as the announcement of CuMask+ in May 2020. They developed reusable masks capable of filtering pathogenic microorganisms, with the intention of freely distributing these to the public. All registrants were required to digitally submit their full name, Hong Kong Identity Card number, date of birth, mobile number, as well as a delivery address. (4) During press conferences, this initiative was heavily scrutinised and several have condemned the government for failing to state the purpose of data collection and whether data would be shared with any third parties. In response to this, the government clarified their reasoning of collecting personal data as being necessary in order to authenticate the eligibility of the registrants, detect fraud and avoid creating duplicate registrants. (5

It was also assured by the government that personal data would be erased after the purpose for gathering such data in the first place was fulfilled, in accordance with Data Protection Principle 2. However, it’s worth bearing in mind that the current Hong Kong regulations leave this period of data retention open-ended, with no direct reference or guidance to any suitable or maximum time limit, though some arguments have contended that this may not necessarily be a shortcoming of the current data protection legislation. On one hand, it can be argued that it’s neither practical nor sensical for the existence of a law that constrains all data users under a rigid retention period, given their vastly diverse and varied purposes for collecting and processing data. 

In fact, the HKG has recognised the necessity of providing data users with some level of flexibility as evident in the phrasing of their data privacy principles, corresponding to identical data retention sympathies found in other jurisdictions including Australia, Canada, the EU, New Zealand, and Singapore. (6) Conversely, it may be pointed out that some Hong Kong data users do not have such data retention policies that specify the exact length of the data retention period. 

Therefore, even if an individual chooses to exercise their right to “ascertain a data user’s policies and practices in relation to personal data” (7), without plain data retention policies provided by the data user along with the lack of statutory guidance, there is not much data security offered to that individual. The negligence of data users to ensure the deletion of personal data long after fulfilling its original purposes, in relation to combating the proliferation of the COVID-19 pandemic, creates several avoidable data privacy threats, such as possible data breaches or personal data being covertly used for other purposes. 

Furthermore, the HKG has pointed out on the official CuMask+ registration website that personal data may be divulged to “relevant government bureaus/departments/organisations”. (8) This broad term has understandably caused some public unease as it leaves unnecessary ambiguity, and created concern over whether organisations such as the police force or the national security agency were included. Following a query into this specific matter by a representative of the Hong Kong Legislative Council, the Secretary for Innovation and Technology clarified that the HKG would use the collected private data solely as part of the distribution of masks, as well as listing specific governmental organisations that the data would be disclosed to and their role as part of the CuMask+ initiative. (9) Although this seemingly addresses privacy concerns in a straightforward and transparent manner, it should be noted that the current regulations actually enables the HKG to not only use collected personal data for other purposes unrelated to the COVID-19 response, but also disclose said data to other third-parties, all without requiring the consent of the data’s subject as we previously discussed. (10) Moreover, taking into consideration the growing public mistrust in the government which has been put on full display during the Hong Kong anti-extradition bill protests, many Hong Kong activists share the notion that the HKG’s true allegiance lies with the Beijing authorities, instead of to its people, thus betraying public faith in order to suit the needs of the Chinese government. 

Towards the beginning of the pandemic in March 2020, Hong Kong started to experience an escalating trend in imported COVID-19 cases. In an effort to monitor such cases whilst mitigating the spread of the coronavirus, a compulsory 14-day quarantine was imposed upon all travellers arriving Hong Kong under a newly established regulation. Upon arrival, they would have to install the “StayHomeSafe” mobile application and wear a wristband connected to the application for the entire duration of the quarantine period. This application was designed to profile signals around the place of quarantine including nearby WiFi, cellular, and bluetooth networks which along with the wristband would detect if an individual left the quarantine area, at which point the authorities would be alerted. 

In addition, given that both the app and wristband are linked to your phone number, the personal data gathered makes you uniquely identifiable as well. In addressing this data privacy concern, the HKG clarified that they had implemented data privacy safeguards, such as the use of geo-fencing technology instead of GPS tracking, as well as storing all data collected on the HKG private cloud. (11) While the former safeguard does offer more data security, the latter’s centralised approach to data collection may be more susceptible to data sharing and breaches through the government’s convenient access point to the data. It should also be noted that in similar fashion to the CuMask+ initiative, personal data may be disclosed to other government organisations or third-parties without consent (12) and, moreover, there are no data retention policies. This further lack of transparency as well as the fact that both strategies had identical data privacy flaws, clearly exposes the inadequacy of Hong Kong’s data privacy regulations to preserve its citizens’ human rights, and the lack of accountability in the sovereign powers to reflect upon their infringements on these fundamental rights.

