back to article Vint Cerf suggests GDPR could hurt coronavirus vaccine development

TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for Indian outlet Medianama titled “Internet Lessons from COVID19”, Cerf – a Google …

  1. Anonymous Coward
    Anonymous Coward

    IMHO GDPR was to prevent malicious use of personal data.

    Its time to understand the difference between the letter of the law and the spirit of the law isn't it?

    1. BebopWeBop Silver badge
      Joke

      дух желает, но плоть слаба

      The vodka is strong but the meat is rotten

      with apologies for an early attempt at rule based machine translation.

    2. John Robson Silver badge

      Secondary researchers don’t need to identify an individual - if they do then they can go back to the primary researcher, the individual can be told that a secondary researcher wants to contact them and given contact details...

    3. Warm Braw Silver badge

      GDPR is there to prevent your data being used without your consent.

      It isn't hard to get consent, to use the data only for the purposes stated and to delete it when it's no longer required for those purposes.

      It's particularly important to get consent in exceptional circumstances, such as the present, because the last thing you need is people refusing to cooperate or deliberately sabotaging your otherwise worthwhile project.

      Vint began his war on privacy long before coronavirus came along. It's just a convenient excuse to rekindle it.

      1. Mike 137 Silver badge

        "GDPR is there to prevent your data being used without your consent"

        Actually that's not the case. Consent is only one of the lawful bases for processing.

        And it won't hinder vaccine development. There's a specific provision - Article 9.2(i) - that permits the (otherwise prohibited) processing of the "sensitive" categories "[...] for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health [...]".

        The GDPR is not a barrier to any legitimate processing by any organisation provided its requirements (intended to respect the human rights of data subjects) are fulfilled.

        It's about time someone actually read the GDPR before pronouncing on it, particularly where the person pronouncing is high profile and likely to be taken as an authority..

        1. EnviableOne Silver badge

          Re: "GDPR is there to prevent your data being used without your consent"

          GDPR is not the problem, its being used as an excuse

        2. Robert Carnegie Silver badge

          Re: "GDPR is there to prevent your data being used without your consent"

          If the government allows itself to know everything about everyone, there are ways to apply the information for things like infection control. That doesn't mean that it'll get done. And what else will?

          I have in mind thought experiments about how to capture and misuse data, and in the case of coronavirus tracking I can see it being used to do something about homosexuals. And organized labor as well, if everybody's phone is going to record where they go and who they meet, but to identify homosexuals, you're usually looking for about two phones of the same sex alone in an isolated place, and stationary. Or, since many phones have movement sensors, they may be jiggling around in a distinctive way. Once the government has identified the homosexuals, they can intervene themselves or else pass it to church groups to take the necessary action and inform the next of kin. The same technology also can deal with other unnatural performances, with miscegenation, and with the race problem in general. And church attendance, of course.

          So let's just stick with wearing rubber masks for now. When we still have a choice.

        3. CrazyOldCatMan Silver badge

          Re: "GDPR is there to prevent your data being used without your consent"

          It's about time someone actually read the GDPR before pronouncing on it

          Indeed. But it didn't suit Cerfs paymasters to do that. It's sad, but he's pretty much living proof that have done some good tech things in the past doesn't mean that everyone has to listen to him with an uncritical mind.

    4. Pascal Monett Silver badge

      The USA has been doing that for two hundred years and look where that's got them.

      It's the spirit of the law that should count, not the letter, but you just can't write something that cannot be interpreted in a manner that was not intended. Courts should be there to keep things in the spirit of the law, but they have been undermined by decades of reinterpretations of script.

      Unless you have a robust corps of judges who are well versed in the spirit of the law and hell-bent on refusing alternate interpretations, your legal system will break down.

      And, on top of those issues, you have the lawmakers who can very well make laws for their own interest or financially-interested parties, instead of making laws that ensure that actual, living, breathing humans* have a chance at a decent living.

