Protecting user privacy on COVID-19 contact-tracing apps: eight essential considerations
Researchers from Imperial College London (UK) have formulated eight key questions that governments should consider when developing contact-tracing apps to help identify individuals who have been directly exposed to confirmed COVID-19 cases, to protect users' privacy.
Mobile apps for instant contact tracing are currently being considered by several European governments to help identify individuals who have been directly exposed to confirmed COVID-19 cases. A key consideration however, is how to protect users’ privacy, as such apps would require compilation of detailed sensitive information such as users' precise locations. Now, in a new White Paper, researchers from Imperial College London (UK) have formulated eight key questions that governments should consider when developing contact-tracing apps, to help protect users’ privacy.
Paper author Yves-Alexandre de Montjoye (Imperial College London) stated: "We need to do everything we can to help slow the [COVID-19] outbreak."
An essential aspect of mitigating viral transmission is contact tracing - identifying and informing individuals who have been directly exposed to confirmed COVID-19 cases so that these individuals self-isolate and monitor any potential symptoms more closely. However, in reference to research concerning the feasibility of developing contact-tracing apps, Christophe Fraser (Oxford University’s Big Data Institute and Nuffield Department of Medicine; both Oxford, UK) commented: “Our mathematical modeling suggests that traditional public health contact tracing methods are too slow to keep up with this virus.”
In the new White Paper, the Imperial team outline eight specific considerations relating to users’ privacy, including: how can the amount of users' personal data made available to authorities be limited? Can the anonymity of users be protected?
These questions are important to consider because large-scale personal data collection can lead to mass surveillance, as with complete histories of users’ locations and corresponding time stamps, data may be easily re-identifiable.
"Contact tracing requires handling very sensitive data at scale, and solid and proven techniques exist to help us do it while protecting our fundamental right to privacy. We cannot afford to not use them," continued de Montjoye.
“Our questions are intended for governments and citizens to help evaluate the privacy of apps. They could also for app developers when planning and evaluating their work,” concluded de Montjoye.