In regards to COVID-19 diagnostic testing, the HKG introduced their Universal Community Testing Programme during September 2020. Its purpose was to collect specimens from volunteers through nasal and throat swabs at no cost, which would then be used to conduct laboratory experiments and identify potential asymptomatic coronavirus carriers. This endeavour faced heavy scrutiny from Hong Kong activists, who took issue with the lack of transparency as well as the potential legal data privacy ramifications involved. Particularly, the collaboration with mainland Chinese laboratories without any tender process aroused public suspicion that their genetic samples may be repurposed by the pro-Beijing camp for extensive DNA profiling, which could potentially be utilised by the local police or Beijing authorities to create an environment akin to the concentration camps in Xinjiang. (13) Following the public’s growing skepticism, the HKG explained that testing would only occur within local laboratories and that the specimens being tested would only be labelled by serial numbers without any identifiable personal data. (14) Furthermore, it was promised that the data collected would only be used for COVID-19 testing purposes and that all samples would be eradicated within one month after the completion of the programme. Unfortunately, there are currently no forms of legislation enforcing these promises, though it should be acknowledged that the inclusion of a proportional data retention period is certainly a step in the right direction in terms of taking accountability for data privacy rights.

While spreading public awareness can put some pressure on sovereign powers to take accountability for their infringements on human rights, any potential concerns can easily be ignored or unaddressed by the government. It all comes down to two aspects: how can legal authorities utilise the common law and cases throughout history to underpin their decisions in holding sovereign powers accountable for human rights violations, and, how should relevant statutes be adapted to uphold data privacy rights.

Conclusions

One of the most crucial elements in ensuring sovereign powers take accountability for evading their legal responsibilities to protect our data privacy rights lies in the judicial system. Given the authority and administrative powers of the supreme courts, their adjudications have the influence to encourage meaningful change in legislation where necessary in the pursuit of justice, as well as providing a legal blueprint for executive measures in future public health emergencies. Such was the case in Brazil, where, in May 2020, the Federal Supreme Court annulled a government order that pressured telecommunication companies into sharing private data of their users. (15) The court deemed that data privacy and protection were fundamental rights to be upheld, and that the Brazilian President’s order was disproportionate and in clear violation of the nation’s constitution that ensured privacy rights, as the government would have had access to full names, addresses, and phone numbers pertaining to millions of citizens. (16)  Although concerns were raised over the absence of relevant legislation and authoritative figures that gave government bodies complete legal immunity to impose their opinions on data protection upon the private sector whilst avoiding their legal responsibility to establish policies to defend these rights (17), this Supreme Court decision paved a pathway for the law to instigate positive change by displaying the importance of safeguarding human rights and setting the example for future legislative and executive measures.

Oversight bodies are also integral to holding sovereign powers accountable through their role of supervising the application of data privacy and protection laws. During an incident in the Netherlands back in July 2020, the Dutch DPA objected to a bill that would have forced telecommunication operators to gather more personal data from its users and disclose them to the government. (18) They concluded that the proposed legislation didn’t account for sufficient data privacy and security safeguards, failed to substantiate its functionality and necessity, and disregarded relevant guarantees that were assured by the DPA to the public. While it can be argued that the DPA’s efforts are futile, as the supreme powers are in a position to ignore their advice and avoid confronting these issues directly, it does draw public attention to these infringements on our human rights and may deter the legislative and executive powers from pursuing similar courses of action in response to the COVID-19 pandemic as well as in future public health emergencies. All things considered, though, it is only when the judicial authorities and regulatory bodies cooperate together to monitor the implementation and execution of data privacy provisions within pertinent legislation that the true extent of the accountability of sovereign powers can be fully exhibited. This occurred in Israel when, in April 2020, an Israeli parliamentary supervisory committee prevented the government from filing an extension bill due to data privacy concerns, which would have allowed the police to continue tracking citizens through cell phone data for the purpose of enforcing quarantine. (19) Then, in a similar event in March 2021, the Israeli Supreme Court permanently blocked the government from tracking COVID-19 infections by using location data on mobile phones, pointing to breaches of data privacy rights. (20)

COVID-19 Testing and Tracing Applications

As part of the global response to combating the COVID-19 pandemic, there has been an increasing dependence on techno-solutionism to create digital workarounds against its devastating impact. One of the most integral globally employed measures is the usage of public health surveillance technologies, specifically mobile contact-tracing applications, to monitor and prevent the spread of the coronavirus. While this digital tool has become globally synonymous as an essential component of effective containment strategies, it has since given rise to a number of ethical issues pertaining to personal data privacy including data anonymity, potential data sharing with third-parties, and the explicit limitation of personal data usage solely to COVID-19 research purposes. In this section, we will investigate the global outlook on data privacy practices, analyse its implementation in various jurisdictions.

On March 20, 2020, Singapore released its digital contact-tracing system by the name of TraceTogether, with the aim of swiftly identifying individuals who may have came into close contact with a COVID-19 carrier. Upon its release, this app was considered to be the least invasive of personal data in comparison to other contact-tracing apps in Southeast Asia. (21) Its privacy statement clearly articulated the type of personal data collected, its usage, and how it may be disclosed with others. (22) Its data privacy protocol prevents third-parties from tracking users whilst ensuring the destruction of personal data should the user revoke their consent. (23) Its integrative approach of decentralising proximity logging on user’s phones, while centralising contact tracing on a private database accessible by the Ministry of Health, addressed the needs of both data privacy and public health. (24) These measures generally followed the relevant obligations embodied in Singapore’s Personal Data Protection Act (PDPA) leading to wide praise among data advocates. (25) That said, a public scandal broke out when it was revealed that not only was TraceTogether data subject to the Criminal Procedure Code and that the police were empowered to obtain such data (26), but that it had already been used as evidence during criminal investigations into a murder case. (27)

