Research and Statistics

Table of Contents
Chapter 1 THE PROBLEM AND ITS BACKGROUND

Introduction ……………………………………………………………………………………… 2
Theoretical/Conceptual Framework ………………………………………................................... 4
Statement of the Problem …………………………………………………............................ 5

Hypothesis ……………………………………………………………………………………….. 6
Significance of the Study …………………………………………………… ……………….6
Scope and Limitations …………………………………………………………………………… 7
Definition of Terms ……………………………………………………………………………… 8
Chapter 2 REVIEW OF RELATED LITERATURES AND STUDIES

Related Readings …………………………………………………………………………...….... 9
Literature/Studies ………………………………………………………………………………..12
Synthesis ………………………………………………………………………………………...14
Chapter 3 RESEARCH METHODOLOGY

The Research Design …………………………………………………………………………....16
The Respondents………………………………………………………………..………..............17
The Instruments Used ……………………………………………………………………….......17
Data Collection and Management …………………………………………………………….....17
Statistical Treatment of Data …………………………………………………………………....18
CHAPTER 4 PRESENTATION OF DATA………………………………………………… 20
CHAPTER 5 SUMMARY, CONCLUSION AND RECOMMENDATION………………. 27
REFERENCES …………………………………………………………………………………30
SURVEY QUESTIONNAIRE ………………………………………………………………. 34
Privacy and Security Challenges of Emerging Big Data Applications in the era of COVID-19;
Basis for proposed enhanced Security Measures. Page |1
CHAPTER 1 – THE PROBLEM AND ITS BACKGROUND
1.1 INTRODUCTION
The Covid-19 pandemic has resulted in unprecedented social and economic

disruption worldwide. Racing against an invisible enemy, a virus simultaneously
foreign and ubiquitous, most governments have introduced drastic measures to
curb its spread and flatten the curve. Time is of the essence during a pandemic,
providing both governments and organizations with the moral license to take
extraordinary measures, such as travel restrictions, bans of public gatherings,
closures of non-essential businesses and transitions to remote work and education.
A particularly striking characteristic of the Covid-19 pandemic has been the rapid
deployment of novel digital technologies, such as contact-tracing apps. Society has
also witnessed intensification in the use of pre-existing digital products, such as
video-conferencing software. Receiving only limited exposure pre-pandemic,
Zoom has become a household name and an essential component for parties,
weddings, school and work.
The growing dependency on digital technologies is becoming a way of life,

and at the same time, the collection of data using them for surveillance operations
has raised concerns. Notably, some countries use digital surveillance technologies
for tracking and monitoring individuals and populations to prevent the
transmission of the new coronavirus. The technology has the capacity to contribute
towards tackling the pandemic effectively, but the success also comes at the
expense of privacy rights. The crucial point to make is regardless of who uses and
which mechanism, in one way another will infringe personal privacy. Therefore,
when considering the use of technologies to combat the pandemic, the focus should
also be on the impact of facial recognition cameras, police surveillance drones, and
other digital surveillance devices on the privacy rights of those under surveillance.
The urgent need to manage and find solutions to overcome the effects of the
coronavirus necessitates collecting data in large volumes. On the one hand, Big
Data acquisition and storage apparently poses a significant threat to the privacy of
individuals, and on the plus side, it helps make informative decisions that are
crucial for the prevention of COVID-19. Data protection law faces many
challenges in the digital age, and the emergence of Big Data is the most
conspicuous and challenging. In the Big Data era, the public enjoys many benefits
that Internet technology offers to them, but they also do face potential privacy
breaches. The failure to protect user accounts and personal data will directly
threaten their privacy and security.
The keynote of this paper seeks to support the notion that a pandemic should
not be used as a panacea for the introduction of new general surveillance measures
without consent. The response of the government and the technology industries to
the coronavirus outbreak became headline news, and concerns were raised about
the contact tracing apps, mobile location data tracking, and police surveillance
drones. Also, new privacy issues have emerged as the organizations started
levelling up surveillance using thermal cameras and face-recognition technology in
preparation for the resumption of normal working patterns. The governments also
have to comply with the use of surveillance tools in combating the pandemic and
sought to strike a balance without compromising data privacy law.
1.2 THEORETICAL/CONCEPTUAL FRAMEWORK
PROCESS
 Questionnaire
 Descriptive Survey
 Statistical Treatment
OUTPUT
FIGURE 1
Figure 1 describes the conceptual framework of the study wherein the input is
consisting of the following: Age, Sex, Job Title, Most accessed online Data
applications since the beginning of COVID-19 and Length of usage on the applied
online platforms.
On the other side, the process being used is through questionnaire, descriptive
survey and statistical treatment such as percentage, mean and tallied. The output is
the enhanced Security Measures.
The researcher wants to find out the Privacy and Security Challenges of Emerging
Big Data Applications in the era of COVID-19; basis for proposed enhanced
Security Measures. The table shows how the researcher research, surveyed and
solved the statement.
1.3 STATEMENT OF THE PROBLEM
When the law was approved in 2012, it was more or less copied from the
European Union legal framework; however, with some major differences
concerning the protection of personal data in terms of electronic communication.
This means that even though Philippine’s law specifies what personal data is, it
does not necessarily protect against the breach of privacy that can come from
computer technology specially during this time of pandemic. This is the first
problem with the law.
The second problem stems from the citizens’ ignorance regarding this law.
The National Privacy Commission (NPC) is an independent institution which is
also responsible for informing citizens of the rights that this law gives them, and
they have not been doing a good job.
This study aims to determine the Privacy and Security Challenges of

Emerging Big Data Applications in the era of COVID-19 Specifically, it will
answer the following questions:
I. PROFILE OF THE RESPONDENTS IN TERMS OF:

(a) Age
(b) Sex
(c) Job Title
(d) Most accessed online Data applications since
the beginning of COVID-19.
(e) Length of usage on the applied online platforms.
II. Assess the risk of Data Applications in terms of:

(f) Privacy of the person
(g) Privacy of personal behavior
(h) Privacy of personal communications
(i) Privacy of personal data.
1.4 HYPOTHESIS
This study aims to inform the people about the Privacy and Security challenges of
the continuous Big Data application during this pandemic. Based on this, there are
two hypotheses:
Hypothesis 1: The existing law of Data Privacy Act of 2012 is not comprehensive
enough to protect its citizens from all forms of privacy breaching.
Hypothesis 2: The citizens of the Philippines are not well informed on this Law.
1.5 SIGNIFICANCE OF THE STUDY
The findings of the study may be beneficial to the following:
To the Citizens of the Philippines. The people will be well informed about
the possibilities of data breach that may create a bad reputation for them. In this
study, they will be aware of the Privacy and Security Challenges and will learn
how to cope up with it.
To Other Government and Private Organizations. They could use or

replicate this study to accept the suggested enhanced Security Measures during this
pandemic and validate findings of this study.
To the Future Researchers. The ideas presented may be used as reference
data in conducting new researches or in testing the validity of other related
findings.
1.6 SCOPE AND LIMITATIONS
The existing Law, The Data Privacy Act is generally valid and applicable to all
individuals and legal bodies and persons that gather and process personal
information. However, it has some exceptions. The law also applies not only to
industries with offices in the country, but when equipment based in the Philippines
is used for processing. The act also applies to the handling of personal information
of Philippines citizens irrespective of where they are located.
1.7 DEFINITIONS OF TERMS
Big Data - refers to the large, diverse sets of information that grow at ever-
increasing rates. It encompasses the volume of information, the velocity or speed at
which it is created and collected, and the variety or scope of the data points being
covered (known as the "three v's" of big data).
Data Privacy Act of 2012 - formally known as Republic Act 10173 of the Republic
of the Philippines. This Act was passed and promulgated with the title: An Act
Protecting Individual Personal Information in Information and Communications
Systems in the Government and the Private Sector, Creating for this Purpose a
National Privacy Commission, and for Other Purposes.
Data Protection - process of safeguarding important data from corruption,

compromise or loss and providing the capability to restore the data to a functional
state should something happen to render the data inaccessible or unusable.
National Privacy Commission (NPC) - is an independent body created under

Republic Act No. 10173 or the Data Privacy Act of 2012, mandated to administer
and implement the provisions of the Act, and to monitor and ensure compliance of
the country with international standards set for data protection.
Privacy Breach - occurs when there is unauthorized access to collection, use or

disclosure of information. Some of the most common instances of a privacy breach
happen when the personal information of a patient, customer or client is stolen, lost
or mistakenly disclosed.
CHAPTER 2 – REVIEW OF RELATED LITERATURE AND STUDIES
2.1 RELATED READINGS
In March 2016, the Philippines fell prey to what has been dubbed as the biggest
breach in history concerning government-held data when the personal information
of over 55 million registered Filipino voters were leaked following a breach on the
Commission on Elections' (COMELEC's) database. This incident shed light on and
directed attention to the extent of personal information being collected and held by
government authorities, as well as their capabilities (or the lack thereof) in securing
such information. It caused a stir in both local and global news and has developed
into the first case for the NPC.
In September 2016, the NPC concluded that:
There was a security breach that provided access to the COMELEC database that
contained both personal and sensitive information, and other information that may
be used to enable identity fraud. The personal data included in the compromised
database contained passport information, tax identification numbers, names of
firearm owners and information about their firearms, e-mail addresses, among
others; and
In addition to the defacement of the COMELEC website on the evening of 27

March 2016, it is reasonably established that access to the database containing
personal data occurred in the week before the defacement, from around eight
different networks, over four to five days.
A preliminary report identifies two indicators of negligence on behalf of

COMELEC:
Basis for proposed enhanced Security Measures. P a g e | 10
The lack of a clear data governance policy, particularly in collecting and further
processing of personal data, unnecessarily exposed personal and sensitive
information of millions of Filipinos to unlawful access; and
The vulnerabilities in the website, and failure to monitor regularly for security
breaches allowed unlawful access to the COMELEC website.
Accountability Mechanism
i. Freedom of Information
There is currently no FOI law in the Philippines. A consolidated bill was approved
by the public information panel and is now with the Committee on Appropriations.
It is pending a second reading but has not been included in the Common
Legislative Agenda for the 17th Congress.
However, following his election president Duterte signed an Executive Order on

FOI. Executive Orders mean FOI requests can only pertain to the work of the
executives, and can be ended at any point. The Order contained 11 pages of
exceptions.
Identification Schemes
ID cards and databases
The Philippines currently has no national ID card system. However, the National
ID bill (House Bill 6221) was approved on third reading by the House of
Representatives in September 2017. In October 2018 the Philippine Statistics
Authority finalised the implementing rules and regulations for the national ID.
Voter registration
Pursuant to Republic Act No. 10367, voters are required to have their biometrics
data (i.e., fingerprints, photograph, and digital signature) captured by the
COMELEC before they are allowed to vote. The law considers the absence of
biometrics in a voter’s registration record as a ground for the deactivation of an
individual as a registered voter. To register to vote, a person has to first establish
his or her identity by presenting a valid ID, which may be any of the following:
Employee’s identification card, with the signature of the employer or an authorized

representative;
 Postal ID;
 Person with Disability (PWD) Discount ID;
 Student’s ID or library card, signed by the school authority;
 Senior Citizen’s ID;
 Driver’s license;
 NBI clearance;
 Passport;
 SSS/GSIS ID;
 Integrated Bar of the Philippines (IBP) ID;
 License issued by the Professional Regulatory Commission (PRC);
 Certificate of Confirmation issued by the National Commission on
Indigenous Peoples (NCIP) in case of members of ICCs or IPs; or
 Any other valid ID.
Absent these, an applicant may be identified under oath by any registered voter of
the precinct where he/she intends to be registered, or by any of his/her relatives
within the fourth civil degree of consanguinity or affinity. A registered voter shall
only be allowed to identify up to three applicants.
SIM card registration
There is currently a total of 12 bills in the House of Representatives (including

