14/05/2020
Geolocation, privacy and Big Data are at the center of the debate right now. They were there before, but with the outbreak of a crisis as unexpected as it was forceful, their relevance in combating such serious things as a global pandemic has once again become apparent.
We are clear about the usefulness of geolocated data to know, for example, the movements of people, and thus prevent possible contagion by coronavirus, but does this use respect the privacy of citizens? Can the defense of individual liberties be compatible with the protection of the common good?
Faced with a risk scenario that affects the entire planet, the responses have been different. How have different governments and institutions dealt with the use of data to combat the pandemic? We review some of the strategies used by the most relevant ones.
Singapore
Thanks to its experience with SARS in 2003, Singapore was one of the first countries to react early to Covid-19 and the first to launch a tracker based on Bluetooth technology – on March 20 – that detects like a radar the information of the other cell phones around it to know if there is someone with the covid-19. This information is, a priori, encrypted, protecting the user’s privacy and without saving the location. The only information kept is the telephone number of each user.
The application, called TraceTogether, exchanges identification codes between users within a 2-meter radius automatically and encrypted via Bluetooth on most cell phones.
If a user contracts Covid-19 pneumonia, caused by the SARS-CoV-2 coronavirus, he or she can share his or her information with the authorities and the system will alert people who were in contact with him or her to break the chains of contagion.
South Korea
As applauded as it is difficult to export to Europe, the South Korean model has helped Seoul to locate and quarantine all potentially infected persons. South Korea was more prepared for this health crisis because it was already hit by others such as MERS. In 2015 and 2018, the privacy law was changed to bring it under the needs of the government in times of emergency. Thus, the executive has now had access to its citizens’ data without the need for their consent.
The model is based on asking those infected what their last contacts have been. If they do not want to disclose it, bureaucratic processes have been expedited with the police and telephone operators so that the Ministry of Health can access their mobile GPS and credit card history. They also make use of surveillance camera recordings. When a case of contagion is confirmed, it is published on a government website and a message is sent to the cell phones of people living nearby with detailed information on the places where the confirmed case occurred .
The government is in charge of obtaining the data from the operators and publishing them so that private companies can create ‘apps’ to identify sources of infection and map cases. Although the data is anonymous, the publication of its movement routine openly exposes the private sphere of its citizens.
China
After detecting its first outbreak, the Chinese authorities launched a first control system in the city of Hangzhou with the help of the e-commerce giant Alibaba, which has been deployed throughout the country. With this app, citizens are assigned a color – green, yellow or red – that determines their health status. Although it is not known exactly how it works, this mobile software connects personal data such as the name or geolocation of users with the police, who monitor compliance with the rules.
Italy
Several Italian companies have developed a project to reconstruct the movements of people affected by coronavirus that awaits government approval. Like the Singapore model, such an ‘app’ would serve to alert people who have been in contact with a positive case in the previous days to instruct them to quarantine themselves. In addition, the user could record his symptoms to have a diagnosis. The Lombardy region has already launched a project to anonymously track movements in order to know if the confinement was being complied with.
The aim is to avoid new outbreaks after the cessation of the state of alarm. This selective data analysis and use of geolocation would be done on an anonymous, non-profit basis and the data would not be made public. Only Civil Protection and scientific research would have access to these data.
United Kingdom
The United Kingdom, to date, has been one of the most transparent countries in terms of the collection, justification and present and future uses of citizen data to address COVID-19.
“When the pandemic subsides and the outbreak is contained, we will close the database for COVID-19,” promises the official National Health Service (NHS) website, in which the health authorities pledge to “destroy” the data or return it to its original holders.
The NHS also pledges that all information it centralizes during this crisis-mostly from databases already available to public health care-will be returned to anonymity (i.e., subjects will no longer be identifiable), will remain at all times under the sole control of the NHS, and will be used only to fight COVID-19.
Germany
In a country particularly wary of surveillance such as Germany, the current pandemic emergency situation has achieved a broad political consensus for to promote an ‘app’ that monitors cases of infection without invading citizens’ privacy. Although not many details are known, the German project studies the use of Bluetooth for case detection -as in Singapore-, the use of anonymous data and rules out geolocation.
In addition, the country’s national public health center launched an unprecedented data collection experiment to launch an app to monitor data such as pulse or sleep patterns of citizens who agree to participate in the study to detect cases of infection. The government has asked to open a debate on the use of technology once the confinement is over and experts say that data can be used to curb the pandemic while being respectful of privacy.
United States
The debate about data privacy has also gained much intensity through a proposal that is increasingly gaining traction among epidemiologists and medical and technology professionals in the US: leverage existing big data from giants such as Apple and Google.
In fact, Google has already begun to publish “mobility reports” that show aggregated and anonymized data at the country or region level on the presence of people in geographic spaces, which reveal, for example, that in Spain bar attendance dropped 92% in the first weeks of the confinement.
These data, however, are extremely generic and do not track individuals individually or include medical information, so they are a far cry from, for example, what is being done in China or other Asian countries such as South Korea.
Proponents of the proposal argue, however, that it is a better alternative to the government having to create a new surveillance infrastructure parallel to that of the companies, since the experience of Apple and Google in protecting the privacy of their users is precisely the best guarantee that abuses will not be committed.
EU
For its part, the EU has developed a
practical guide for the development of mobile applications aimed at combating COVID-19 infection
.
Public health authorities must assess the effectiveness of these applications and report by May 31, 2020 to the Commission, which will evaluate progress and publish regular reports starting in June 2020 and throughout the crisis. Once it is no longer necessary, recommendations will be made to eliminate these measures.
Long-term debate
Beyond the measures that each country has developed to specifically address this crisis, a long-term debate on the advantages and disadvantages of the use of geolocation is more necessary than ever.
There are four fundamental principles that every government must respect so that the use of technologies such as Big Data or Artificial Intelligence can be of common benefit to society as a whole.
- Transparency: what data is being compiled and how it is being compiled
- Circumscription of all measures to a clear regulatory framework
- Clear demonstration that less privacy-invasive alternatives do not exist
- Assurance that there will be an independent control system
No one doubts (through examples such as South Korea or Singapore) that technology, complying with these four principles, will be a clear ally in this collective protection. Establishing the limits jointly, for the sake of necessary protection, is the path to be followed from now on.