All over the world governments have started to use contact-tracing apps to fight the Covid-19 pandemic. Although the use of this technology is touted as an effective way to limit transmission of the virus, critics worry about the privacy of those using the apps.
The apps use location data to determine whether a user may be infected. To do this, the app has to record where a user has been, so that this data can be compared with the location data of those who have recently tested positive for the virus. If this comparison shows that a user has recently been in close proximity with someone who is infected, he or she can be notified and asked to self-isolate so that they do not transmit the virus to others.
The issue with this process is that it relies on the storage of a person’s whereabouts. The data will show where a person lives, where they work, and any other places they have been. This information can be used by the state (or any other entities that get their hands on it) in ways that are detrimental to the user. If left unchecked, this can allow those with access to the data to target people based on the places they visit and who they meet.
Around the world, different countries are dealing with this dilemma in different ways. Some have decided that health concerns outweigh privacy concerns and have thus accepted the loss of privacy. Others have tried, or are still trying, to design apps that can contact trace, but function in a way that greatly reduces or eliminates the risk of a user losing control over their location data. And yet others have decided that they can work without contact-tracing apps entirely.
In order to get a better sense of how different governments have approached this issue, it is useful to look at some examples:
It will surprise no one that China has entirely disregarded privacy in this matter. The country requires residents in more than 200 cities to download an app named Health Code. The app is not just used to alert the user when they have been in contact with someone who has been infected, users are also required to use the app to prove that they are healthy when they enter shops or public transport. It requires users to sign up with their passport and phone number, and to fill out a questionnaire. After this the app displays one of three colours — green, yellow or red — green means you’re free to roam the city, yellow means you need to go into quarantine for 7 days, red for 14 days. This evaluation is then updated continually, and has to be shared with
The app shows no regard for the user’s privacy. The New York Times reports that “as soon as a user grants the software access to personal data, a piece of the program labeled ‘reportInfoAndLocationToPolice’ sends the person’s location, city name and an identifying code number to a server.” The software does not make clear to users that this information is shared. In addition, it is not known publicly how the software classifies people, leaving users unable to challenge or question their classification. As a user’s classification determines whether they are allowed to enter shops or travel, the app has a tremendous power over users.
It is difficult to determine how effective Health Code is at limiting transmission of the virus. China’s over-all success in supressing the outbreak means it is possible that the app is showing success. But as the Chinese government does not reveal how the data is used and analysed, it is impossible to say to which extent the country’s successful suppression of the virus is down to the contact-tracing app, or to the other measures the country has implemented.
South Korea does not use a contact-tracing app. Instead, it requires its public health centres to publish detailed accounts of the travel history of people infected. This information is sent to people in the area via text and is often turned into maps by non-government entities. The information is collected by employees of public health centres, using mobile phone data, CCTV footage and credit card data. Although the data is anonymised, the detailed nature of the data has led to people being identified, causing them to be harassed online. In response to this, the National Human Rights Commission of Korea has issued a statement calling for stronger measures to protect individuals from being outed. The country does use an app to monitor whether those infected remain in quarantine, but this app is voluntary. Monitoring quarantine would otherwise be done through phone calls.
South Korea is a prime example of a country that has opted to favour health concerns over privacy. However, being a democratic country, its system of contact-tracing is based in law, highly transparent and subject to continual evaluation.
Like South Korea, Taiwan does not have a contact-tracing app. Since the 2003 SARS outbreak, the country has been highly vigilant when it comes to monitoring for outbreaks of new infectious diseases. It set up a 24/7 command centre, tasked with managing any future outbreak. On the 31st of December, at the slightest indication of an outbreak in Wuhan (posted on the Taiwan equivalent of Reddit, according to Taiwan’s Digital Minister Audrey Tang), the Taiwanese Center for Disease Control issued an order to board every plane arriving from the city to inspecting passengers for flu. Combined with other measures, this means that Taiwan has had 440 cases and only 6 deaths.
