As government leaders, policymakers, and technology companies continue to navigate the global coronavirus pandemic, CDT is actively monitoring the latest responses and working to ensure they are grounded in civil rights and liberties. Our policy teams aim to help leaders craft solutions that balance the unique needs of the moment, while still respecting and upholding individual human rights. Find more of our work at cdt.org/coronavirus.
European countries, like others around the world, are considering how to use electronic data such as location and proximity information to manage the reopening of their economies and societies. Mobile operators and technology companies are working on making data or insights available to authorities that enable better understanding of the way lockdown measures work, and to anticipate and avert new outbreaks. The various solutions being developed and deployed have a number of data protection and privacy concerns associated with them. The European Commission, the EDPS and national data protection authorities have issued statements and guidance about the data protection and privacy standards these solutions should meet. Based on what is known at this point, it seems clear that contact tracing apps and location data gathering measures can be valuable, but are not a panacea. There are significant question marks about their effectiveness and utility in controlling the pandemic, and they involve difficult trade-offs between different rights and interests that require careful consideration. It is appropriate for European governments and public health authorities to evaluate how intelligent use of electronic data can help manage the pandemic. They should consider such measures as part of their overall public health strategies and pay due attention to protection of privacy and other fundamental rights. Most importantly, the data collected should be deleted once the current crisis is over, and should not be used for unrelated purposes.
European Countries Are Launching Apps and Tools With Little Coordination
European governments and authorities are experimenting with a variety of electronic data collection measures. These range from large-scale acquisition of aggregated and anonymised telecommunications location data, to symptom tracking apps and targeted contact tracing apps. Precise, aggregated information on citizens’ movements could be useful for monitoring and predicting new outbreaks, and planning future resource needs and immediate actions. Furthermore, identifying and informing people who may have been in contact with confirmed COVID patients could allow more targeted and limited quarantine measures and alleviate the economic and social impact of the pandemic.
In Belgium, citizens’ mobile location data from telecommunications operators are combined with health data to generate aggregated and anonymised regional datasets to allow authorities to assess how the virus spreads and which areas are at high risk. In Austria, mobile provider A1 shares anonymised mobile location data with authorities to track whether or not citizens are restricting travel and following government advice. More than 400,000 people have already downloaded the contact tracing app Red Cross’s Stopp Corona. Its developers are now upgrading its design and architecture to strengthen user privacy. The German mobile operator Deutsche Telekom shares anonymised location data with the national disease control centre Robert Koch Institute. The centre has developed an app that allows Germans to easily “donate” personal data collected by fitness-tracking devices such as GoogleFit and AppleHealth. The German authorities are believed to be preparing the launch of the app to collect users’ health data to recognize corona symptoms at an early stage and record its geographical spread. Germany also is going to launch a new contact tracing app in the following weeks.
The most controversial measure so far is the Polish “Home Quarantine” app that requires people in quarantine to periodically send geo-located selfies to prove they are abiding by the quarantine measures. The app is connected to a database of phone numbers of people who are under mandatory quarantine. The system checks both the person (using facial recognition) and the location. In Italy, the Lombardy Region launched the “CercaCovid” app, a project that uses the Lombardy Civil Protection app called “AllertaLom”, to map the risk of contagion. The data is collected through the completion of a questionnaire from citizens, whose data will be acquired in anonymous form. Membership is voluntary.
The Community of Madrid released the “AsistenciaCovid19 app” which collects citizens’ data (name, phone number, date of birth, sex, address, postal code, eID and email) and location data (encrypted and securely stored, according to the app website) to enable the authorities to track how symptoms change over time and by location. The Catalan app “Stop Covid-19 Cat” allows citizens to share their symptoms with local health authorities so they can track the health condition of the population. Finally, the Slovak COVID-19 app for mobile phones uses GPS and Bluetooth sensors to register whether the user has come into contact with an infected person in the last 14 days. The app can anonymously reverse-trace initial infection before the symptoms occur.
It is reported that a series of contact tracing apps will be approved in the coming weeks in Italy, France, and Ireland, which aim to notify individuals that they have been in close contact with someone who is confirmed to carry the virus, in order to break the contamination chains as early as possible. Liechtenstein will provide citizens with biometric bracelets to monitor COVID-19 in real-time and keep track of the number of new cases arising in the country.
European Commission Addresses Interoperability and Data Protection Concerns
These measures raise privacy and data protection concerns to varying degrees that EU institutions have sought to address. In March, the Commission urged European telecoms operators to share anonymized and aggregated user data, and asked guidance from the European Data Protection Supervisor about compliance with EU data protection rules. On 8 April, the Commission adopted a recommendation to develop a common European approach for the use of mobile applications and mobile data, and adopted a common EU toolbox for interoperable mobile applications for efficient contact tracing.
This toolbox sets out the essential requirements for compliance with data protection and privacy rules:
- Symptom checker and contact tracing apps should be implemented in close coordination with, and approved by, public health authorities.
- They should be voluntary, and dismantled as soon as no longer needed.
- Based on Bluetooth proximity technology, they should not enable tracking of people’s locations.
- They should use anonymised data: they can alert people who have been in proximity for a certain duration to an infected person to get tested or self-isolate, without revealing the identity of the people infected.
The objective of contact tracing and location data collection is to provide authorities with sufficient data to undertake effective targeted quarantine measures and help manage the lifting of general lockdowns. However, location data collection and contact tracing have limitations. Cell tower location tracking lacks granularity, and cannot detect if two cell phones were within two meters of each other (the epidemiologically relevant distance for the coronavirus). GPS signals offer higher precision but are only reliable in open spaces, not indoors – so people inside buildings, trains and busses would not be recognised, and people on different floors in buildings may appear to be in similar locations when they are not. Bluetooth technology seems to be the most promising technology to map close meetings of people indoors (buildings, subways, buses, offices). Apps based on a mechanism that receives Bluetooth signals from other nearby phones and keep a record of them for a set period, like the Pan-European Privacy-Preserving Proximity Tracing mechanism (PEPP-PT), or the Apple/Google Privacy-Preserving Contact Tracing initiative, could form the basis of an EU-wide technology to detailed in-person contact tracing. However, Bluetooth solutions have their own limitations and are likely to produce both false positives and false negatives due to signal disturbance. Finally, Bluetooth tracking between mobile phones raises serious privacy implications and its use should only be explored if safeguards on access, retention, and use are maintained.
At this stage, it is unclear whether location data collection, symptom checkers and contact tracing apps will play a significant role in European countries’ efforts to manage the COVID-19 crisis. The European Commission understandably recommends a coordinated approach to deploying apps and tools in Member States, but does not have the authority to mandate it. There are significant data protection and privacy concerns, and the European Commission and the European Data Protection Board have issued detailed guidance on tools that comply with the General Data Protection Regulation and the ePrivacy Directive. The tools have technical limitations, and even if they are adopted (voluntarily) by the majority of the population, their effectiveness will likely be limited by the quality and consistency of self-reported data input. For example, most countries have not yet carried out large-scale testing, and as the virus can be carried without symptoms, its spread is not known with any precision. Fundamentally, contact tracing and data collection measures should be assessed in the context of countries’ overall crisis management strategy. It will be essential to build and maintain citizens’ trust and confidence in these data collection measures, and to deploy solutions that are interoperable across borders. This means ensuring that data protection and privacy norms and rules are respected. The European Union institutions are doing the right things to achieve these goals.