On May 11, 2015, a 68-year-old South Korean businessman, recently back from the Arabian Peninsula, went to a hospital with symptoms of fever and cough. After four more visits, he was finally admitted to a hospital in Seoul with pneumonia, and on May 20, he was diagnosed as infected with the Middle East respiratory syndrome coronavirus first reported in Saudi Arabia in 2012. The day after this first confirmed MERS coronavirus case, the South Korean government confidently announced that the situation was “under control.” Yet, as seems all too familiar to those of us who lived through 2020, the country lacked a national strategy to control the outbreak. To make things worse, during the initial phase of the outbreak, the government withheld most of the information regarding MERS patients, leaving hospitals and local governments scrambling to identify patients and potential contacts. This lack of transparency eviscerated trust, as well as any hope of effective contact tracing and disease control. The result was 186 infections and 38 deaths in South Korea, the biggest MERS outbreak outside Saudi Arabia.
Six years later, Korea has been praised around the world for its response to COVID-19. Even in the midst of a recent spike in cases, South Korea reports 554 new cases daily and a total of 1,378 deaths. This is a sad and stark comparison with the United States, which continues to break its grim records for new cases and deaths per day—more than 155,000 cases daily and a total death toll of over 425,000 at the time of writing. The U.S. has seen 129.43 deaths per 100,000 people, compared with just 2.67 per 100,000 for South Korea. While states in the U.S. continue to impose restrictions and lockdowns, South Korea has managed to control the virus without ever imposing a nationwide lockdown or travel restrictions. With the exception of schools and certain public facilities, South Korea has largely remained open both internally and to the rest of the world. One of us, living in Seoul until recently, has been able to eat indoors at restaurants and bars and visit art galleries throughout the pandemic. The other, living in St. Louis, has not dined inside a restaurant since March.
How has South Korea managed such a successful national COVID-19 response? The answer is relatively simple: a national strategy based on what it learned from its MERS coronavirus failure. The MERS disaster stimulated “Reform of the National Infectious Disease Response System” and subsequent changes in laws to ensure effective control of infectious disease outbreaks and transparency in the process. In the meantime, South Korea also increased funding for epidemiologists and other public health surveillance measures. As a result, when the current pandemic hit, the country was ready. While the focus has been on South Korea’s response to the current pandemic, what is important is how the country learned from its MERS failures and rebuilt public trust to enable such an effective response. This has particular significance in light of the Biden administration’s recently announced national COVID-19 strategy, which aims to restore public trust by prioritizing science and data. However, new technologies and scientific breakthroughs can invoke mistrust and fear when not communicated properly, as seen with the new COVID-19 vaccines. While we should be vigilant about the potential threat to privacy posed by new technologies, we also need to acknowledge that surveillance itself is not always bad. Three clear examples show how South Korea has been using data, technology, and science to tame COVID-19 without threatening democratic freedoms.
First, South Korea learned the importance of effective contact tracing from the MERS outbreak. As COVID-19 began to spread, the South Korean government transformed the “Smart City” data platform it was developing into a public health tracking tool. The Korea Disease Control and Prevention Agency, or KDCA, developed the Epidemiological Investigation Support System, or EISS, a platform that enables public health authorities to rapidly collect and analyze data to track confirmed COVID-19 cases. The system began operating on March 26, 2020, just two months after the country’s first confirmed COVID-19 case. Using the EISS, once the KDCA confirms a COVID-19 case, authorized investigators request each patient’s location data that is entered into the system by respective entities pursuant to Korea’s Infectious Disease Prevention and Control Act. The system then performs real-time tracking analysis, which, complemented by traditional interviews by human contact tracers, enables both quick contact tracing and the identification of pandemic hot spots.
This system has allowed tracking and investigation of confirmed COVID-19 cases in less than 10 minutes, rather than a day or more before the EISS. Data privacy and security are ensured by making sure that only KDCA investigators with the necessary legal authority can access the EISS, and by logging every system access for security incidents. To minimize the collection of personal information, the maximum data collection period for each case is set at 14 days, the incubation period of the disease. And the system is temporary: At the end of the COVID-19 pandemic, all the personal information will be destroyed.