Due to the low number of cases, Taiwan simply has no need for a contact tracing app. It has enough capacity to do manual contact tracing. It does however monitor mobile phone location data to ensure that those who have been in contact with an infected person abide by quarantine rules. Unlike in South Korea, these measures are not voluntary. If someone breaks their quarantine (or their phone runs out of battery) the police is informed, and they will go to a person’s home, to ensure they are not breaking quarantine. Those at risk of infection who do not have a phone will be given one, so that they can be monitored. The police also has access to the names of all those under quarantine, so that they can recognise them when they check IDs at popular places to go out and socialise.
While these measures are tough, and do limit the privacy and freedom of movement of all those under quarantine orders (55.000 at the beginning of April), their legal basis has been extensively tested in the aftermath of the SARS outbreak of 2003. Cases against the enforcement of quarantine (e.g. preventing people from leaving hospitals), were brought before Taiwan’s constitutional court. The court ruled that the measures had been proportionate, but stipulated that the Center for Disease Control Act needed to be amended to include a time-limit for the quarantine and adequate compensation for those held under quarantine.
Interestingly, Taiwan’s highly effective prevention strategies have meant it did not need to introduce a broad-sweeping contact-tracing app in order to trace infections. Some of the measures that it uses to prevent the spread of the disease do limit people’s privacy and freedom of movement. However, due to the litigations after the SARS outbreak, the constitutionality of these measures has already been established.
Due to the fact that many poorer people in South Africa do not have smartphones, the country cannot rely on contact-tracing apps. Instead, the government has introduced measures which allow the Director-General of the Department of Health to direct telecom companies to provide cell tower location data of anyone who has tested positive for Covid-19, or those who are reasonably suspected to have been in contact with someone who has. These powers are part of the regulations that govern the current lockdown and will only last until the state of disaster has terminated. The lockdown regulations are also under regular review by a former constitutional court judge.
The data will be used to allow the National Institute of Communicable Diseases to create a Covid-19 tracing database. Which will be used to enforce quarantine measures for those infected or those who have had contact with someone who has. However, cell tower location data is much less accurate than other forms of location tracking and of course this doesn’t account for people who leave their phones at home.
A lower penetration of smartphones in South Africa means it is less practical for the country to use contact-tracing apps than other countries. The country is trying to use cell phone data instead, but this will be less accurate. Even though collection and the processing of the data is clearly regulated, and time limited. The central processing of the data means that there is a potential for abuse.
In Israel, the government seems to strongly favour tracing capabilities over health concerns, and even due political process. In March it passed temporary laws, without approval of parliament, allowing the domestic security service to collect mobile phone location data, and share this with health agencies. These measures subsequently met with significant resistance, both from the Israeli parliament, who blocked the use of mobile phone data by the police, and by the Israeli supreme court, who required parliamentary approval for their extension, and stipulated that an exemption for journalists, so that they could protect their sources if they become infected.
In Germany, as in Europe generally, the dilemma about privacy versus effective contact-tracing has come down to a debate about using a central database to store and compare location data or using a system where the comparison of data is done by the phones themselves. In this the German government first favoured using a central database, but it has recently changed its mind, and it is now going for a decentralised system. This was partially due to criticism from academics and privacy experts, but was also the result of Apple and Google coming out in favour of decentralises systems. Apple said it would refuse to let apps that would feed into a central database use Bluetooth in the background, meaning that they could only be used if phones are unlocked at all times.
Looking at examples from different countries, what stands out is that each country’s situation is different. Some have a high penetration of smartphones and can therefore use them to do contact-tracing, while others do not. Some have had been able to fight the virus so effectively that they do not need to use automated systems to do contact-tracing, whereas others do. When it comes to the legal framework, and the political and constitutional safeguards to protect people’s privacy, some countries adhere to the principles of the rule of law and transparency, whereas others ignore them, or do not have these kinds of safeguards in place in the first place. And even where they do exist, countries make different choices as to whether they favour privacy over health risks. Although there are some obvious negative examples (China and Israel come to mind), it is hard to pick a good one that all the others should emulate. The situation in different countries is just too different to advocate for a one-size-fits-all approach.