This revelation contradicted previous assurances made by the Singapore Minister for Foreign Affairs that TraceTogether data would be used “only for contact tracing” and not “as a means of picking up breaches of existing rules” (28), in which he later backtracked these claims during a parliamentary hearing. (29) Furthermore, this misconduct was not in accordance with Singapore legislation, specifically violating the required data protection obligations under the PDPA. This includes the failure to notify individuals of the purposes for which the government intended to collect, use, and disclose data, along with the government’s failure to only perpetuate these actions for purposes that are appropriate and reasonable in response to the current circumstances under the COVID-19 pandemic where individuals have given their consent to those purposes (repeat link) (30). In an attempt to alleviate public outcry, the government instituted a bill that provided legal certainty as to the usage of TraceTogether data in criminal investigations pertaining only to specific categories of serious offences, along with penalties for breaching guidelines and maintaining the same promise as before of terminating the TraceTogether system and its data once the pandemic is over. (31) However, at this point the damage had already been done, as the policy change severely undermined public trust in the authorities and may have even deterred some people from using the TraceTogether system as a result. Consequently, the lower adoption levels of the application could reduce the efficacy of Singapore’s COVID-19 response, but it may also have the additional side-effect of becoming a precedent that would limit the efficacy of Singapore’s future governmental initiatives due to public fear of feeling cheated and betrayed by the authorities again. In short, the lack of accountability and transparency within the Singaporean authorities has not only compromised civil liberties, but it has also destabilised public relations.

Interestingly enough, the public outcry in Singapore over TraceTogether partly contributed towards the resistance against LeaveHomeSafe: Hong Kong’s public-tracing application. In regards to LeaveHomeSafe’s privacy, the HKG enlisted the aid of an independent third-party to conduct a Privacy Impact Assessment (PIA) that would examine whether the application policies complied with the relevant legislation under the PDPO. They concluded that all of the PDPO requirements were fully met, noting various aspects including a specific data retention period, a clear purpose of data collection, and that only necessary personal data was collected in relation to fulfilling that purpose. (32) However, in similar fashion to TraceTogether, LeaveHomeSafe also enables law enforcement officers to access users’ personal data giving more credence to those who oppose the service. Moreover, the application’s privacy policy clarifies that data can be used or disclosed where permitted under the PDPO, of which one regulation in particular enables LeaveHomeSafe data to be used as part of the apprehension, prosecution, or detention of crime offenders, all without the consent of the data’s subject . Though both LeaveHomeSafe and TraceTogether have empowered the police to access users’ data, the latter provided clearer restrictions on the certain scenarios where the police could retrieve such data unlike the former. 

Furthermore, the retention period for LeaveHomeSafe data related to COVID-19 positive cases in Hong Kong lasts seven years, which could be considered as a violation of Data Protection Principle 2, as it requires data controllers to ensure that “personal data is not kept longer than is necessary”. (34) Additionally, unlike other contact tracing applications ranging from Singapore and Canada to Germany and the UK, the HKG refused to open-source LeaveHomeSafe’s code on the basis of protecting copyright of intellectual property belonging to a private firm, as well as to prevent exposing potential data security flaws. (35) Yet as it turns out, the HKG itself owns the copyright of LeaveHomeSafe including its underlying object and source code (36), presenting no discernible issues in regards to their former claim. As for data security flaws, it would be more likely for system vulnerabilities to remain undetected indefinitely should LeaveHomeSafe’s code remain unreleased for the public to inspect. As such, it would be in the HKG’s best interests to open-source the code, which would not only provide the opportunity for open-source developer communities to collaborate and enhance the codebase’s robustness against data security defects, but it may also help to restore some public trust in the government after a display of transparency. The HKG’s lack of accountability to properly address privacy concerns pertaining to LeaveHomeSafe could be detrimental to their COVID-19 response, as the resulting public disillusionment could potentially provoke more people into forgoing the contact-tracing application, or even supplying false information during registration.

As it has been shown, the case studies in Singapore and Hong Kong serve as a testament to the importance of maintaining accountability and transparency in correlation with fostering public trust and maximising the overall efficacy of public health programs. The implementation of such technologies should therefore incorporate tough data privacy defences within its design in order to achieve this. The data practices would need to account for various privacy implications ranging from its purpose of data collection and what specific data is recorded, to the length of data retention periods and who can access such data. After gathering responses from a survey, the Global Privacy Assembly (GPA) COVID-19 Taskforce published a compendium listing the best data practices within various COVID-19 contact-tracing applications. (37) Some of them included specifying the exact data retention periods, releasing the application’s source code, allowing DPAs and oversight committees to supervise the operation of the application; utilising data minimisation techniques (such as anonymised data and decentralised exposure notification), as well as discontinuing the application after the end of the pandemic among others. (38) This compilation helps to set the benchmark for existing contact-tracing applications to work towards, whilst providing a blueprint for future public health applications and programs to embed Privacy by Design.

