Skip Navigation

A Guide to Open Government and the Coronavirus: Privacy Protections

Guía de gobierno abierto y coronavirus: Protección a la privacidad

Guide pour un gouvernement ouvert et le Coronavirus: Protection de la vie privée

Open Response Teal

Recommendations | Examples | Resources | Partners | Back to Main

Governments are collecting unprecedented amounts of personal data to support vital public health efforts, such as tracking COVID-19 transmission and enforcing quarantine. In particular, governments and corporations are collecting and processing citizens’ health and geolocation data on a massive scale.

Given this context, it is more important than ever that governments place transparency and accountability at the center of privacy protection efforts to ensure that citizens’ right to privacy is not eroded under these exceptional measures.


Recommendations below are drawn from Access Now, Freedom House, and Paris 21.

Open Response:

Open response measures place transparency, accountability, and participation at the center of immediate government efforts to curb contagion and provide emergency assistance.

Data Collection, Use, and Privacy

  • Legality: Data collected should be grounded in existing law. Laws should cover a broad range of actions (processing, collecting, selling, sharing); actors (public and private); and explicitly state excluded categories of data.
  • Transparent terms of service: The policies, intention and public-private contracts surrounding data collection, processing, and disposal as well as data subjects’ legal rights should be publically available.
  • Scope of data collection and processing: Only collect and store data necessary to respond to the crisis and only share it through secure means with those who are integral to the response.
  • Anonymized and secure data: Do not reveal patients’ personal information when reporting virus infections and statistics on person-level data such as age, gender, and race and ethnicity. Under no circumstance should health data be sold or transferred to third parties who are not working in the public interest.
  • Public processing register: Create a publicly available register of algorithmic processing, covering private and state actors, that can be read in an open data format.
  • Transparent algorithms: Ensure algorithms’ source code, mandate, testing means (e.g. audits, black box testing, white box testing), and training data are transparent and open.

Governance and Oversight

  • Multi-stakeholder advisory council: Involve experts and civil society in developing and implementing safeguards on data use. Communities that are the most impacted, such as women and racial and ethnic minorities, should be consulted to create specific and effective safeguards.
  • Parliamentary oversight: The legislature should use its authority and be adequately resourced to oversee and provide regular, public monitoring of data protection efforts related to COVID-19.
  • Strategic partnerships: Collaborations should follow open data and procurement standards with reporting requirements for transparency. Data-sharing agreements between states and companies must be based on existing laws.
  • Strong supervision and compliance capacity: Expand data protection officers’ mandate, especially around their knowledge and resources of systems that protect privacy and fairness.
  • Impact assessments and evaluations: Require impact assessments for all COVID-19 related data collection efforts. Ensure assessments, as well as their mandate and enforcement mechanisms, related to the ethics, human rights, and fairness of data processing systems are public.

Open Recovery and Reform

Open recovery measures place transparency, accountability, and participation at the center of medium-term government efforts to rebuild in the wake of COVID-19. Similarly, open reform initiatives ensure that the public is at the heart of government in the post-pandemic world.

  • Clear endpoint: Data collection efforts should have clear and predetermined sunset clauses. Data collected under exceptional circumstances should be deleted or anonymized after the crisis.
  • Supervisory body: Identify a supervisory body with investigatory and enforcement powers regarding privacy abuses. This body should have clearly defined abilities to impose sanctions and remedies, and adequate resources to carry out its duties.
    • Human rights institutions should exercise their authority, and partner with civil society, to monitor and investigate COVID-19 privacy protection efforts.
  • Access to justice: Ensure data subjects’ access to justice is protected in law and that data subjects have access to legal remedies for breaches of privacy.
  • Data quality and governance: Involve government statistical offices in the production, quality management, governance and coordination of data.


The following examples are recent initiatives in response to the COVID-19 pandemic and are drawn from our crowdsourced list as well as partner materials.

  • Ghana: Ghana Statistical Services, Vodafone Ghana, and the Flowminder Foundation are using anonymised mobile phone data to determine whether citizens are complying with quarantine measures on an aggregate level.
  • Mexico: The National Institute for Transparency created a microsite on privacy protection in the context of COVID-19 with information for both data subjects and processors. 
  • Norway: The Norwegian government and nonprofit research institute have released a contact tracing app that only tracks an individuals’ contacts after they’re diagnosed with COVID-19. Data is encrypted, stored on a secure server, and deleted after 30 days. Researchers only have access to anonymized and aggregate data.
  • United States: Researchers shared the genetic information of early US COVID-19 cases on open science platforms Gisaid and Nextstrain, which helped to estimate how long the virus had been in the US.