House Bill No 5231) and seven bills in the Senate (including Senate Bill No 105)
on SIM card registration. The technical Working Group at the House of Rep has
consolidated those bills. As of November 2017, the draft has not been publicly
released.
2.2 LITERATURE/STUDIES
The introduction of social distancing has also led to reduced face-to-face

interaction between individuals, forcing people to turn to digital alternatives.
According to a Gallup poll of US-based adults in April 2020, 25% use social media
more frequently since the beginning of the Covid-19 pandemic, 57% use them the
same and 7% use them less frequently (10% do not use social media at all) (Ritter,
2020). Zoom has been used for birthday parties (Matyszczyk, 2020) and weddings
(Pajer, 2020), while informal get-togethers on apps such as Houseparty are
increasingly common (McIntosh, 2020). The forced transition to online socializing
raises the question of whether consenting to use social communication platforms
can still be considered voluntary during a pandemic.
Rapid adoption of third-party video-conferencing platforms such as Zoom or
Skype creates new vulnerabilities in terms of privacy and data protection. Hosts of
Zoom calls can see the IP address, location data and device information of
participants. Although Zoom made changes to its code in late March 2020 to stop
sending data to Facebook (Cox, 2020), privacy concerns about the software
continue. One severe social privacy and data security infringement has been
Zoombombing (Wakefield, 2020). Zoom has seen much criticism for its privacy
policy and security standards during this pandemic (e.g. Leitschuh, 2019; Searls,
2020). This continued pressure forced Zoom to react and thoroughly revise its
privacy policy (Zoom, 2020a) (the EDPB as well as the Swiss Federal Data
Protection and Information Commissioner (FDPIC) even issued guidance on the
safe use of video-conferencing tools as a reaction to this rushed adoption of
existing technologies (EDPB, 2020b; FDPIC, 2020b). Zoom claims to have not
changed their practices, implying that they have always been compliant. Rather,
they claim to have only updated their privacy policy ‘to be more clear, explicit, and
transparent’ (Zoom, 2020b) and to have issued a 90-day feature freeze to address
security issues (Zoom, 2020c). In any case, the use of clearer language in their
privacy policy improves transparency and strengthens user decision making,
according to the principle of informed consent.
The widespread transition to remote work because of Covid-19 has also increased
the use of digital surveillance measures in the home (Maalsen and Dowling, 2020).
Many professionals currently working from home are now subject to greater
surveillance than previously experienced. One example is screen capturing video-
services like Sneek, which automatically takes photos of employees through their
webcams every five minutes (Holmes, 2020).
Remote work has traditionally raised concerns about the loss of managerial
oversight (Sewell and Taskin, 2015), leading to potential worker misbehaviour or
slacking. Although recent research has emphasized remote workers’ own desire to
maintain visibility so they do not feel ‘exiled’ (Hafermalz, 2020), there are
unresolved privacy concerns when workers willingly or unwillingly submit to
remote digital surveillance. Although the sales of workplace surveillance tools
have increased since the start of the pandemic, privacy concerns about how
employers monitor the performance of employees have also grown, raising
questions of what form of surveillance is necessary and what forms of surveillance
are merely intrusive, such as continuous desktop and webcam sharing (Holmes,
2020; Morrison, 2020).
2.3 SYNTHESIS
From a research perspective, the investigation of data technologies within

the pandemic is only at the beginning. Research has started to reflect on the
privacy implications of the Covid-19 pandemic (Vitak and Zimmer, 2020),
especially regarding the spatial dimensions and location-based data (Frith and
Saker, 2020; Poom et al., 2020). It is not surprising that spatial aspects have been
prioritized over temporal ones, given the data being collected within many
applications to mitigate the pandemic and the strong spatial considerations that
come with the pandemic (e.g. quarantine and social distancing as key spatial
strategies). However, such data is often also temporal and we have argued that
scholars should pay close attention to the temporal dynamics of the pandemic
when it comes to privacy. For instance, to what extent can we use privacy
assessments before the deployment of technological solutions to anticipate and
help mitigate adverse privacy implications? More conceptual analysis and
synthesis are needed to connect the first steps made in this paper to established
theories of time and technology (Rosa, 2013; Wajcman, 2015) and newer work
(Kitchin and Fraser, 2020).
Rushed innovation in disaster capitalism (Klein, 2007) should be

investigated empirically. Case studies, such as the one discussed by Sandvik
(2020), offer a fruitful approach to analyze the deployment of new solutions. We
encourage qualitative researchers to document and critically investigate the
temporalities of technology projects relating to the pandemic. On the adoption side,
case studies could accompany the decision-making processes within organizations
and public institutions that lead to rushed adoption, spotlighting privacy
implications for those affected. Recent examples that ask for critical inquiry are the
introduction of proctoring software at universities (Patil and Bromwich, 2020), the
application of grading algorithms for A levels in UK schools (Hern, 2020;
Kolkman, 2020), and the increased use of workplace surveillance software such as
Hubstaff (Jones, 2020). These examples also show the intertwinement of privacy
risks with intersectional concerns for rushed innovation. Those more vulnerable
and marginalized in society face disproportionate privacy repercussions and more
general risks from Big Data in the wake of the pandemic (Milan and Treré, 2020).
Digital inequalities research has looked into digital communication changes