      * I wrote people first, then realized that, in the USA, corporations have the same rights, so I had to correct that

      1. Doctor Syntax Silver badge

        The difficulty with framing legislation is that it's not possible to anticipate all situations, especially when the situations include technology or changes in society that couldn't even be visualised at the time. That's why the UK and US legal systems rely on judges interpreting the law as it applies to the case before them. From time to time legislation can catch up to take advantage of what was learned applying the previous law and adapting to changes in the environment in which it has to work. Without that element legislation would be too inflexible.

      2. Drew Scriver Bronze badge

        That's one of the main differences between western Europe and the USA - or at least between conservatives and liberals.

        Broadly speaking, conservative judges tend to apply the law the way it was written by the (representative) legislature while liberal judges tend to rule based on how they believe the law should have been written.

        That is not to say that conservative judges agree with all laws, it's just that they tend to leave it to the legislature to change the laws rather than changing them on their own.

        1. John H Woods Silver badge

          conservatives and liberals ...

          ... that's an interesting proposition, got a citation?

          1. Claptrap314 Silver badge

            Re: conservatives and liberals ...

            See: the last one hundred years of American case law.

            1. Drew Scriver Bronze badge

              Re: conservatives and liberals ...

              Add to that confirmation hearings. In general (again) you will hear the more liberal senators asking the candidate what they think about a specific issue while the conservatives tend to focus on whether the candidate would apply the law, whether they approve of the law or not.

              I think it was Justice Thomas who said that he doesn't need the parade of people who might be disenfranchised if the Court ruled a certain way. His take is whether a specific issue is constitutional or not. It's up to the states to change the Constitution if that's desired.

              You see it in the lower courts as well. There have been rulings that referred to the defendant's own sense of right and wrong and concluded that a lesser sentence was warranted because the perpetrator did not deem his own actions to be all that objectionable. In addition, at times more liberal courts will conclude that a specific act, while considered egregious under local law, is not considered objectionable in the defendant's own culture or country of origin.

              1. Claptrap314 Silver badge

                Re: conservatives and liberals ...

                I had a (conservative) lawyer friend of my explain that a crime involves a criminal act and a criminal mind. So the state of mind of the defended at the time of the alleged crime really does matter.

                Consider, for instance, that many statutes include phrases like "willing and knowingly..." In the case of murder, we distinguish premeditated from heat-of-the-moment from accidental killings

            2. This post has been deleted by its author

        2. Ken Hagan Gold badge

          I don't dispute the existence of two schools of thought, but I don't agree that "conservative" and "liberal" are the appropriate labels. Those two words have too many political connotations and I don't think the split in legal interpretation aligns with political leanings.

          The opening paragraph of https://en.wikipedia.org/wiki/Plain_meaning_rule touches on this concept and links to notions like "literal rule", "textualism" and "originalism".

          1. Intractable Potsherd Silver badge

            I was taught at law school that "Black Letter Law" is an abomination and denies the need for judges. The statute should point the direction, but not define the route taken nor the specific end point. I used to agree with that, but I now think that it misses a key point - the statute needs to be clear about the direction. The current state of statute writing is so shit that judges need to be far more disciplined in their interpretations.

            1. Claptrap314 Silver badge

              This is the point. If "Black Letter Law" is an abomination, then what is the need for legislators? And how can a man know that his actions are legal?

              Oh, I know: hire enough expensive lawyers.

              It's that professor who is advocating abominations.

      3. oiseau Silver badge
        FAIL

        .

        ... then realized that, in the USA, corporations have the same rights ...

        Indeed ...

        That specific issue has been nothing short of the beginning of the end of representative government in what is left of the free world.

        That the rights of corporation end up being more worthy of consideration than the rights of individuals or even of a duly elected government (as the SCOTUS has proven many times over with its rulings) will prove to be the downfall of whatever good is left of western society as we know it.

        O.