Along with including optimal data practices, the sovereign powers would also need to provide a legal basis for the existence of the application. To this end, there would have to be legislative amendments to accommodate for this change. Within the context of COVID-19, some nations attempted to strengthen privacy safeguards pertaining to usage of contact-tracing application data. For instance, Australia’s Privacy Act 1988 underwent revisions that restricted data gathered from their nation’s contact-tracing app to be solely used for contact-tracing purposes, along with introducing a new criminal offence for coercing or forcing an individual to use that application. (39) On the other hand, some nations have amended laws to expedite data usage for contact tracing and enforcing quarantine. One example of this lies in Bulgaria, where mobile operators and data providers were compelled to collect location data on individuals violating confinement orders under new legislative amendments. (40) While the importance of securing public health should be recognised, it is imperative that we also respect our civil liberties. In order to achieve this, there needs to be an emphasis placed on balancing both aspects proportionately within legislative amendments, especially for sovereign powers that remain accountable having shirked their responsibilities to implement effective data privacy safeguards.

Recommended Further Steps

While limiting the impact of the COVID-19 pandemic is definitely in the public interest, it is vital for our data practices and other relevant legislation to take into account the essentiality of preserving our human rights. For future cases of public emergencies, we need to ensure full transparency between the authorities and the people regarding the terms of data policies and efforts being made to safeguard their privacy. As can be seen in the cases of Hong Kong and Singapore, a lack of transparency and a collection of vague statements that perpetuates the notion of data being potentially used for a purpose unrelated to the public emergency at hand is a potential threat to our right to privacy. Not only that, but it may also worsen public trust in the authorities and crush any support for future governmental programs that claim to utilize private data in the name of the greater good. 

As such, it is not only in the public interest to preserve public health and dampen the harm done by the coronavirus, but also to uphold and protect our human rights. It is imperative that we learn from our mistakes in the COVID-19 pandemic, specifically that these two aspects must be treated as a collective with an equal weight on both sides. Whilst it is understandable that the priority is and should be to provide rapid and convenient access to diagnostics, therapies, or even vaccines all of which heavily relies on global data sharing, we must realise that there are other factors to consider that are potentially in jeopardy. Upon considering responses to public health emergencies, it is integral that we achieve a fine balance between choosing a course of action that best preserves society, whilst also respecting our civil rights and liberties among the right to privacy. As such, we must place heavy scrutiny under any governmental measures that may deprive us of these fundamental human rights. Another crucial example of this need for balance and scrutiny is the concerning trend of increasing regulation regarding the right to assemble and freedom of expression. In the following section, a greater focus will be put on international bodies and the wider international sphere. 

Examining the Limitations of the Freedom of Movement and Protest

Article 10 of the European Convention of Human Rights (ECHR) outlines the right to express opinions and exchange information and ideas. Article 11 of the European Convention of Human Rights outlines the right to freedom of assembly and association. Both are fundamental to a healthy democracy – however, they can be restricted in the interests of “public safety” or “for the protection of health”, as studied above with data privacy. (41) These allowances hold true for all other international law bodies, like the International Covenant on Civil and Political Rights (ICCPR) or the African Charter on Human and People’s Rights (ACHPR). 

Such limitations on these rights, whenever invoked, are not always all-powerful. There are certain criteria that must be met when the restrictions are imposed, whether it be during a state of emergency or otherwise. For example, in broader terms, the restrictions imposed must be directly proportional to, and necessary towards solving the pressing issue it aims to resolve. Furthermore, it should aim to be the least disruptive of all options considered: the restrictions need to be lawful, meaning that the action taken must be defined by a clear, pre-existing law. The restrictions should not contradict any standards which the acting country adheres to as per international legislative obligations and guidelines. Any of these restrictions, upon questioning, must be justified by the authorities. (42) 

States of emergencies should be, in all essence, temporary. When a state of emergency is declared, the governing power must not only inform all citizens as quickly as possible, but they must also report the details and reasoning of their restrictive actions to the relevant international organisation of which they are a signatory. (43) It is notable that only the American Convention of Human Rights (ACHR) requires the signatory to determine specific time periods for which the restriction of each right should last for. Other organisations like the ECHR only require for the signatories to notify them when the signatory has lifted the restrictions, thus leaving it up to the local authorities to determine when a state of emergency is no longer needed, as there is no general, explicit list of what can be classified as emergencies. There is no obligation for countries as to how soon they have to inform the relevant international body after a state of emergency is announced, which allows them to delay international oversight.

A piece of legislation namely, The Emergency Decree, essentially grants immunity for authorities who commit human rights violations. Section 11 permits authorities to arrest, detain, search homes, interrogate, seize goods, monitor all means of communication and more, so long as it is for “the security of state” or “the safety of life”

Consequently, it comes as no surprise that there are countries that take advantage of the power these restrictions can grant them. As of July 2021, according to the Global Peace Index, there have been 50 000 protests linked to the pandemic worldwide. 5000 of them were violent. The protests are varied; including strikes from healthcare workers, anti-lockdown protests, protests to show dissatisfaction with government preventative measures, etc. (44) These protests have, in many cases, been met with overwhelming force. This treatment has been extended to other dissenting or critical parties, like journalists or those from opposing political parties. COVID-19 regulations and rules have been frequently cited as justification for this treatment, with the legal doctrine of force majeure, as articulated under “Coronavirus Correlation”. This incites concerns that COVID-19 rules could potentially be weaponized to achieve objectives other than protecting public health. 