that come with the pandemic and how these changes are unequally distributed,
favoring individuals with advanced Internet skills (Nguyen et al., 2020). Future
research should study the disparate intersectional implications of rushed
innovation. Quantitative surveys could be combined with qualitative and
ethnographic studies with those at the margins (Marwick and boyd, 2018), giving
distinct voice to their concerns. Action research from a social justice-based
perspective is particularly promising, as it involves marginalized communities and
emphasizes practical change through design initiatives (Costanza-Chock, 2020).
Outside of organizations and institutions, rushed innovation can be investigated
with a variety of user-oriented methods, including digital methods such as
walkthroughs (Light et al., 2018), glitch studies analyses (Menkman, 2011), and
sentiment analysis, social network analysis, or topic models of social media
coverage (Sloan and Quan-Haase, 2017).
Pandemics and other world catastrophes push for immediate responses. Still,
these responses will have many consequences for society in the immediate and
long run that require a thorough understanding of how responsible rushed
innovation can be. Greater effort in incorporating privacy considerations
beforehand in the design of digital solutions is very much needed, as afterthought
privacy reflections risk exposing the health of citizens, wasting public resources
and worsen the consequences that the state of emergency already has for society.
CHAPTER 3 – RESEARCH METHODOLOGY
3.1 Research Design
Polit and Hungler (1999:155) describe the research design as a

blueprint, or outline, for conducting the study in such a way that maximum control
will be exercised over factors that could interfere with the validity of the research
results. The research design is the researcher’s overall plan for obtaining answers
to the research questions guiding the study. Burns and Grove (2001:223) state that
designing a study helps researchers to plan and implement the study in a way that
will help them obtain the intended results, thus increasing the chances of obtaining
information that could be associated with the real situation. This study used a
quantitative exploratory descriptive design to identify, analyze and describe
Privacy and Security Challenges of Emerging Big Data Applications in the era of
COVID-19 basis for proposed enhanced Security Measures.
3.2 Respondents of the study
The study sample was composed by 60 persons (51.7% men and

48.3% women) aged between 20 and 45 years.
3.3 The Instruments Used
The researcher used survey questionnaire in conducting this study.

The questionnaire is composed of two parts. The first part consists of questions
asking for respondents’ demographic profile. Second part of the instrument
questions on respondent’s thoughts, views, or perceptions on a number of
indicators for the impact of Emerging Big Data Applications.
3.4 Data Collection and Management
Polit and Hungler (1999:267) define data as “information obtained

during the course of an investigation or study”. In this study, questionnaires were
used to obtain data relevant to the study’s objectives and research questions. The
purpose of the study was to identify the Privacy and Security Challenges of
Emerging Big Data Applications.
The researcher approached random persons who has an application of any

contact tracing apps and those who are working remotely to participate in the
study. Every person who was willing to participate received a letter with
information about the study, a consent form and a questionnaire.
When the 60 random persons had completed questionnaires, the completed

questionnaires were handed to a statistician for data analysis.
3.5 Statistical Treatment of Data
To interpret the date effectively, the researcher will employ the following
statistical treatment. The Percentage, Weighted Mean and T-test are the tools use
to interpret data.
1. Percentage
This will employ to determine the frequency counts and percentage
distribution of personal related variables of the respondents.
Formula:
% is the percentage
F is the Frequency
N is the total number of respondents
100 is a constant value
2. Weighted Mean
Weighted Mean. This was used to compute and determine the average
response of the respondents on the various factors considered in the study.
The formula is:
Where:
WM = Weighted Mean
W = weights assigned
F = frequencies for each option
= sum of all weighted scores obtained by a sample, and
N = number of respondents in the sample
3. Likert Scale
This was used to interpret and further analyze the quantitative results, the
results to the questionnaires will be expressed in four categories with the
given corresponding points and will be interpreted using the following scale:
Weights Limits Verbal Interpretation

4 3.26 – 4.00 Strongly Agree
3 2.51– 3.25 Agree
2 1.76 – 2.50 Moderately Agree
1 1.00 – 1.75 Disagree
CHAPTER 4 – PRESENTATION OF DATA
4.1 INTRODUCTION
This chapter presents the data gathered, the results of the statistical analysis done
and interpretation of findings. These are presented in tables following the sequence
of the specific research problem regarding the Privacy and Security Challenges of
Emerging Big Data Applications in the era of Covid -19.
4.2 DEMOGRAPHIC CHARACTERISTICS
This study was about the Privacy and Security Challenges of Emerging Big Data
Applications in the era of Covid -19 thus respondent’s most accessed online data
application considered very important. Demographic characteristics in our findings
and are presented under Table 1, 2 and 3.
AGE FREQUENCY PERCENT

20 – 24 20 33.3
25 – 29 6 10.0
30 – 39 26 43.3
40 + 8 13.3
TOTAL 60 100.0
Table 1 – Age of Respondents
Table 1 presents the age of the respondents who responded to our questionnaires.
Out of 60 20-24 were 20(33.3%), 25-29 were 6(10.0%) 30-39 were 26(43.3%) 40+
were 8(13.3). This analysis suggests that majority whose age range between 30-39
has more likely to encounter Security and Data Challenges on their Big Data
Applications during the pandemic.
Table 2 – Gender of Respondents
GENDER FREQUENCY PERCENT
MALE 31 51.7
FEMALE 29 48.3
TOTAL 60 100.0
Table 2 shows
the gender of who responded to our questionnaires. Out of the 60 responded, 31
were male (51.7%) and 29 were females (48.3%). This analysis implies that the
majority of male under the study responded to the questionnaire than female. This
Table 3 – Most Accessed Online Data Applications

