“De-anonymisation” of Covid-19 data raises concern

“De-anonymisation” of Covid-19 data raises concern

Mobile tracking generic NEW .jpg

Mobile and app technology has become a magic bullet for Covid-19 contact tracing, but the debate around anonymising user data intensified over the weekend as the British press revealed government ministers may be able to authorise the “de-anonymisation” of citizen data in a new contact tracing app.

According to reports in The Guardian, the NHS “privately considered using the technology to identify users”, through their device IDs.

The app is to use Bluetooth LE to take “soundings” from other nearby phones over the course of a day. The report stated: “People who have been in sustained proximity with someone who may have Covid-19 could then be warned and advised to self-isolate, without revealing the identity of the infected individual… It did not say why ministers might want to identify app users, or under what circumstances doing so would be proportionate.”

In March, the government announced its intention to collaborate with network providers to monitor the success of its social distancing policy, again using anonymised data “in compliance with UK and EU data privacy laws”.

At the time, Toni Vitale, partner and head of data protection at JMW Solicitors said: “A lot depends on how the data is used.  If it is limited to creating heat maps showing where people are congregating, that might be OK.  Some shopping centres already do this to show where shoppers are. This is useful to plan exits, where the cafes should be placed etc.  Location data is commonly scraped from mobiles without users being aware.”

As Capacity previously reported, contact tracing apps are well established in the fight against dengue fever, malaria, Ebola and rubella, and although relevant in the fight against Covid-19, the unique nature of the pandemic takes them into unchartered territory. As a result, China’s use of facial recognition technology along with the potential de-anonymisation of British citizen data, has opened new debates.

However, that hasn’t stopped the development of dozens of new apps following their success in South Korea and Singapore.

For example, the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) promises “to interrupt new chains of SARS-CoV-2 transmission rapidly and effectively by informing potentially exposed people”. Ireland’s effort has been dubbed a “super app” by privacy campaigners and the government is currently consulting with the Data Protection Commissioner over how much of what data can be collected or viewed.

Australia's solution will use Bluetooth to track "digital handshakes" between mobiles, but instead of warning users it will alert health authorities to contact individuals. Telstra, Optus and Vodaphone have reportedly offered to enhance their tracing capabilities by "offering meta-data that has been obtained under national security legislation". According to reports, the app will be used in conjunction with existing contact tracing measures and increased testing.

Meanwhile in Italy, a slightly different approach is being taken with an app tracing the contacts of Covid-19 patients set to become the backbone of the country’s lockdown exit strategy.

Gift this article