Using numbers from outside the body to gain insights into the inside of people has always been the focus of privacy protection debates, but in contrast, the privacy protection debate in the internal world seems to be much weaker in the face of another more fundamental and ongoing innovation.
When organs transmit information, when tissues send signals, when DNA is used for storage… the gradual informatization of the world in the body requires a response to privacy and personal information protection. At this time, how to arrange the right of privacy is related to the integrity and autonomy of the body and life.
According to the order of technological maturity and the number of real-world applications, various innovations in the informatization of the internal world can be roughly divided into the following categories: The first category is medical diagnosis and treatment or human body augmentation equipment implanted in the body. This type of equipment is relatively common and has also caused legal conflicts (for example, whether the information ON a pacemaker can be used for criminal investigation is a case that has just ended); the second type is that it has gradually been commercialized in recent years and can be implanted. Microchips in the body; the third category is biological storage that is still in the laboratory stage but has a broad application space in the future.
The pacemaker case in 2017 is straightforward.
The cause was that the suspect’s house was destroyed by fire. In the face of the police’s criminal investigation of arson and insurance fraud, he claimed: When the fire broke out, he quickly removed the heavy objects in the house, and then jumped out of the window to survive. After obtaining the approval of the court, the police successfully retrieved the heart rate data stored by the pacemaker in the suspect’s body at the time of the fire, and found that it was inconsistent with the suspect’s narrative. The suspect immediately appealed, hoping to rule out evidence based on pacemaker data, but he passed away before he could wait for the verdict.
One of the significance of this case is that the information on the medical equipment in the body may be used for purposes other than medical treatment due to public interest.
In vivo diagnosis and treatment equipment that collects and processes personal information such as pacemakers, smart heart stents, and smart drug delivery systems are also a subset of human body augmentation equipment with a wider range of uses. Human body enhancement not only seeks to heal, but also seeks to go beyond the limit. For example, the exoskeleton helps to load heavy objects; advanced limbs can enable people with disabilities to reach the level of participating in international track and field events; the brain-computer interface made by Willett and other scholars and recently published in “Nature” can match letters in the individual’s brain The imagination is quickly converted into typing letters in reality. Facing the increasingly practical reality of human body augmentation, the IEEE working group has begun to draft related privacy and security standards.
The Microchip implanted in the body has also embarked on the commercialization process and initiated a limited range of trials.
The founder of BioHax publicly declared in 2018: In Sweden alone, about 4,000 people have implanted microchips, and there are also trial users of the same level abroad. By reading the chip, individuals can be accurately identified, verified or tracked. At present, the application scenarios where this technology has been or will be put into practice include: when passengers board the bus, they read the chip to verify their identity; the company’s internal identification and verification for security protection; supermarkets identify customers, etc.
The privacy problem similar to that of pacemakers caused by microchips is that even if the purpose of implanting the information on these chips is quite clear, such information may still cause unexpected troubles for individuals when similar public interest considerations arise. . Furthermore, at the moment when IoT devices can be seen everywhere, is it possible for these information to be matched and integrated, and whether the microchip can be networked and linked with other devices? Options that can be achieved by technology.
Clemson University professor Jordan Frith summarized on the basis of system research on microchips:
“On the road to the Internet of Things (people), we are at a fork in the road.”
Biological storage is the furthest away from practicality, and the impact on the existing privacy and information protection system may be the most severe. The biological storage here includes at least two types of technologies that have been implemented in the laboratory-the first type is a hard disk made of silk and other materials that has recently been implemented by scholars such as Tao Hu. In short, equipment that stores information is expected to be safely implanted in the human body. The second category is DNA storage with a longer research history: After successfully achieving access to specific information on DNA molecules, at least in theory, the human body has considerable information storage potential.
Why is the impact here probably the most severe? Although academic research often mentions “cyborg” and “digital twins”, there is usually a clear distinction between the part of the body and the part of the information world when the rights of individuals are actually arranged by the system.