Second, South Korea has been using a smartphone app to monitor compliance by those under isolation or quarantine—those confirmed to have COVID-19, those in close contact with a confirmed case, and international travelers. Throughout the pandemic, South Korea has not closed its borders to any international travelers entering the country. Instead, it has implemented special entry procedures mandating a 14-day self-quarantine and free COVID-19 testing to prevent spread. The Self-Quarantine Safety Protection App is a two-way app that enables the quarantined person to report any symptoms and the designated case officer to monitor the individual’s quarantine compliance via GPS-based location data with consent. While quarantine compliance monitoring via the app is strongly recommended, it is not mandatory. Those without smartphones or those who wish to opt out can be monitored via the traditional method of phone calls by a case officer. Still, the adoption rate of the app was at 91.8 percent as of Sept. 1, and both South Koreans and travelers are reassured by knowing that those at risk of spreading COVID-19 are compliant with self-quarantine measures.
Third, South Korea has made special efforts to provide accurate COVID-19 information to the public. Twice-daily official government briefings ensure that the public receives the most up-to-date and accurate information related to COVID-19. In addition, a consortium of South Korea’s police, health, and communications agencies is operating a situation room to monitor COVID-19-related fake news on major websites. The government has also requested that key international internet platforms including Google, Facebook, and Twitter prioritize official COVID-19 information by the government, which they have done.
Of course, this is not to say that South Korea got everything right. Its use of location data to track COVID-19 cases has raised privacy concerns, and the Self-Quarantine Safety Protection App was found to have security flaws (which were subsequently fixed). Generally, however, South Koreans appear to be satisfied with the government’s COVID-19 response and have not experienced any critical privacy or security violations. In fact, a survey by a leading South Korean policy think tank, STEPI, found that South Koreans now favor continuous public health measures for infectious disease control, including health surveillance.
These measures of coordination, communication, and collection of location data could work in the United States, but they have been held up by poor national leadership and fears of infringement on civil liberties and privacy rights. The Biden administration has promised a return to science-based effective leadership, but fears of public health surveillance remain. We share many concerns about the dangers of surveillance, but properly constrained, temporary public health surveillance is the only way to fight a deadly pandemic. For this to work, we have to be able to trust public surveillance, particularly the way that public authorities use the sensitive personal data about our health and location that an effective system requires. This erosion of trust is why only 42 percent of Americans support using contact-tracing apps, stating concerns about what both tech companies and the government might do with the data. In fact the uptake of these apps in available states is even lower, with download rates ranging from 1 to 13 percent of state populations despite the privacy-preserving features of many apps. Moreover, without any coordinated national strategy, not all states’ apps are interoperable through a common key server.
By contrast, despite its own flaws, South Korea’s COVID-19 health surveillance is operating on a foundation of the strong public trust rebuilt in the years following the MERS disaster. After that failure, Korea’s public health law was amended to “mandate” public disclosure of information such as “movement paths, transportation means, medical treatment institutions, and contacts of patients of the infectious disease” once an infectious disease crisis reaches a certain level. Transparency of this kind of data does carry an inherent tension with privacy risks, but South Korea’s emphasis on information transparency is safeguarded by one of the strongest comprehensive data privacy laws in the world, its Personal Information Protection Act. In addition, its public health law includes provisions that ensure rigorous protection of personal data—making sure it is used to help fight the pandemic and not for any other purpose. By contrast, the U.S. lacks a comprehensive federal data privacy law, and during the early phase of the pandemic, Congress scrambled to introduce multiple contact-tracing data privacy bills without success.
Public debates surrounding COVID-19 health surveillance have often framed the issue as a trade-off between privacy and health. However, privacy is not just about the “right to be let alone” or having full control over one’s information. Rather, privacy can exist based on trust. When the government acts as a trustworthy data steward, its public health surveillance measures can actually work to protect both privacy and health. Based on trust that their government is using their data only for good, South Koreans view health surveillance during a public health crisis not as a threat to privacy or a potentially harmful method of state control but as a necessary tool to protect public health and ensure their “right to know.” That is, transparent and responsible health surveillance becomes a tool that can protect democracy rather than threaten it.
While South Korea’s specific public health measures might not be transferable to other countries, its willingness to learn from mistakes certainly is. Moreover, after the last four disastrous and shambolic years, rebuilding public trust in government is more important than ever in the United States. While the recent rollout of COVID-19 vaccines brings hope, initial distribution has been met with delays and obstacles. We failed with testing and contact tracing, yet we could have learned from these mistakes and done better with the vaccine. New, more infectious COVID-19 variants have forced the United Kingdom and other countries into national lockdowns again and are already spreading throughout the United States. While the previous administration never had a coordinated plan to control the virus, there is still a chance—and urgent need—to do better. South Korea’s model offers both a blueprint of success and a reminder that a combination of good governance, good science, and public trust is the only way to effectively deal with public health crises.