The social contract in action: using personal data for COVID-19 contact tracing
The need for immediate and reliable information about COVID-19 has tested the systems in place for protecting data.
International and national laws recognize that, in extraordinary circumstances, certain fundamental rights, including the right to data protection, may be restricted, with the following conditions: basic democratic principles and safeguards are ensured, and the restriction is legitimate, time limited, and not arbitrary.1
Following the World Health Organization’s declaration of a global pandemic in mid-March 2020,2 governments around the world have adopted contact tracing strategies to track down any individual who might have come into contact with an infected person, so that they may be quarantined to prevent further spread of the disease.3 Such contact tracing has historically been carried out manually by public health authorities.4 However, it can be undertaken much more efficiently on a massive scale using digital technologies such as mobile applications, which can simultaneously deliver public health advice.
Despite these benefits, contact tracing raises several concerns. First, tools relying on location tracing may be construed as unwarranted surveillance and a threat to privacy, especially in jurisdictions with inadequate data protection frameworks5 and given that location data are hard to anonymize fully. Second, personal data collected in contact tracing currently flow beyond trusted parties and organizations, reaching more third parties than accounted for in current governance models. Third, there is evidence that using geographic location in contact tracing may be inaccurate and inefficient because it does not provide all of the relevant facts. An empirical study of the Ebola outbreak found that those data are meaningful only when reidentified, touching on the “purpose limitation” used in good-practice data protection laws.
While countries around the world have been developing contact tracing apps, two approaches have emerged: centralized and decentralized. Both approaches use Bluetooth signals to log when smartphone owners are in proximity to one another, sending alerts to users who may have been infected when someone develops COVID-19 symptoms.
Under the centralized model originally pursued by the UK government, anonymized data are gathered and uploaded to a remote server, where matches are made with other contacts when a person starts to experience COVID-19 symptoms.6 The United Kingdom’s proposed approach contains a persistent identifier that is shared with the National Health Service, allowing public authorities to receive infection data automatically. The central server then alerts other app users who have had significant contact with the infected person. Despite the public health merits of the centralized approach, the application was abandoned in mid-June 2020 in favor of a decentralized approach, due to low rates of phone recognition during its testing phase on the Isle of Wight.
In contrast, the decentralized model, promoted jointly by Apple and Google, aims to support contact tracing by health agencies, while integrating privacy and security into the design.7 Users have more control over their information because it is stored in a decentralized manner on their phones, preventing the siphoning of data into central government servers. In this model, “The protocol excludes processing of any location data—unless the user opts in—applies ‘Rolling Proximity Identifiers’ that prevent identification of the user, processes proximity identifiers obtained from other devices exclusively on the device, [and] permits only users to decide whether to contribute to contact tracing by sharing Diagnosis Keys with the ‘Diagnosis Server’ if diagnosed with COVID-19, resulting in the alert to other users.”8
A multistakeholder consortium, the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) community, is developing contact tracing technologies that adhere to strong European privacy and data protection laws and principles.9 The PEPP-PT technical mechanisms and standards fully protect privacy, while taking advantage of the possibilities of digital technology to maximize the speed and real-time capability of national pandemic responses. Initiatives under the umbrella of PEPP-PT aim to develop an open protocol for COVID- 19 proximity tracing using Bluetooth Low Energy on mobile devices and an architecture to ensure that personal data stay entirely on an individual’s phone.
- Access Now (2020).
- WHO (2020).
- Yan (2020).
- eHealth Network (2020).
- FPF (2020).
- Economist (2020).
- Google (2020); Sabbagh and Hern (2020).
- eHealth Network (2020).
- See Pan-European Privacy-Preserving Proximity Tracing (dashboard), n.d.
- Access Now. 2020. “Recommendations on Privacy and Data Protection in the Fight against COVID-19.” Access Now, Brooklyn, NY, March 2020.
- Economist. 2020. “Privacy Be Damned: Some Countries Want Central Databases for Contact-Tracing Apps.” April 30, 2020.
- eHealth Network. 2020. “Mobile Applications to Support Contact Tracing in the EU’s Fight against COVID-19:Common EU Toolbox for Member States.” Version 1.0, eHealth Network, Brussels, April 15, 2020.
- FPF (Future of Privacy Forum). 2020. “Privacy & Pandemics: The Role of Mobile Apps (Chart).” FPF, Washington, DC, April 2020.
- Google. 2020. “Apple and Google Partner on COVID-19 Contact Tracing Technology.” Company Announcements (blog), April 10, 2020.
- Pan-European Privacy-Preserving Proximity Tracing (dashboard). n.d. “PEPP-PT.” GitHub. Accessed December 15, 2020.
- Sabbagh, Dan, and Alex Hern. 2020. “UK Abandons Contact-Tracing App for Apple and Google Model.” Guardian, June 18, 2020.
- WHO (World Health Organization). 2020. “WHO Announces COVID-19 Outbreak a Pandemic.” Media Release, March 12, 2020. WHO Regional Office for Europe, Copenhagen.
- Yan, Holly. 2020. “Contact Tracing 101: How It Works, Who Could Get Hired, and Why It’s So Critical in FightingCoronavirus Now.” CNN Health (blog), May 15, 2020.