As a result, it is not a pleasant thing for individuals to discover that information devices in their bodies can be used in unexpected ways by the outside world; for society, it is hoped that the legal order of the information age will be established, and all types of information flow are The expectation of “Fa Ke Yi” also temporarily stops on the surface of the human body.
An answer is needed to how much information in the body world should be protected.
01. The privacy of the world in the body
Does the internal world fall within the scope of privacy and personal information protection? If so, where and how much is the scope and degree of protection, discussions on these issues still need to be based on the law. Privacy strictly protected by law: Unless the law provides otherwise or the individual expressly agrees, the right to privacy cannot be infringed. Regarding what is privacy, the “Civil Code” defines: “a natural person’s private life is peaceful and private spaces, private activities, and private information that are unwilling to be known to others.”
Therefore, the next question is how to interpret private space, private activities, and private information in the in vivo world information era.
Is the body a private space? It’s hard to say “no”.
Generally speaking, we resist others from invading the body, and we also expect the body to be a private space. This is why the detection of invading anal swabs has become a controversial topic. From a broader perspective, before the 19th century, the understanding of the right to privacy was more of “home is the castle”; in the 20th century, starting from “the womb is also the castle of the individual”, the privacy of the internal space is sex and fertility. An important basis for autonomy. In addition, unless the law provides otherwise, the boundary of privacy depends on the individual’s explicit consent; physical autonomy is one of the cornerstones of the development of the concept of “consent” in modern times.
Of course, in practice, there may be very subtle questions about who is located inside the “private space”. The pacemaker, the chip and the silk hard disk itself are of course located in the internal space in the physical sense; however, there are different views on whether the information collected, processed, and provided to the outside is also located in the internal space.
Especially when the corresponding in-vivo devices are connected to the outside world, it is reasonable to think that this part of information is actually in the cyberspace/information space without clear physical boundaries.
Therefore, we also need to consider private information. There are at least three ways of judging whether the information is private-
First of all, Article 1033 of the “Civil Code” clarifies that “private parts of the body” belong to privacy. However, since the words collocation with the “private part” are “shooting, peeking”, whether the space below the body surface can be classified as a private part is questionable.
Secondly, it is judged by the type of information. According to Professor Cheng Xiao of the School of Law of Tsinghua University on the ranking analysis of each category of personal information, “…individual health information, criminal records, property status, sexual orientation, etc. are of course private information”, and some “controversial.” The range of information collected by in-vivo devices is so wide that it cannot be simply judged by category.
Finally, there are scene-based judgments, which to a large extent means specific situations and specific analysis, and it is difficult to draw conclusions beforehand.
Faced with real-life cases such as pacemakers or microchips, at a stage where judicial practice has just begun and consensus is still to be formed, such a two-step approach is more realistic: First, start from the “of course” category that is not controversial. The information collected and processed by the in-vivo equipment can be judged at this step, and the problem can be solved; secondly, if the judgment cannot be obtained in the first step, it is likely to enter a scene analysis that requires a comprehensive balance of multiple factors. At this time, the information is taken from the body and can be used as a weight High, a consideration that tends to be considered private information.
Although there is little correlation between in-vivo information equipment and “private activities” from an intuitive point of view, in the three cases, the two will overlap.
First, individuals may regard implanting the device itself in the body as a private activity. To judge this, you need to see what equipment it is.
Second, the information collected by in-vivo devices directly reflects private activities. The classic case here is: Combining the heart rate and time information recorded by the fitness bracelet can clearly reflect the pattern of sexual life.
Third, further analysis of the information collected by in-vivo devices is sufficient to reveal private activities. For example, the trajectory of actions may reveal an individual’s health status, religious beliefs, and sexual orientation.
02. Protection of personal information in the internal world
Even if the information collected and processed by in-vivo devices is not private, the information is likely to comply with the regulations for personal information protection. The starting point of the question is still “what belongs to personal information”. According to the “Civil Code” definition: “Personal information is a variety of information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information…”
It can be seen that “be able to identify” is the most critical criterion.