MOST ACCESSED ONLINE DATA FREQUENCY PERCENT
APPLICATION
Contact Tracing Apps 6 10.0
Zoom/Skype/Google Meet 14 23.3
Mobile Banking Apps 18 30.0
Online Market 16 26.7
(Shopee/Lazada)
E-appointments 3 5.0
Others 3 5.0
Total 60 100.0
Table 3 shows the most accessed online data application in the beginning of
Covid19. This figure implies that the majority chose Mobile Banking Apps as their
most accessed online data application during this time. Next to it are the Online
Markets and the Online Meeting Applications like Zoom, Skype and Google Meet.
Table 4 – Summary of Privacy and Security Challenges
PRIVACY OF THE PERSON 4 3 2 1 WM DE

1. Do you agree that people 25
20 12 3
should prefer PRIVACY than (10 3.12 Agree
0) (60) (24) (3)
CONVENIENCE?
2. Do you agree that there should 28
17 15 0
be new laws to protect privacy (11 3.22 Agree
(51) (30) (0)
applied online? 2)
3. Do you believe that there ought
30
to be stricter laws to protect 30 0 0 3.50 Strongly
(12
children's privacy than adult's (90) (0) (0) Agree
0)
privacy on the internet?
PRIVACY OF PERSONAL
4 3 2 1
BEHAVIOR
4. Aside from your basic
information, are you willing to
provide your real-time location for
the innovation of contract tracing 11 9 20 20 2.18 Disagree
apps? (GPS methods of co- (44) (27) (40) (20)
localization tracing and
Bluetooth-based methods of
proximity tracing)
5. Do you agree that third party
advertising agencies should be
10 10 14 26
able to compile my usage 2.07 Disagree
(40) (30) (28) (26)
behavior across different web sites
for direct marketing purposes?
6. Do you agree that Internet 33 Strongly
27 0 0
payment systems should be (13 3.85 Agree
(99) (0) (0)
anonymous than user identified? 2)
PRIVACY OF PERSONAL
4 3 2 1
COMMUNICATION
7. I am confident using online 29 Strongly
24 3 4
software for remote working and (11 3.30 Agree
(72) (6) (4)
studying 6)
8. I like receiving mass postal Strongly
0 0 25 35
mailings that were specifically 1.42 Disagree
(0) (0) (50) (35)
targeted to my demographics
9. I like receiving mass electronic 0 0 25 35 1.42 Strongly
mailings (0) (0) (50) (35) Disagree
PRIVACY OF PERSONAL
4 3 2 1
DATA
10. Do you agree to have access
on your submitted personal data? 36 Strongly
20 4 0 3.53 Agree
e.g., deleting your record on the (14
(60) (8) (0)
contract tracing apps after the 4)
pandemic.
11. Do you agree that even your
intellectual properties can be Strongly
32
leaked during remote working or 22 3 3 3.38 Agree
(12
studying? e.g., recordings of your (66) (6) (3)
8)
presentation/reports, recordings of
the private meetings.
12. Do you agree that a user ought
to have complete control over 24 16 8 12 2.87 Agree
which sites get what demographic (96) (48) (16) (12)
information?
LEGEND:
WM = WEIGHTED MEAN
DE = DESCRIPTIVE EQUIVALENT
Mean Scale Descriptive Equivalent
3.26 – 4.00 Strongly Agree
2.51– 3.25 Agree
1.76 – 2.50 Disagree
1.00 – 1.75 Strongly Disagree
Table 4 shows the Summary of Privacy and Security Challenges of Emerging Big
Data Applications in the Era of COVID-19. These challenges are group according
to its effect on the Privacy of the Person, Privacy of Personal Behavior, Privacy of
Communication and Privacy of the Person.
Privacy of the Person – based on the survey, it can be noted that the
respondents want an enhanced security measure online. Even though there is an
emerging big data application during the pandemic, they still prefer privacy than
convenience. In this regard, governments and companies should apply the
following data protection and privacy principles:
 Purpose limitation and data minimization: Data collection, use, sharing,

storage, and other processing of data should be limited to what is strictly
necessary for the fight against the virus. A pandemic is no excuse to collect
extensive and unnecessary data.
 Access limitation and data security: Access to data shall be limited to those
who need information to conduct treatment, research, and otherwise address
the crisis. The information should be stored securely, in a separate database.
 Data retention and future research: Data processed in response to the crisis
should be kept only for the duration of the crisis. Afterward, most health
data shall be erased, though some non-identifiable information could be kept
for historical and research purposes. This information should only be
accessible and used for these public-interest purposes.
 Do not sell data: Under no circumstance should data be sold or transferred to
third parties who are not working in the public interest.
Privacy of Personal Behavior – based on the survey, it can be noted that the
respondents are not in favor of using GPS methods of co-localization tracing and
Bluetooth-based methods of proximity tracing. Knowing a person’s geographic
location gives only part of the story, but still sacrifices personal privacy. Location
data is highly revealing. By simply following a person’s movement based on
location data from a smartphone, you can deduce their home address and
workplace, map their interaction with others, identify their doctor visits, infer their
socio-economic status, and more. Without proper safeguards, tracking and geo-
location tools can enable ubiquitous surveillance. Thus, using geo-location to help
address the spread of viruses should be conducted in a rights-respecting manner
that promotes trust in government and protects individual safety and security,
given the heightened risk of snowballing into state-sponsored mass surveillance.
Protect the rule of law: data-sharing agreements between states and companies
must be based in law. When governments and public authorities determine that
data-sharing agreements are necessary for the fight against the virus, they must rely
on existing or emergency laws. The inherent privacy and data protection risks of
these measures mean that public and independent authorities must be able to
scrutinize the measures, which should also be limited in time. Therefore,
governments should ensure its agreements follow legal norms and are transparent.
Ad-hoc, extra-legal, and opaque deals with telecoms operators and companies to
share location data are not acceptable.
Privacy of Personal Communication – based on the survey, it can be noted
that the respondents are not in favor of mass electronic mails. Respondents also
shows that they are confident using the Online Communication Tools like Zoom,
Skype, etc. In this regard, private companies should:
Apply privacy and data protection principles. Companies developing apps and
services used to cope with or respond to the COVID-19 outbreak must provide
users with data protection rights, and abide by the principles of data minimization,
purpose and use limitation, and limited access and data retention.
Prohibit private companies from re-using or monetizing data. When creating

