The WHO's COVID Dashboard Comes With a Liability Trap Most Users Never See
The World Health Organization's COVID-19 dashboard has become a widely used pandemic data source. But buried beneath the interface that "encourages public access and use" sits a legal structure designed to transfer nearly all risk from the WHO to anyone who clicks through.
According to the WHO's own terms of use, the dashboard operates under a Creative Commons Attribution 4.0 International License, the kind of open-data framework that typically signals to researchers, journalists, and public health departments that information is free to use with basic attribution. That's where most users stop reading. What they miss are the disclaimers that follow: if any portion of the dataset draws from sources other than WHO, those materials fall outside the organization's standard terms. Users must determine on their own whether third-party sources are involved and obtain whatever permissions those sources require.
The WHO's dashboard aggregates COVID-19 case counts from 194 member states, as documented in its technical specifications, each with its own reporting systems and data-sharing agreements. Yet the organization doesn't clearly identify which data points originate from member states, which come from partner organizations, and which the WHO itself generated. A researcher analyzing outbreak patterns has no practical way to audit the provenance of each data point in a dataset containing millions of entries.
Where the Risk Actually Lands
The WHO's terms of use make the transfer explicit: "The risk of claims from third-party intellectual property infringement rests solely with the user of the data." A graduate student building a transmission model, a county health department updating its risk assessment, a news organization tracking variant spread, all become personally liable if any component of the WHO's aggregated data turns out to involve third-party rights they failed to clear.
Consider what this means in practice. A public health researcher downloading a dataset to model transmission patterns assumes legal responsibility for verifying the intellectual property status of data from nearly 200 countries. A local health department using WHO figures to justify mask mandates or school closures becomes liable for any third-party claims embedded in that global dataset. A journalist citing case counts in a news story takes on personal risk for rights clearances the WHO itself hasn't provided.
This isn't how open data is supposed to work. Creative Commons licenses exist specifically to remove legal uncertainty, to let users know they can build on published information without hiring attorneys. The WHO's additional disclaimers hollow out that promise. They create what legal scholars call "toxic data", information that's technically public but carries hidden liability.
According to the WHO's legal terms, the organization reserves the right to amend its terms at any time, at its sole discretion. Users who downloaded data under one set of conditions might find themselves subject to different rules retroactively. And if a dispute arises over how to interpret the license terms, the WHO's agreement routes it to arbitration under UNCITRAL rules, a process designed for disputes between nations and large institutions, not individual researchers or small newsrooms.
The Performance of Transparency
The WHO dashboard presents itself as a model of institutional openness. The data comes in machine-readable formats. The organization's public messaging emphasizes accessibility and encourages widespread use. But the legal architecture underneath tells a different story: an organization that has learned to perform transparency while engineering escape routes from the consequences of its own information.
The WHO's approach creates a specific kind of dysfunction. Public health depends on shared information. Outbreak response requires researchers and officials to make rapid decisions based on the best available data. When the world's primary health authority publishes that data but wraps it in liability disclaimers, it forces every user into an impossible choice: ignore the legal fine print and hope nothing goes wrong, or spend resources most don't have conducting due diligence the WHO itself should have performed.
What Gets Lost in the Disclaimers
The dashboard's metadata, the information describing the datasets themselves, offers little help, according to the WHO's own documentation. It documents technical specifications: file formats, update frequencies, variable definitions. It doesn't map which member states contributed which data points, or flag where partner organizations filled gaps in national reporting. Users are left to reverse-engineer the provenance of information the WHO aggregated specifically because individual users couldn't.
The terms sit in a corner of the website most users never visit. Researchers cite WHO data in academic papers without realizing they've assumed personal liability for intellectual property claims they have no way to assess. Health departments build policy on numbers that come with invisible strings attached.
Alternative Approaches Exist
Other international data initiatives demonstrate that comprehensive liability protection is possible. The WHO could provide clear provenance mapping for each data source, explicitly clearing rights before publication rather than transferring that burden to users. The organization could limit its Creative Commons license to only the data it has fully cleared, publishing other information under separate, clearly marked terms. It could provide users with a warranty that the data offered under open licenses is free from third-party claims, as many open data publishers do.
The WHO created the dashboard to solve a coordination problem: how to track a global pandemic when 194 countries collect data differently. The legal terms create a new problem: how to use that coordinated data without accepting risks the coordinating organization refuses to bear itself. Until the WHO revises its approach, users face a choice between forgoing valuable public health data or accepting liability they cannot reasonably manage.