The following examples are commitments previously made by OGP members that demonstrate elements of the recommendations made above.

  • Australia (2016-2018): Updated government-wide guidance on de-identification processes and publishing sensitive data. Additionally, they amended the Privacy Act to comply with international best practices.
  • Chile (2018-2020): Seeks to harmonize data protection with open data policy through a Draft Law on the Protection of Personal Data and the Open Data Policy of the Government of Chile.
  • Mexico (2019-2021): Convened a multi-stakeholder forum to determine policies for government collection and use of private data.


  • Privacy International maintains a database of government responses related to privacy and surveillance.
  • Access Now has written a report on recommendations for privacy and data protection in the pandemic as well as recommendations specific to contact tracing apps.
  • Specific to the EU, GDPRhub offers advice on how to comply with data protection under the GDPR in the context of a COVID-19 response.
  • The Center for Global Development also has a useful article with further recommendations and resources.

Partners who can
provide further support and information

Thank you to our partners at the Web Foundation, Access Now, and CIVICUS for sharing recommendations and reviewing this module.


Comments (4)

Martin Moreci Gomes Doninelli Reply

Após 13 meses do artigo acima oferecido pela OGP, meu parecer é o que segue:
No Brasil bem como em outros países, não houve algoritmos estruturados ao combate do covid-19, o que fizeram foi “a espera de um milagre” e em quanto este milagre não acontecia Humanos estão perdem a Vida de várias maneiras e todas por falta de Governança. Multimilhõe$ de dólares/reais são desviados dos cofres Públicos, diria Eu, o maior assalto aos cofres de Estados de vários países, como sendo o maior desvio de dinheiro público e o maior desvio de finalidade de Governos de toda história da Humanidade. Governos sem propósitos e Rumos de uma Civilização. Despreparados…

Martin Moreci Gomes Doninelli Reply

Mesmo mostrando experiências de países que tiveram no inicio da Covid-19 situações tristes em suas Nações, outros Países que ainda não haviam sido contaminados não tiveram proatividade em antecipações em estruturar suas Nações e podendo usar a tecnologia como ferramenta, unindo pessoas em suas correlações com politicas de Estado e fazendo uns para com os outros usarem de seu intrínseco Humano um espirito fraterno e sem discriminações, mostrando que a Dignidade é elevada na consciência de seres evoluídos e assim a Razão estando acima de uma bandeira de Direita ou de Esquerda , onde estas formas partidárias de manipular politicas são sujas e inconsequentes colocam “emoção” onde deveriam ter racionalidade numa humanização real e verdadeira.
A “ONU” como Nações Unidas foi a base destas proatividades ao combate a Pandemia, porém, muitos Governos desrespeitaram o que deveriam ter se engajado, sendo que a “ONU” (OMS) convocou todas as Nações e Unidas a combaterem esta Pandemia, o que houve de não terem respeitado esta convocação ? Que tipo de crime é cometido por Governos que não respeitam seus tratados ? Qual a responsabilização de Lideres e Autoridades junto ao Tribunal Internacional de justiça sendo este Tribunal um dos Corpos desta “ONU” a responsabilizar quem afronta Nações Unidas e coloca em risco a Humanidade ?

Martin Moreci Gomes Doninelli Reply

Ao mesmo tempo que faltava recursos financeiros para manter a Vida ou oportunizar uma Dignidade a esta Vida, sobrava Financiamentos financeiros de Bancos e outros investidores na aplicação destes recursos na compra de ativos de Estados, fazendo este mesmo Estado descapitalizar-se a médio prazo e assim sendo incapaz de manter a sua própria integridade , matando assim aqueles que necessitam de um Estado Saudável, íntegro e Responsivo pela Vida como um todo. O Brasil não conseguiu fazer a estatística de sua população (IBGE) ou seja, como que um Governo vai combater as diferenças de uma Nação se não quer avaliar sua própria Nação ? O pior que teve apoio do Judiciário a não fazer este levantamento de dados.

Martin Moreci Gomes Doninelli Reply

Enquanto Governos não souberem onde estão seus cidadãos, o que fazem e como vivem, é de dizer que não são Governos , são impostores… A Governança deve ter em seu favor um Estado Integro com Servidores Públicos capacitados a entender que representam o Estado como gerador da Vida de sua Nação. Enquanto alguns servidores públicos estiverem como “donos” do estado e atuando a interesses pessoais e de um capital sujo, a corrupção desviará Rumos de toda Humanidade.

Leave a Reply

Your email address will not be published. Required fields are marked *

Open Government Partnership