applications to respond to a public health crisis, private companies should not be
able to monetize data derived from the use of their products. Additionally, there
should be clear limitations on secondary uses or further processing of data.
Privacy of Personal Data - based on the survey, it can be noted that the
respondents are in favor to have access on their submitted data and also aware that
there has a possibility of data breach of intellectual properties during remote
working or studying.
In this regard, we can bring transparency to public-private partnerships.

Collaborations between governments, authorities, and companies or other
organizations must be transparent. They should follow open data, open
government, open procurement standards, and transparency reporting
requirements, and facilitate the public’s access to information. To encourage
competition, software or services should not be conditioned on long-term or
exclusive contracts. Governments need flexibility to choose the best partners in the
public interest.
CHAPTER 5 – SUMMARY, CONCLUSION AND RECOMMENDATION
In times of a global pandemic such as COVID-19, governments can assume

special powers to introduce extraordinary measures to prevent and mitigate the
health crisis, subject to international human rights law and additional domestic
constitutional standards. There will be an aftermath to the COVID-19 outbreak.
The measures governments put in place right now will determine this aftermath.
The recommendations outlined below will ensure that the rule of law, and the
rights to privacy and data protection, are protected throughout this crisis and in the
future.
Involve Experts in Civil Society. Where sensitive and personal information

is collected, governments must involve experts from the privacy and health
community to help develop and implement safeguards on the use of data,
especially in countries that lack robust privacy or data protection authorities.
Communities at risk of marginalization, including women and girls, those with
disabilities, indigenous groups, the poor, LGBTQ persons, and religious and ethnic
minorities, often suffer the brunt of discrimination and lack health care access, and
should be consulted in creating specific, effective safeguards.
All crisis response measures should be transparent, necessary, and

proportionate. A pandemic is not a time to reduce transparency. While
transparency on its own is insufficient to protect individual privacy, people
should still have the ability to understand what will happen with their data in a
health crisis situation. Measures taken in response to pandemics should similarly
be necessary and proportionate to ensure that responses will be beneficial to
solving the crisis without sacrificing individual privacy.
Protect the rule of law: data-sharing agreements between states and
companies must be based in law. When governments and public authorities
determine that data-sharing agreements are necessary for the fight against the
virus, they must rely on existing or emergency laws. The inherent privacy and data
protection risks of these measures mean that public and independent authorities
must be able to scrutinize the measures, which should also be limited in time.
Therefore, governments should ensure its agreements follow legal norms and are
transparent. Ad-hoc, extra-legal, and opaque deals with telecoms operators and
companies to share location data are not acceptable.
Do not invest in controversial surveillance systems. While resources for

public health are scarce, governments around the world should not see this health
crisis as an opportunity to invest in controversial surveillance systems, such as
facial recognition technology.
Use anonymized data and apply data protection and privacy principles.
When governments decide to use location data under existing or emergency laws,
we recommend that they rely on anonymized data. Importantly, even so-called
anonymous data can easily be re-identified, and even just four data points can be
sufficient, which means that data protection and privacy risks remain. Data
protection and privacy principles must therefore apply, including data
minimization to ensure that the data used are relevant, accurate, and necessary to
address the current crisis, and use limitations to ensure data are used only for crisis
response. Furthermore, telecoms operators and companies providing data should
work with supervisory authorities and privacy experts to ensure data are used with
appropriate safeguards.
Finally, we urge governments to limit access to this data to those that require the
information to fight the virus. The data should either be tagged, or stored in a
separate database for crisis response, in such a way that it can be easily deleted
when the crisis is over.
The world is facing a significant public health crisis; responses and measures
adopted by governments to fight COVID-19 will have an impact beyond this
emergency. From past health crises, we have learned not to fall for quick fixes, but
to uphold human rights to prevent further harms for the population. Data and
technology will be key components in the fight against COVID-19. The question is
not if governments can use data and tech to help fight the virus but how; here our
message is simple: protecting digital rights also promotes public health. In a time
of crisis, public trust is key to ensure that everyone unites behind the response.
Eroding human rights would be misguided and harmful, both during and in the
aftermath of the crisis. In this collaborative fight against COVID-19, we all have a
responsibility to act, advise, and protect: governments, companies, NGOs, and
individuals. We hope that the recommendations we present to governments will
contribute to finding a common response to this crisis, and we stand ready to
further advise on its implementation.
REFERENCES
Andrejevic, M, Gates, K (2014) Big data surveillance. Surveillance & Society

14(2): 185–196.
Balsari, S, Buckee, C, Khanna, T (2020) Which Covid-19 data can you trust?
Harvard Business Review, 8 May 2020. Available at:
https://hbr.org/2020/05/which-covid-19-data-can-you-trust (accessed 1 December
2021).
Bigo, D (2006) Security, exception, ban and surveillance. In: Lyon, D (ed.)
Theorizing Surveillance: The Panopticon and Beyond. Cullompton: Willan, pp.46–
68.
Calhoun, C (2010) The idea of emergency: Humanitarian action and global