In specific practice, how to judge the scope of personal information can be further divided into two steps-
First look at the association. If the information has been associated with an individual, for example, in the same row in the data table, it should belong to personal information. Many of the information collected and processed by the in-vivo information equipment can be judged at this step. Especially all kinds of “smart” in-body devices: personalization often implies the meaning of association.
Second, look at identification. For in-vivo devices, this step is not so easy. For example, it is often difficult to identify a specific natural person by just looking at the heart rate or trajectory without using other information. Of course, if there is other information that can be easily obtained by ordinary people, which can be identified after being combined, then it can also be judged as personal information.
It is worth noting that the “Personal Information Protection Law (Second Review)” confers a higher degree of protection on “sensitive personal information”. Sensitive information refers to:
“Once leaked or illegally used, personal information that may lead to personal discrimination or serious harm to personal and property safety, including race, ethnicity, religious beliefs, personal biological characteristics, medical health, financial accounts, personal whereabouts and other information.”
The “two-step approach” for judging private information is also applicable here: first look at whether it belongs to the category clearly enumerated by the law, and then judge whether it will cause discrimination or serious harm. The information collected and processed by in-vivo devices, especially the corresponding information of diagnosis and treatment or human body enhancement devices, is likely to meet the requirements of “serious hazards” and thus belong to sensitive personal information.
After judging that the information collected and processed by the device in the body is (sensitive) personal information, it becomes a more “real” question: to what extent should it be protected?
Based on the individual’s fully informed consent is the minimum requirement. In the scene of implanted devices, in addition to the usual notifications on what information is collected, how to process it, whether it will be provided to the outside world, how long it will be stored, etc., there is no fully mature and robust device for the technology, such as microchips. , Or biological hard drives, it is at least as important to fully inform information security risks.
Unlike privacy, obtaining consent is not the only “passport” for collecting and processing personal information. If the individual has disclosed information by himself, if the processing of the information is necessary for the conclusion of a contract, or out of considerations such as public interest, personal information can also be processed.
This brings us back to the question raised in the pacemaker case: where is the boundary?
If self-disclosure is regarded as an implied agreement, then for the remaining two “holes”, whether “necessary for the contract” or “consideration of public interest”, there are requirements for the strength of the relationship: the corresponding individual The connection between information and the conclusion of a contract or public interest must be sufficiently close. If it is sensitive information, the intensity needs to reach “sufficient necessity”. For in-vivo information equipment, maintaining “restraint” at the hardware level and allowing the equipment to only be used for sufficient and necessary functions will be a very effective and trustworthy compliance approach.
In addition, from the perspective of data/information governance, the separation between the body and the information world will become a “gap” in the future.
At the macro level, the “triple balance”, which is the core trade-off between personal information protection and data governance, is the balance of interests between the country, enterprises and individuals, and it still exists in the body and the world.
At the micro level, for example, although the governance assumptions for cross-border transmission have covered every layer of the network model, these assumptions may not cover the possibility of carrying a large amount of information in and out of the country.
Nonetheless, if the privacy protection and data governance systems are extended to the internal world for reasons of making up for the gap, this in itself will become a difficult privacy issue.
There have been many ideas with a long history of (sufficient) informatization of the internal world. When this day finally emerges, the system that has been working hard to foresee will still expose many aspects that have not been fully considered.
On the basis of concisely summarizing the three types of related technologies that are already or close to practical, starting from the two systems of privacy and personal information protection, we try to describe the scope and degree of protection in a slightly “tipping” way. This does not mean that there are only these protections, such as the provisions on physical rights, that overlap with this; it does not mean that the system has reached its limit, and technical standards can play a role in many parts that cannot be concluded in advance.
Finally, there is something worth adding: Although the article only talks about the system, if there is no technical consideration from two aspects, the article can hardly be called complete.
On the one hand, network security protection can be regarded as a prerequisite: without this, whether it is the system’s protection of individuals or the system’s deterrent to potential evildoers, it seems quite pale. Of course, a sufficient level of safety protection is also part of the system regulations.
On the other hand, in-vivo information equipment can be as private, as sensitive and as important as possible. From this point of view, the collection, transmission and processing of relevant information should always consider the best anonymization technology at the current level. .