Not only can the responses to dissenting sentiments be disproportionate, the restrictions themselves can go quite far as well. This comes in the form of blanket bans on protests, as is relevant in the case of Algeria, or banning protests whilst other public assemblies of similar numbers are permitted. (45)

Case Studies: Uganda and the Freedom of Protest

In Uganda, in November of 2020, opposition political leader Robert Kyagulanyi was arrested and prosecuted for breaking COVID-19 regulations by assembling masses for his campaign rallies. This is in spite of similarly sized rallies in support of the ruling party unfolding in different regions of the country.

The subsequent protests calling for Kyagulanyi’s release, initiated by his supporters, were met harshly by authorities. Tear gas and live bullets were utilised by authorities to disperse crowds, reportedly for the sake of upholding COVID-19 preventative measures. According to the police, this has caused 16 deaths and left a further 45 injured. Journalists who have attempted to provide coverage on Kyagulanyi’s campaign have too been met with swift retaliation, from arrest to pepper spray. One journalist, Moses Bwayo, was even shot in the face with a rubber bullet. (46)

The harsh enforcement of COVID-19 regulations has been going on even before the elections. Since the imposition of restrictive measures in March of 2020, there have been multiple reported cases of excessive use of police force, including the severe beatings and shootings of fruit vendors and civilians who were seen in groups. 

Although it may be true that some were violating COVID-19 preventative measures, it is also worth noting that the information dissemination system in Uganda is relatively vague. The most prominent political figure in Ugandan politics would be the President, who frequently makes public declarations, the transcripts of which are only available in English on the official government website online. For reference, just approximately 50% of citizens have consistent access to the internet, although that figure drops to 9% when regarding non-urban areas specifically. Even then, there are delays between the dates of declaration by the President and the legally binding effect of his words. For example, on the 18th of March, 2020, the President imposed 30+ restrictive measures that were not formalised and thus not legally binding until a week later, by the Minister of Health.

An example of the lack of clarity is the arrest of all those in the LGBTQ shelter, named the Children of the Sun Foundation, on the grounds of violating COVID-19 regulations on assembly. Although the Public Health Rules 2020 do prohibit public gatherings of over 10 people, there were no provisions for gatherings in a private setting. The incident also suggests a discriminatory approach when enforcing regulations, as Uganda’s social and cultural norms are strictly conservative.    

The Ugandan government has an obligation to monitor forceful response from authorities, as well as facilitating investigations into the deaths and injuries of all civilians, as to hold potentially unlawful killings and injuries accountable. In some cases, this has been attempted, however, the process of holding the accused officers accountable has not been transparent. (47)

Case Study: Thailand and the Freedom of Movement

Since February of 2020, there have been waves of Thai pro-democracy protests. A month after the first protest, in March of 2020, Thailand announced a state of emergency that has been continuously extended, and is still in effect today. The state of emergency grants broad powers to the government – Section 9 of the Emergency Decree allows for the criminalisation of the spreading of information that may “instigate fear amongst the people”, “misleads understanding of the emergency situation” or affects “good moral”. It also declares the prohibition of gatherings that “may cause unrest”.

Since the passing of the decree, many peaceful protestors and critics have been arrested and charged for violating its terms. For example, those that attended protests held in remembrance of the 2014 military coup were arrested for “acting in a way likely to spread the virus”, despite the widespread use of masks and thermal scanners. Other protests that have promised to strictly adhere to social distancing and other COVID-19 protective measures have also been prohibited. This has provoked criticisms of hypocrisy from locals, who point out that social distancing measures are not enforced in other crowded settings, such as public transport or in malls. Many of the pro-democracy protests that have gone ahead, regardless of permission from the authorities, have been met with tear gas, rubber bullets and water cannons laced with chemical irritants. 

Journalists, bloggers and medical professionals have all been the targets of lawsuits from the authorities, on the basis of disseminating misinformation. The topics brought up by these groups have involved criticism of government response to the outbreak, the alleged corruption involved in hoarding medical supplies and shortages in resources for patients. In the cases of teenage musicians Danupha “Milli” Kanateerakul and Natthawut Jenmana, charges have been brought against them under the Computer Crimes Act for posting a single critical tweet about COVID-19 government management. 

Comparative Assessment

The UN has highlighted these human rights abuses, as well as others, in multiple public statements. There have been statements denouncing the use of COVID-19 regulations for causes other than legitimately protecting public health, such as silencing dissenters and other political motivations. There have also been several reminders regarding the importance of emergency responses being “proportionate, necessary and non-discriminatory”. 