(dis)order. In: Fassin, D, Pandolfi, M (eds) Contemporary States of Emergency:
The Politics of Military and Humanitarian Interventions. New York: Zone Books,
pp.29–58.
Dubov, A, Shoptaw, S (2020) The value and ethics of using technology to contain
the COVID-19 epidemic. The American Journal of Bioethics 20(7): W7–W11.
Edenberg, E, Jones, ML (2019) Analyzing the legal roots and moral core of digital
consent. New Media & Society 21(8): 1804–1823.
Eisenhardt, K, Martin, J (2000) Dynamic capabilities: What are they? Strategic

Management Journal 21(10–11): 1105–1121.
Federal Data Protection and Information Commissioner, FDPIC (2020b) Measures

for the safe use of audio and video conferencing systems. Available at:
https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html#-
1113581112 (accessed 3 December 2021).
Gasser, U (2016) Recoding privacy law: Reflections on the future relationship
among law, technology, and privacy. Harvard Law Review Forum – Law, Privacy
& Technology Commentary Series 130(2): 61–70.
Gasser, U, Ienca, M, Scheibner, J, et al. (2020) Digital tools against COVID-19:

Framing the ethical challenges and how to address them. arXiv preprint
arXiv:2004.10236. Available at: https://arxiv.org/abs/2004.10236 (accessed 9
December 2021).
Ha, YP, Tesfalul, MA, Littman-Quinn, R, et al. (2016) Evaluation of mobile health
approach to tuberculosis contact tracing in Botswana. Journal of Health
Communication 21(10): 1115–1121
Harari, YN (2020) The world after coronavirus. Financial Times, 19 March.

Available at: https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcca75
(accessed 14 DECEMBER 2021).
Harris, M, Bhatti, Y, Buckley, J, et al. (2020) Fast and frugal innovations in

response to the Covid-19 pandemic. Nature Medicine 26: 814–821.
Information Commissioner's Office (ICO) (2020) Data protection and coronavirus

information hub. Available at: https://ico.org.uk/global/data-protection-and-
coronavirus-information-hub/ (accessed 13 December 2021).
Kitchin, R (2020) Using digital technologies to tackle the spread of the

coronavirus: Panacea or folly? The Programmable City Working Paper 44.
Available at: http://progcity.maynoothuniversity.ie/wp-
content/uploads/2020/04/Digital-tech-spread-of-coronavirus-Rob-Kitchin-PC-
WP44.pdf (accessed 28 November 2021).
Leslie, D (2020) Tackling Covid-19 through responsible AI innovation: Five steps
in the right direction. SSRN Electronic Journal, 14 May 2020. Available at:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3652970 (accessed 3
December 2021).
Light, B, Burgess, J, Duguay, S (2018) The walkthrough method: An approach to

the study of apps. New Media & Society 20(3): 881–900.
Morley, J, Cowls, J, Taddeo, M, et al. (2020) Ethical guidelines for COVID-19

tracing apps. Nature 582: 29–31.
Nguyen, MH, Gruber, J, Fuchs, J, et al. (2020) Changes in digital communication

during the COVID-19 global pandemic: Implications for digital inequality and
future research. Social Media + Society 6(3): 1–6.
Obar, JA (2015) Big Data and The Phantom Public: Walter Lippmann and the
fallacy of data privacy self-management. Big Data & Society 2(2): 1–16.
Pajer, N (2020) A virtual DJ, a drone, and an all-out zoom wedding. Wired, 21
May 2020. Available at: https://www.wired.com/story/virtual-dj-drone-all-out-
zoom-wedding/ (accessed 3 January 2022).
Rohac D (2020) Hungary's prime minister is using the virus to make an

authoritarian power grab. The Washington Post, 25 March. Available at:
https://www.washingtonpost.com/opinions/2020/03/25/hungarys-prime-minister-
is-using-virus-make-an-authoritarian-power-grab/ (accessed 13 December 2021).
Sandvik, KB (2020) “Smittestopp”: If you want your freedom back, download

now. Big Data & Society 7(2): 1–11.
Privacy International (2019) State of Privacy Philippines. Available at:
https://privacyinternational.org/state-privacy/1009/state-privacy-philippines
(accessed 03 January 2022)
Taylor, L (2020) The price of certainty: How the politics of pandemic data demand
an ethics of care. Big Data & Society 7(2): 1–7.
Vallee, M (2020) Doing nothing does something: Embodiment and data in the
Covid-19 pandemic. Big Data & Society 7(1): 1–12.
Waterson, J (2020) Boris Johnson urges top UK tech firms to join coronavirus
fight. The Guardian. Available at:
https://www.theguardian.com/business/2020/mar/13/johnson-urges-top-uk-tech-
firms-to-join-coronavirus-fight (accessed 5 December 2021).
York, JC, McSherry, C (2020) Automated moderation must be temporary,

transparent and easily appealable. Electronic Frontier Foundation, 2 April 2020.
SURVEY QUESTIONNAIRE
Instrumental research titled “Privacy and Security Challenges of Emerging

Big Data Applications in the era of COVID-19 basis for proposed enhanced
Security Measures.”
Instructions: To what extent do you agree with the following items? The
following items will assess the risk level of every individual on their Big Data
Application in the amidst of COVID-19. Please read the statements below
carefully and tick the appropriate choices that reflect your understanding towards
Data Privacy.
Use the scale below to answer the questionnaire items.
4 STRONGLY AGREE 3 AGREE 2 DISAGREE 1 STRONGLY DISAGREE
Note: Tick (√) only one option for each item in the questionnaire.
I. PROFILE OF THE RESPONDENTS
Name (Optional): ________________________

Age: Sex: Female Male
Occupation (Optional): ______________________________
Most accessed online Data applications since the beginning of COVID-19.