        1. Claptrap314 Silver badge

          A corporation is a group of people united by contract and recognized by the State as a separate entity. This entity can engage in further contracts, and we want those contracts to be enforced by the courts. In American jurisprudence, that means that they are "persons" under the law, as only legal persons appear before the courts. (If a dog attacks you and you get hurt, you cannot sue the dog, only the owner.)

          There has been some back and forth as to which rights of the individual can survive incorporation. We has a strange situation for several decades where some corporations (labor unions, political parties) could incorporate the right of advocating politically, but not others. (This statute was created by a miffed politician after he faced more money in a campaign than he had expected.)

          The Citizen's United case affirmed that political advocacy was a generally incorporatable right.

          1. Anonymous Coward
            Anonymous Coward

            @Claptrap314

            It seems the natural conclusion is that corporations should have the right to vote and be elected. Sad!

            1. Claptrap314 Silver badge

              Re: @Claptrap314

              I assume you are talking about elections for political office. That right is not incorporatable. We don't allow proxies there--votes are for natural persons in their own capacity only.

    5. Roml0k

      > IMHO GDPR was to prevent malicious use of personal data.

      Who decides what counts as "malicious" use of personal data? The EU? The government? The courts? Google? Facebook?

      The GDPR goes some way to putting that decision in the hands of the individual whose data is being used.

      1. Pete B

        "Who decides what counts as "malicious" use of personal data? The EU? The government? The courts? Google? Facebook?"

        The owner of the data gets to decide.

        1. Version 1.0 Silver badge
          Meh

          RE: The owner of the data gets to decide.

          Nice try, but in the world today the company using the data get to decide what counts as "malicious" use - remember "Don't be evil"? The GDPR has not been effective, it's just something that corporate lawyers work around... "That's not your data sir, it's our data, we collected it."

          I suggest that we make it OK for everyone to share their personal data but immediately close down and jail any individual, company, organization, or political party that uses personal information in a way that any court decides was not intended by the person making the information available.

          This would put the the legal devil on the backs of everyone processing the data.

    6. Charlie Clark Silver badge
      Stop

      IMHO GDPR was to prevent malicious use of personal data.

      Then you should freshen up on the law. Any use of personally identifiable data, apart from a few statutory exceptions, requires the explicit consent of the person involved. Malicious is open to interpretation which is why it's not mentioned in the law.

      1. Anonymous Coward
        Anonymous Coward

        Ah, the delicious irony of telling someone to freshen up on the law when they themselves don't have a fucking clue what they are talking about.

        a) consent

        b) contract

        c) legal obligation

        d) vital interests

        e) public task

        f) legitimate interests

        These other 5 are not "a few statutory exceptions"

        1. Charlie Clark Silver badge

          And "malicious"?

    7. bombastic bob Silver badge
      Meh

      "Its time to understand the difference between the letter of the law and the spirit of the law isn't it?"

      I have a novel suggestion: ASK the person that owns the data if it can be used, in writing, and THEN ensure proper privacy protection as much as possible.

      Then you comply with GDPR [as I understand it], and are STILL able to do whatever research you need with the data.

      Yeah, treating the owners of the data as PEOPLE instead of STATISTICS - what a novel concept!

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Piper paying

    Vint Cerf works for Google. Google does not like GDPR.

    1. Charlie Clark Silver badge

      Re: Piper paying

      Yes, but what he says seems to imply that the EU's GDPR isn't a problem but that other legislation inspired by or derived from it may have unintended consequences. For instance, the German phone networks have been providing anonymised phone location data to the Robert Koch Institute to help their modelling for months now and this is okay within the bounds of GDPR, but this might not be possible in other countries.

      Elsewhere it should be noted that Google and the other titans have been lobbying intensely to get hold of patient data. This is, in my opinion, an accident waiting to happen as.

      As for off-premise commerce: it's been happening for decades with things like catalogues. Just took a bit longer to happen. And we could have had video conferences since the 1970s except that no one thought they were worth the price. Even now, where they are nearly free, it's hard to argue that the video part really adds much.