In both cases, authorities have used laws and regulations modified and extended to protect against COVID-19, which were used for counterterrorism and other issues pre-pandemic, to arrest, detain, and prosecute those critical of government management of the coronavirus, or of policies other than COVID-19. In both cases, there are concerns as to the overreach of government response to critics from all walks of life; including journalists, students, bloggers, opposition figures and activists, lawyers, protesters, academics, those in the medical sector, artists, etc.

Authorities in both have prohibited or disbanded protests criticising the government’s management to COVID-19 and other government policies, mostly citing COVID-19 as an excusable, force majeure yet again. This is despite the permission of other large gatherings in public settings.

Regarding states of emergencies, Thailand’s Emergency Decree essentially grants immunity to the authorities’ actions. Uganda, however, has enacted a de-facto state of emergency, instead of invoking Article 110 of the Ugandan Constitution, which allows for an official state of emergency to be enacted, if granted Parliamentary approval. This means that the actions of the executive branch of the government are exempt from Parliamentary oversight. It has also led to the aforementioned lack of clarity and transparency regarding COVID-19 measures. 

Neither have included legal safeguards in their policies. An important part of states of emergencies, de-facto or otherwise, is the inclusion of sunset clauses, or review clauses. This is to emphasise the temporary nature of these restrictive measures, as society should return to the status quo as soon as possible. 

Action and Recommendations

On an international scale, compliance to international human rights treaties is regularly reported on by a variety of entities; for example, for European member states, this would be the UN Secretary General, or the Commissioner for Human Rights. These monitors primarily raise international awareness of human rights abuses, through the signing of joint statements by different countries, holding international conferences, etc. In regards to strict punitive action, however, these monitors have an extremely limited range of options. 

Imagine the logistical nightmare if individuals had the option to file a complaint about a human rights violation to the relevant court, whether it be the European Court of Human Rights or the American Court of Human Rights. The process would naturally clog the judicial systems of countries and the evidentiary standard would be tough to establish and so the correct option is a collective action. To the extent the countries permit the United States to lead this charge is one which is not considered in this paper. But assuming that they do, then the process would be grossly simplified (administratively) although it would continue to be long and complex – require the country wise symptoms of the Covid induced human rights violations. 

Such a case has no precedent and there’s the issue of compliance. These facts require an examination of Communauté genevoise d’action syndicale (CGAS) v. Switzerland (no. 21881/20), a case regarding the violation of Article 11 of the ECH in terms of the right of trade unions to assemble, propositioning that the right to assembly is essential for a functioning democracy. The outcome of the case has not yet been determined. Regardless, even if the verdict were to be in support of the applicant, there is no guarantee that any tangible change will occur or can be enforced, bringing to the forefront a key weakness of the ECHR, as well as other human rights courts. 

This case as other international courts rely on moral values like “good faith” or the “honour” system for the implementation of the awards and therefore the two-fold system which has been suggested would work best and ensure compliance. The central thesis of this action is to seek payment or compensation for the claimant countries in a defined period of time without an inequitable application of the economic principles that determine such values. 

The natural remedy that presents itself which would not be subject to perversion of legal manipulation is a “consolidated” declaratory hearing on the subject before the ICJ or ECHR followed by a determination by an international tribunal that would determine the value of the claims. What is envisioned is something like the BRICS Bank, formed by five nations for development loans having representatives from all the founding countries. Similarly, the zonal tribunals which would be created would review the penal claims from the participating countries and dispense them as judiciously and expeditiously as possible. 

Can one force China to comply or impose “good faith” would be the subject matter of another paper. 

Cumulative Conclusion

COVID-19 has inevitably and undeniably allowed for a number of human rights restrictions and subsequent abuses. Not only is the legality and legitimacy of government response in the wake of the pandemic questionable, but the policies have disproportionately and discriminately affected various political and social groups, such as the LGBTQ community, with little hope of accountability on the horizon. The pre-existing fissures in legal systems all over the world have only increased and the inefficiency of international bodies like the European Court of Human Rights has never been more clear. 

Local governments certainly have a larger capacity to monitor the degree of violence used by their agents than international bodies can. Reports of use of excessive violence are often not dealt with effectively, if at all, for the sake of reputation. However, there are several ways to keep the police and other enforcement forces accountable; this includes measures such as being open to community oversight. For example, in Berkeley, California, civilian review boards have the opportunity to speak their minds with the Police Review Commission twice a month. Other measures involve increased federal oversight from a regulatory body such as the DPA in Hong Kong, or measures for increasing transparency like body cameras.

It is ultimately submitted that international governments like Israel, Singapore, Thailand, Uganda, the UK, and possibly even Hong Kong admit they imposed on citizens’ rights by way of pandemic-regulations and then hold China liable for a clear means to achieve compensation. It is further suggested that there is a consolidated, akin to a class action (of countries) against the PRC in the ICJ seeking a declaration on China’s culpability followed by a penalty phase. This serves as a means to amass compensation, personal injury wise, economically, and morally, for human rights. 

