Mobile telecoms industry sets rules for data for Covid-19

Exclusive: Mobile industry sets rules for using data to combat Covid-19

08 April 2020 | Alan Burkitt-Gray

Cover

The mobile telecoms industry has developed a set of rules on how telcos should allow the use of data in the fight against Coronavirus, without breaching personal privacy.

Capacity understands the GSMA’s membership has created the guidelines to advise governments, regulators and health authorities about what is and what is not legal.

Officials at the London-based GSMA (pictured) were preparing the guidelines only days ago, based on previous work on privacy, big data and artificial intelligence (AI), and they are now being published. Capacity understands that member companies generally accepted the guidelines, and they have been released without significant amendment – but the industry has had to tread carefully.

Boris Wojtan, a global privacy expert who is the GSMA’s senior director of privacy, told Capacity in an exclusive briefing: “If we rush in, we could undermine faith in the rule of law and the use of technology. Our response must be trustworthy, transparent and time-bound.”

The industry is also concerned that the Covid crisis should not set a general precedent that allows government and other authorities to retain or harvest mobile phone data for other purposes after the pandemic is over. “We need assurances about what they are going to do with the data [after Covid] and how secure it is,” said Wojtan.

The industry’s trade association, which represents virtually all operators worldwide, says it wants to “consider the ethical implications of lawful sharing of mobile operator data for the purposes of helping governments or agencies to contain, delay or research the spread of the virus or to mitigate its impact on public health”.

As Capacity reported last week, authorities have already taken a number of initiatives with operators since the pandemic started in January, from using Bluetooth in Singapore to alert infected people’s contacts to, more controversially, using facial recognition in China to identify people breaking curfew rules.

But serious work on using mobile phone data in epidemics goes back to the Ebola crisis in west Africa in 2014. Orange released data from its operation in Senegal that allowed researchers to trace the movement of people and alert medics to likely new outbreaks.

Jeanine Vos, head of the GSMA’s sustainable development goals accelerator, specialising in its AI for impact programme and big data for social good, told Capacity this week: “There’s still a gap to be bridged to get governments to understand what mobile big data can do.”

The new guidelines say that the GSMA wants to “engage with governments or agencies and, where appropriate, courts to seek clarity when the legal basis for a request is unclear or uncertain or where additional emergency powers may be required to support a request”.

Vos said: “The role of the GSMA is to build bridges with health authorities.”

One of the challenges is that the GSMA, as a worldwide organisation, has to steer a careful path around every country’s privacy laws – ranging from very tight rules in the EU and other European countries, strictly limiting what can be done with data, to a relaxed attitude to data privacy in countries such as China and the US.

The GSMA moved quickly to produce a consistent set of guidelines because operators were already working with authorities. “We see more and more operators working with governments,” said one official at the organisation, who did not want to be identified.

“Telenor was very early. It started working in January with the local institute of public health on the movements of the population in Norway.”

In Italy, “Vodafone in Lombardy is looking at the impact of the lockdown”, said Capacity’s contact.

In many cases, operators’ own big data experts are helping with the analysis. One GSMA official told Capacity: “Telefónica, Vodafone, Telenor and Telia all have sophisticated data analysis teams.”

The rules are designed to guard anonymity. If a rural area, for example, has so few households that identification would be relatively easy, the aim is to widen the reporting area to include more families.

The intention is that “no one individual can be singled out and there is no unique information about one individual”, said another GSMA official, again under condition of anonymity.

The GSMA COVID-19 Privacy Guidelines are here (PDF)