      1. Drew Scriver Bronze badge

        Never let a crisis go to waste

        His statement is a bit nebulous, but I think he is referring to other countries (read: USA) that are in the process of initiating their own versions of the GDPR.

        The more such new laws resemble the GDPR the greater his concern (for Google's bottom line).

        California has a weaker version of the GDPR and the last thing Google wants is something stronger - especially at the federal level.

        I hear echos of Saul Alinsky when he says that privacy laws are going to end up killing people. "Never let a crisis go to waste."

      2. ThatOne Silver badge
        Devil

        Re: Piper paying

        > what he says seems to imply that the EU's GDPR isn't a problem but that other legislation inspired by or derived from it may have unintended consequences

        EU's GDPR isn't something they can fight anymore, but they can always try to prevent the disease from spreading to the rest of the herd. This starts by accusing GDPR of anything and everything: GDPR's secret agenda is to starve the honest god-fearing citizens (like *you*) (and take your guns away!), GDPR caused Covid-19, it's the reason of all those hurricanes, tornadoes and the great drought, and most of all it's trying to turn our children gay. Did I forget something?...

        As a Google propagandist, Cerf is just producing the sound bite he's paid for. Covid-19 is very handy for this, as it affects everybody and you can claim anything around it.

  4. Blazde
    Trollface

    GDPR 'an onerous chore' says distinguished tech website The Register

    Irresistible quote for someone

    1. Richard 12 Silver badge
      Facepalm

      Re: GDPR 'an onerous chore' says distinguished tech website The Register

      Passing a driving test is an onerous chore.

      Washing your hands before preparing food is an onerous chore.

      Treating a patient or taking them to the toilet and cleaning their bum is an onerous chore.

      We do all those things because they are necessary, not because they are easy.

      1. CrazyOldCatMan Silver badge

        Re: GDPR 'an onerous chore' says distinguished tech website The Register

        Washing your hands before preparing food is an onerous chore

        And trying to explain technological reality to a senior manager is also an onerous chore..

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Vint Cerf suggests GDPR could hurt coronavirus vaccine development

    plain English: I could "lose" so much money! Can we call Boris and DO SOMETHING?!

  7. ComputerSays_noAbsolutelyNo

    Run-away techies pipe dreams meet problem-o-phile reasoning

    * With wearables we could collect the health data of millions of individuals

    * With these data, we can do research

    * With this reseach we could cure <insert the latest medical problem that's really en vogue>

    * But, wait, the GDPR prevents us from collecting the data in the first place, ohh the humanity!

    * GDPR prolongues <insert the latest medical problem that's really en vogue>

    --> never mind the handwaving involved in point 3

    And there you have it, the techies cry foul, the media report, an nobody is ever the wiser.

    Techies should stick to tech, law people to law; it doesn't bring any good, if suddenly techies decide laws do not apply to them.

    1. big_D Silver badge

      Re: Run-away techies pipe dreams meet problem-o-phile reasoning

      Robert Koch Institute, in Germany, has an app to collect health data from smart watches to help with diagnosing Corona. The app stays within GDPR, because it has a privacy statement and is opt-in.

      The data is anonymised and is used to help them detect early signs of COVID-19.

      GDPR gets blamed for making things impossible, when it only makes people actually have to think about what they are doing and to get the correct permissions and to ensure the data is handled accordingly.

    2. autisticatheist
      Facepalm

      Re: Run-away techies pipe dreams meet problem-o-phile reasoning

      "Techies should stick to tech, law people to law"

      That's how you get messes like the GDPR.

      What you need is to _properly_ educate law people about tech.

      1. big_D Silver badge

        Re: Run-away techies pipe dreams meet problem-o-phile reasoning

        And properly educate tech people about the law, it goes both ways.

        1. John Robson Silver badge

          Re: Run-away techies pipe dreams meet problem-o-phile reasoning

          "And properly educate tech people about the law, it goes both ways."