Bibliography

  1.  Grady McGregor and Eamon Barrett, ‘Can Hong Kong be a global city without public trust?’ [2021] Fortune <https://fortune.com/2021/06/30/hong-kong-national-security-law-protest-vaccine-public-trust/>
  2. Stephen Kai-yi Wong, ‘Balancing Privacy Right Against Public Interests Amidst COVID-19 Pandemic’ (hk-lawyer.org, May 2020) <https://hk-lawyer.org/content/balancing-privacy-right-against-public-interests-amidst-COVID-19-pandemic>
  3. Office of the Privacy Commissioner of Personal Data, ‘Response to media enquiry on privacy issues arising from COVID-19’ (3 April 2020) <https://www.pcpd.org.hk/english/news_events/media_statements/press_20200226.html>; Office of the Privacy Commissioner of Personal Data, ‘Universal Community Testing Programme Complies with Requirements of the Personal Data (Privacy) Ordinance’ (28 August 2020) <https://www.pcpd.org.hk/english/news_events/media_statements/press_20200828.htmll>
  4. The Government of the Hong Kong Special Administrative Region, ‘Close to 1.38 million registered for CuMask+™’ (6 May 2020) <https://www.info.gov.hk/gia/general/202005/06/P2020050600714.htm
  5. Kelly Ho, ‘Coronavirus: Hong Kong gov’t reveals producers of giveaway masks, as applicants raise privacy concerns’ Hong Kong Free Press (Hong Kong, 7 May 2020) <https://hongkongfp.com/2020/05/07/coronavirus-hong-kong-govt-reveals-producers-of-giveaway-masks-as-applicants-raise-privacy-concerns/>
  6. Bryan Cave Leighton Paisner, ‘Part 2 of 6 – Amendments to Hong Kong Data Protection Law Regarding Data Retention Policy: requirement for a clearly stated retention period’ (bclplaw.com, 28 September 2020) <https://www.bclplaw.com/en-GB/insights/amendments-to-hong-kong-data-protection-law-regarding-data-retention-policy-requirement-for-a-clearly-stated-retention-period.html>
  7.  Hong Kong Ordinances, CAP 486 Personal Data (Privacy) Ordinance sch 1, s 5(a)
  8.  The Government of the Hong Kong Special Administrative Region, ‘Privacy Policy Statement’ (qmask.gov.hk, 27 January 2021) <https://www.qmask.gov.hk/en/privacy>
  9.  The Government of the Hong Kong Special Administrative Region, ‘LCQ15: The reusable CuMask+™ (20 May 2020) https://www.itb.gov.hk/en/legislative_council_business/questions/2020/pr_20200520.html
  10.  HKO, CAP 486 PDPO, s 59
  11.  The Government of the Hong Kong Special Administrative Region, ‘Quarantine data secure’ (27 March 2020) <https://www.news.gov.hk/eng/2020/03/20200327/20200327_104909_454.html>
  12. The Government of the Hong Kong Special Administrative Region, ‘Privacy Policy, Terms and Conditions & Personal Information Collection Statement’ (gov.hk, March 2020) <https://eqapp1.hqss.ogcio.gov.hk/shs/www/equar/terms>
  13.  Eamon Barrett, ‘Hong Kong’s new mass COVID testing scheme is free and voluntary- and some citizens are suspicious’ [26 August 2021] Fortune <https://fortune.com/2020/08/26/hong-kong-mass-coronavirus-covid-testing-dna-suspicion/>; Human Rights Watch, ‘China: Minority Region Collects DNA from Millions’ (hrw.org, 13 December 2017)<https://www.hrw.org/news/2017/12/13/china-minority-region-collects-dna-millions>
  14.  Kelly Ho, ‘Coronavirus: Universal testing to begin on Sept 1 as Hong Kong’s Lam rejects ‘conspiracy theories’ Hong Kong Free Press (Hong Kong, 21 August 2020) <https://hongkongfp.com/2020/08/21/coronavirus-universal-testing-to-begin-on-sept-1-as-hong-kongs-lam-rejects-conspiracy-theories/>; The Government of the Hong Kong Special Administrative Region, ‘Universal Community Testing Programme to be launched on September 1’ (21 August 2020) <https://www.info.gov.hk/gia/general/202008/21/P2020082100711.htm>
  15.  Rafael A. F. Zanatta and Mariana Marques Rielli, ‘“Please do not share”: Brazilian Supreme Federal Court rules in favor of privacy’ (accessnow.org, 14 May 2020) <https://www.accessnow.org/brazilian-supreme-federal-court-rules-in-favor-of-privacy/>
  16. Ken Silva, ‘Brazilian court declares data protection fundamental right in landmark decision’ (globaldatareview.com, 11 May 2020) <https://globaldatareview.com/coronavirus/brazilian-court-declares-data-protection-fundamental-right-in-landmark-decision>
  17.  Laura Schertel Mendes and Clara Iglesias Keller, ‘A new milestone for data protection in Brazil’ [13 May 2020] Internet Policy Review <https://policyreview.info/articles/news/new-milestone-data-protection-brazil/1471>
  18.  Jamie Davies, ‘Dutch watchdog warns against data sharing to combat COVID-19’ (telecoms.com, 3 July 2020) <https://telecoms.com/505348/dutch-watchdog-warns-against-data-sharing-to-combat-COVID-19/>
