Contact-Tracing Apps: Do they threat your privacy?

The time of Covid-19 is quite different from that of the Black Death (14th century) or the Spanish Flu (20th century) when technological tools were not yet sufficiently evolved to help fight pandemics.

We live in an era of information, the Internet, and big data. Therefore, several measures to combat the pandemic have focused on the use of digital tools that allow us to determine: how many people are infected; where they were infected; who they might have infected; and predict the evolution of the pandemic.

Because of their potential to answer these questions, Contact-Tracing Apps have played a key role during this public health crisis. However, their adoption is far from being consensual, given their potential to answer not only the previous questions but also many others that do not involve fighting the pandemic.

These new apps are the result of partnerships amongst technology companies, universities, clinics, and public authorities, which are responsible for their financing, development, and implementation.

Some Virus-Tracking Apps :

TraceTogether: Using Bluetooth, this application, developed by Singapore’s Government Technology Agency, tracks individuals who have been exposed to the virus. The app alerts individuals who have had contact with someone infected with the new coronavirus, or who are at a high risk of carrying the virus. When an individual is confirmed or suspected of being infected, they can choose to allow hospitals, the Ministry of Health, and third parties access to their data to help identify close contacts.

South Korea’s Tracking App: The Self-Quarantine Security application is used by Korean public authorities to provide information about COVID-19, including quarantine guidelines, and to prevent possible violations of confinement orders. The application can also be used for voluntary communication with health authorities. The data collected is not shared with third parties.

C-19 COVID Symptom Tracker: The aim of this application, developed in the United Kingdom, is to delay the outbreak of Covid-19 by helping researchers to identify: the rapid spread of the virus in different areas; the high-risk areas in the United Kingdom; and who is most at risk, through a better understanding of the symptoms linked to underlying health conditions. The study’s data can reveal essential information about the progression of the infection in different people and help to understand why some individuals develop more severe or fatal symptoms, while others experience only mild symptoms.

The issue of privacy and data protection

Contact-Tracing Apps may be more consensual, but only if they depend on the users’ explicit and informed consent for the collection and sharing of their information, ensuring the protection of their privacy. For example, the Singapore’s TraceTogether app has a number of privacy safeguards, including the fact that it does not collect or use geolocation data and that data records are encrypted.

Privacy-by-design can help deal with risks

Privacy-by-design seeks to provide the maximum degree of privacy by ensuring that the protection of personal data is incorporated into the system, for example, integrating the use of aggregated, anonymous or pseudonymous data to provide additional privacy protection, or the deletion of data once its purpose has been fulfilled.

For example, the Covid-19’s app developed by the Norwegian Institute of Public Health is designed to store location data for only 30 days. The use of additional privacy enhancement solutions can provide greater security.

In many of these tracking apps, Bluetooth technology is used because, unlike GPS and Wi-Fi, it only detects which devices have been around each other, rather than recording the location.

Ensure data protection

Digital technologies provide powerful tools for governments in their fight to control the Covid-19 pandemic, but their privacy and data protection implications must be recognized. Contact-tracing apps should be implemented with full transparency!

It’s necessary to consider:

  • The legal basis for the use of these technologies, which varies depending on the type of data collected (e.g. personal, sensitive, pseudonymous, anonymous, aggregated, structured, or unstructured).
  • Whether the use of these technologies and subsequent data collection is appropriate and consider how data is stored, processed, shared, and with whom, including which security and privacy protocols are implemented.
  • The quality of the data collected and whether it’s appropriate for its intended purpose.
  • Whether the public is well informed and whether the procedures adopted are implemented with full transparency and accountability.
  • The time frame during which the most invasive technologies that collect personal data can be used to combat the crisis. Data should be retained only for as long as necessary to serve the specific purpose for which it was collected.

If the discussion about digital tracking exists, it’s for one simple reason: as long as these apps are used by a significant fraction of the population, Contact-tracing Apps can work.  The question should then be this: is it possible to have effective virus-tracking apps that do not compromise citizens’ privacy or the guidelines of the General Data Protection Regulation?

Tracking would have to be temporary, voluntary, and decentralized; it would also have to ensure the processing of data anonymously and only allow the public sharing of aggregated data.

 

 

Was this post helpful?