          Yes, but most techies will admit that they don't know the intricacies of the law, whereas most lawyers/politicians won't admit to being ignorant about anything other than the bar and hotel bill under the name of that lovely young person over there. They'll demonstrate ignorance on all sorts of topics, that's different.

          1. Anonymous Coward
            Anonymous Coward

            Re: Run-away techies pipe dreams meet problem-o-phile reasoning

            You've never witnessed a discussions between techies about licenses, then. Because that's really a place they demonstrate their ignorance, while not admitting anything of the sort.

            I spend enough time on IRC channels with techies working at Google, RH, and other famous places to see how in general, they have strongly held opinions on plenty of topics which they don't quite understand.

            Admitting ignorance is not something they do any better than the lawyers or politicians you appear to despise. Without knowing much about them either, it sounds like.

      2. Charlie Clark Silver badge

        Re: Run-away techies pipe dreams meet problem-o-phile reasoning

        That's how you get messes like the GDPR.

        GDPR isn't a mess. It is largely an update of existing laws with new sanctions. You want some examples of sloppy laws where tech had an input? DMCA, Safe Harbour.

  8. This post has been deleted by a moderator

  9. Pascal Monett Silver badge

    I note that,

    of all the things Cerf has taken note of, lambasting ISPs for immoral interpretation of the word "unlimited", specifically not making any efforts to improve bandwidth and coverage, and doing their damnedest to ensure that their contracts are as nebulous and incomprehensible as possible while maximizing their profits is nowhere in the list of things that His Cerfness deems an issue.

    Obviously, demanding government handouts is the way to go when you've sold out.

  10. Jamie Jones Silver badge

    Other ways the world would be safer....

    1) Locking people up at night.

    2) Restricting the top speed of cars to 20mph.

    3) Banning activities such as surfing, sailing, swimming, climbing, travelling abroad.

    4) Forcing everyone to have implanted ID chips, capable of letting authorities know where everyone is at any time.

    etc.

    1. seven of five Silver badge

      Re: Other ways the world would be safer....

      Sounds great, but wouldn't someone please think of the children?

      5) Sequencing every citiziens genes and having the government (maybe through a public-private partnership so it is free of charge) select the optimal partner so there are no more disadvantaged birtths is the only way to go!

      1. Jamie Jones Silver badge
        Facepalm

        Re: Other ways the world would be safer....

        I can't believe I forgot about the children! Sigh, I must be a pædo apologist!

    2. Charlie Clark Silver badge

      Re: Other ways the world would be safer....

      1) Locking people up at night.

      Except that most acccidents happen in the home… Shoot everyone now and that will put a stop to that, and infections!

      1. Chris G Silver badge

        Re: Other ways the world would be safer....

        Perhaps it is time to build the Matrix for real, it can power google who in turn can give you a full and safe virtual life.

      2. Ken Hagan Gold badge
        Joke

        Re: Other ways the world would be safer....

        It's not just accidents. I'm pretty sure most sex crimes and violents assaults happen at home, too. Also, most such crimes are commited by heterosexuals. So ...

        Force everyone to live in communes.

        Take egg and sperm samples from all teenagers and then zap them.

        Only breed from those samples after the donors have died and can be proven to have lived decent lives.

        Icon: Because you never know who might be reading this...

  11. devTrail Bronze badge

    Useless

    The importance of a coronavirus vaccine is equal to the importance of any other flu vaccine. Never forget that the mortality has been overrated for other purposes.

    1. Anonymous Coward
      Anonymous Coward

      Re: Useless

      Seriously? How many medical staff die from treating people for the fucking flu? Try speaking to people in hospitals who are literally dying to help fuckwits like you stay alive.

      1. devTrail Bronze badge

        Re: Useless

        The usual story of heroism to rally support for the cause. Te usual attacks to the person who wrote the post. Usual boring propaganda.