  19.  Dan Williams and Ari Rabinovitch, ‘Israel suspends cellphone-tracking for coronavirus quarantine enforcement’ (Reuters, 22 April 2020) <https://www.reuters.com/article/us-health-coronavirus-israel-police/israel-suspends-cellphone-tracking-for-coronavirus-quarantine-enforcement-idUSKCN2242JJ>
  20.  Maayan Lubell, ‘Israeli Supreme Court bans unlimited COVID-19 mobile phone tracking’ (Reuters, 1 March 2021) <https://www.reuters.com/article/us-health-coronavirus-israel-surveillanc-idUSKCN2AT279> and Daniel Estrin, ‘Israel’s Supreme Court Ends Spy Agency Cellphone Tracking Of COVID-19 Infections’ (National Public Radio, 1 March 2021)<https://www.npr.org/sections/coronavirus-live-updates/2021/03/01/972560038/israels-supreme-court-ends-spy-agency-cellphone-tracking-of-COVID-19-infections>
  21.  Kevin Shepherdson and Lyn Boxall, ‘Review of Singapore’s Tracing App’ (Straits Interactive and DPEX, 2020) <https://www.dpexnetwork.org/research/review-of-singapores-tracetogether-app/>
  22.  Aaron Tan, ‘Singapore’s contact-tracing app tops privacy study’ (Computer Weekly, 29 May 2020) <https://www.computerweekly.com/news/252483857/Singapores-contact-tracing-app-tops-privacy-study>
  23. https://bluetrace.io
  24. https://www.tech.gov.sg/media/technews/six-things-about-opentrace
  25. https://www.pdpc.gov.sg/overview-of-pdpa/the-legislation/personal-data-protection-act/data-protection-obligations
  26. https://www.channelnewsasia.com/singapore/singapore-police-force-can-obtain-tracetogether-data-COVID-19-384316
  27. https://www.scmp.com/week-asia/health-environment/article/3116541/coronavirus-tracetogether-data-used-murder-case
  28. https://www.straitstimes.com/singapore/askst-how-new-token-and-app-will-address-privacy-concerns
  29. https://www.straitstimes.com/singapore/politics/police-can-access-tracetogether-data-only-through-person-involved-in-criminal
  30. https://www.straitstimes.com/singapore/politics/police-can-access-tracetogether-data-only-through-person-involved-in-criminal
  31. https://www.smartnation.gov.sg/whats-new/press-releases/amendments-in-COVID-19-temporary-measures-act–on-the-use-of-personal-digital-contact-tracing-data
  32. https://www.leavehomesafe.gov.hk/_files/docs/PIA_Report.pdf
  33. https://www.hklii.hk/eng/hk/legis/ord/486/s58.html
  34. https://www.hklii.hk/eng/hk/legis/ord/486/sch1.html
  35. https://www.facebook.com/107960543895999/posts/468722054486511/?d=n
  36. https://www.leavehomesafe.gov.hk/en/terms-and-conditions/
  37. https://www.dataguidance.com/opinion/hong-kong-data-privacy-issues-relating-COVID-19
  38. https://www.pcpd.org.hk/english/news_events/media_statements/files/compendium.pdf
  39. https://www.legislation.gov.au/Details/C2020C00168
  40. https://iclg.com/briefing/11435-bulgaria-tracking-mobile-devices-and-data-protection-where-do-we-draw-the-line
  41. European Court of Human Rights, “Convention for the Protection of Human Rights and Fundamental Freedoms .” (Convention for the Protection of Human Rights and Fundamental Freedoms) <https://www.echr.coe.int/Documents/Convention_ENG.pdf> accessed August 10, 2021
  42.  Office of the High Commissioner (EMERGENCY MEASURES AND COVID-19: GUIDANCEApril 27, 2020) <https://www.ohchr.org/Documents/Events/EmergencyMeasures_COVID19.pdf>
  43. Elliot L (Emergency Authority and Immunity Toolkit2012) <https://astho.org/Programs/Preparedness/Public-Health-Emergency-Law/Emergency-Authority-and-Immunity-Toolkit/Emergency-Declarations-and-Authorities-Fact-Sheet/>
  44. Newey S, Gulland A and Smith N, “Plague and Protests: How Covid Has Sparked a Wave of Unrest around the World” (The TelegraphJuly 25, 2021) <https://www.telegraph.co.uk/global-health/terror-and-security/plague-protests-pandemic-has-sparked-wave-unrest-around-world/> accessed August 19, 2021
  45.  Human Rights Watch (COVID-19 triggers wave of free speech abuseMarch 29, 2021) <https://www.hrw.org/news/2021/02/11/COVID-19-triggers-wave-free-speech-abuse>
  46.  Human Rights Watch (Uganda: Authorities Weaponise COVID-19 for repressionJanuary 18, 2021) <https://www.hrw.org/news/2020/11/20/uganda-authorities-weaponize-COVID-19-repression> accessed August 8, 2021
  47.  Amnesty International, “Everything You Need to Know about Human Rights in Uganda 2020” (Uganda 20202020) <https://www.amnesty.org/en/location/africa/east-africa-the-horn-and-great-lakes/uganda/report-uganda/> accessed August 14, 2021