 Contract Tracing Apps
 Zoom/Skype/Google Meet
 Mobile Banking Apps
 Online Market (Shopee, Lazada, etc.)
 E-Appointments
 Others (pls. specify): _____________________________________
Length of usage on the applied online platforms.

 1 – 3 mos.  7 – 9 mos.  Above 12
 4 – 6 mos.  10 – 12 mos. mos.
PRIVACY OF THE PERSON 4 3 2 1
1. Do you agree that people should prefer
25 20 12 3
PRIVACY than CONVENIENCE?
2. Do you agree that there should be new laws
28 17 15 0
to protect privacy applied online?
3. Do you believe that there ought to be stricter
laws to protect children's privacy than adult's 30 30 0 0
privacy on the internet?
PRIVACY OF PERSONAL BEHAVIOR 4 3 2 1
4. Aside from your basic information, are you
willing to provide your real-time location for
the innovation of contract tracing apps? (GPS 11 9 20 20
methods of co-localization tracing and
Bluetooth-based methods of proximity tracing)
5. Do you agree that third party advertising
agencies should be able to compile my usage
10 10 14 26
behavior across different web sites for direct
marketing purposes?
6. Do you agree that Internet payment systems
33 27 0 0
should be anonymous than user identified?
PRIVACY OF PERSONAL
4 3 2 1
COMMUNICATION
7. I am confident using online software for
29 24 3 4
remote working and studying
8. I like receiving mass postal mailings that
0 0 25 35
were specifically targeted to my demographics
9. I like receiving mass electronic mailings 0 0 25 35
PRIVACY OF PERSONAL DATA 4 3 2 1
10. Do you agree to have access on your
submitted personal data? e.g., deleting your
36 20 4 0
record on the contract tracing apps after the
pandemic.
11. Do you agree that even your intellectual
properties can be leaked during remote
working or studying? e.g., recordings of your 32 22 3 3
presentation/reports, recordings of the private
meetings.
12. Do you agree that a user ought to have 24 16 8 12
complete control over which sites get what
demographic information?

Research and Statistics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Research and Statistics

Uploaded by

Copyright:

Available Formats

Table of Contents

Chapter 1 THE PROBLEM AND ITS BACKGROUND

Statement of the Problem …………………………………………………............................ 5

Chapter 2 REVIEW OF RELATED LITERATURES AND STUDIES

Chapter 3 RESEARCH METHODOLOGY

The Covid-19 pandemic has resulted in unprecedented social and economic

The growing dependency on digital technologies is becoming a way of life,

This study aims to determine the Privacy and Security Challenges of

I. PROFILE OF THE RESPONDENTS IN TERMS OF:

II. Assess the risk of Data Applications in terms of:

1.5 SIGNIFICANCE OF THE STUDY

The findings of the study may be beneficial to the following:

To Other Government and Private Organizations. They could use or

1.6 SCOPE AND LIMITATIONS

1.7 DEFINITIONS OF TERMS

Data Protection - process of safeguarding important data from corruption,

National Privacy Commission (NPC) - is an independent body created under

Privacy Breach - occurs when there is unauthorized access to collection, use or

CHAPTER 2 – REVIEW OF RELATED LITERATURE AND STUDIES

In September 2016, the NPC concluded that:

In addition to the defacement of the COMELEC website on the evening of 27

A preliminary report identifies two indicators of negligence on behalf of

However, following his election president Duterte signed an Executive Order on

Employee’s identification card, with the signature of the employer or an authorized

SIM card registration

There is currently a total of 12 bills in the House of Representatives (including

The introduction of social distancing has also led to reduced face-to-face

From a research perspective, the investigation of data technologies within

Rushed innovation in disaster capitalism (Klein, 2007) should be

Digital inequalities research has looked into digital communication changes

CHAPTER 3 – RESEARCH METHODOLOGY

3.1 Research Design

Polit and Hungler (1999:155) describe the research design as a

3.2 Respondents of the study

The study sample was composed by 60 persons (51.7% men and

3.3 The Instruments Used

The researcher used survey questionnaire in conducting this study.

3.4 Data Collection and Management

Polit and Hungler (1999:267) define data as “information obtained

The researcher approached random persons who has an application of any

When the 60 random persons had completed questionnaires, the completed

Weights Limits Verbal Interpretation

1 1.00 – 1.75 Disagree

4.2 DEMOGRAPHIC CHARACTERISTICS

AGE FREQUENCY PERCENT

Table 3 – Most Accessed Online Data Applications

PRIVACY OF THE PERSON 4 3 2 1 WM DE

1.00 – 1.75 Strongly Disagree

 Purpose limitation and data minimization: Data collection, use, sharing,

Prohibit private companies from re-using or monetizing data. When creating

In this regard, we can bring transparency to public-private partnerships.

In times of a global pandemic such as COVID-19, governments can assume

Involve Experts in Civil Society. Where sensitive and personal information

All crisis response measures should be transparent, necessary, and

Do not invest in controversial surveillance systems. While resources for

Andrejevic, M, Gates, K (2014) Big data surveillance. Surveillance & Society

Calhoun, C (2010) The idea of emergency: Humanitarian action and global

Eisenhardt, K, Martin, J (2000) Dynamic capabilities: What are they? Strategic

Federal Data Protection and Information Commissioner, FDPIC (2020b) Measures

Gasser, U, Ienca, M, Scheibner, J, et al. (2020) Digital tools against COVID-19:

Harari, YN (2020) The world after coronavirus. Financial Times, 19 March.

Harris, M, Bhatti, Y, Buckley, J, et al. (2020) Fast and frugal innovations in

Information Commissioner's Office (ICO) (2020) Data protection and coronavirus