      2. Charlie Clark Silver badge

        Re: Useless

        People regularly do die in droves of the flu. Furthermore, considering how quickly it mutates, is difficult to develop lasting immunity against. This is why it is highly recommended that all medical staff have a full and up to date complement of vaccinations: even if it doesn't kill them, it makes them less likely to pass it on to others.

        Covid-19 is a serious illness and in many cases fatal but the media frenzy has served to take people's attention from other equally serious illneses. Referrals for serious illnesses to hospitals are significantly down in many countries as a result of people being more scared of Covid-19 than anything else.

    2. Charlie Clark Silver badge

      Re: Useless

      The importance of a coronavirus vaccine is equal to the importance of any other flu vaccine.

      I agree with this.

      Never forget that the mortality has been overrated for other purposes.

      While there has been some overstatement, particularly in Italy in the early days, there has also been some understatement, particularly in care homes before mass testing became available. With so many patients having other conditions it's also difficult to call in some cases. But, never suspect a conspiracy when incompentence will do.

    3. Adrian Midgley 1

      Re: Useless

      It isn't (another) flu.

      And balls.

  12. Stuart Castle Silver badge

    His opinion, or his employer's?

    Re :"Variations of the European Union’s General Data Protection Regulation (GDPR) are propagating around the world with good intent although implementation has shown some unintended consequences, not least of which may be the ability to share health information that would assist in finding a vaccine against SARS-COV-2."

    Now, as I understand it, GDPR allows you to collect personal data for a given purpose, as long as the data subject has opted in. This wouldn't be a problem for Covid apps, because by submitting data, you could be considered to be opting in.

    GDPR also requires that the data only be kept for a reasonable length of time, and deleted when that time expires. Not sure GDPR specifies lengths of time, but you aren't allowed to keep the data for years after it is useful.

    Neither, as far as I can see, would affect vaccine research.

    Not sure if GDPR allows personal data to be transferred elsewhere without express consent, but surely they would only need to transfer anonymised data anyway, in which case, GDPR would likely not apply.

    Health data would be good for advertising though.

    1. Roland6 Silver badge

      Re: His opinion, or his employer's?

      >Not sure GDPR specifies lengths of time, but you aren't allowed to keep the data for years after it is useful.

      Well given the extent to which modern medical research uses historic (personally identifiable) medical records, it would be relatively easy to justify the "useful" retention life of CoVid19 data to be at least 100 years.

      >Not sure if GDPR allows personal data to be transferred elsewhere without express consent

      You get express consent to permit you to "share data with selected third parties".

  13. Danny 2 Silver badge

    I don't have it!

    My mum is okay, but I've kept her hospital wristband. Slightly curious about the CHI and UHPI numbers and barcodes on it.

    She was sent into an isolation room there overnight because someone at a health centre thought she had a bit of a temperature. She did not. Calibrate those meters!

    She went in with COPD and could've came out with Covid. She wasn't worried because, "I don't have it!", and I said, aye, not yet. She forbade me from making her laugh.

    They were going to make her walk alone from the health centre to the hospital, a death march at her age. And she claps for carers - I'll be giving a slow clap now.

    I love the NHS but Germany, the Netherlands, France, Finland have better health care today. This is getting worse, not better.

    Even damnation is poisoned by rainbows.

    1. Anonymous Coward
      Anonymous Coward

      Re: I don't have it!

      CHI is the Scottish national health identifier, the equivalent of an NHS Number in England (and exists in the same namespace).

      The barcodes contain this number, and possibly (I can't recall) a few other bits of info so they can easily be scanned to ensure this is the patient the medic is expecting.

      UHPI, I'm not sure about.

      1. Danny 2 Silver badge

        Re: I don't have it!

        Ta. Sorry, thanks, you might be English.

        Unique Hospital Patient Number.

        I'm guessing Identifier.

  14. Claverhouse Silver badge
    Angel

    I dunno if one of the Founders of the Wheel has any input as to how wheels are used since.

    1. Alister Silver badge

      At least he knew what colour it should be...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020