Would you give up your privacy for the greater good?
Mobile technology allows us to communicate instantaneously and, to most of us, it’s a great ally to act more efficiently no matter the time or the place. It’s said to be one of the most promising tools (or set of tools) to deal with the COVID-19 existing and still unknown dangers. Only 35 years ago, when the world faced the beginning of the HIV pandemic (to some, only an epidemic) the world wasn’t nearly as equipped as it is now to fight a health emergency. If mobile technology teams up with geolocation technology, it can help mitigate the spread of a disease, help institutions make informed decisions and adapt strategies accordingly. People traceability and real-time tracking applications are two examples of how to make this happen.
However, this is a give-and-take situation.
Governments (and, potentially, businesses) that bet on geolocation technology need access to personal data, including people’s location and individuals’ social interactions. The objective is to break the COVID-19 transmission chain more effectively, limiting the wild spread of the virus and avoiding another potential lockdown, especially in the case of countries that lifted them already or that are doing it progressively.
Managing a potential second “coronavirus” tide effectively via geolocation technology requires users to commit with the strategy, i.e. to download the apps and to take the required actions for this approach to work. That’s why it’s crucial for citizens to first trust the institution that is to use their data and, second, to know how these app controllers will use the collected data, with what purposes, until when and how this data can truly make the difference when dealing with the pandemic.
The old traditional tracing techniques won’t go away any time soon because, despite limitations, they don’t share the same flaws that digital technologies bring with them.
The fight against the global pandemic will continue, likely until a soundly tested treatment accessible to all arrives or, ideally, when a viable vaccine is discovered and commercialised in the market. Life cannot continue on stand-by nevertheless. That’s not good for the economy neither for our social system and our mental health.
The world continues hope for a near future free of lockdowns (or, at least, as localised as possible). A way to avoid this dreaded scenario is by closely understanding how the virus spreads and how the virus carriers behave. This translates into identifying the people who might have been exposed to the virus and isolating who they’ve been in close contact with. However, the traditional analog contact tracing method used, for instance, in Luxembourg, is generally laborious and with slow processes since it relies on individual interviews. This is where the smartphone technology comes in.
A contact tracing app can retrace people’s movements and, possibly, notify them in case of a health risk. This government-sponsored solution is already being used in countries like Italy, Germany and France. One, avid to find a way out of the pandemic affair, could think “It sounds promising, doesn’t it?” But there are several catches.
Experts point out that mobile phones make for imperfect proxies for coronavirus exposure. It raises the issue of getting inaccurate exposure reports also known as false positives. For example, the technology doesn’t understand social distancing rules. When interacting with others, individuals could be physically separated from each other, in different living or working spaces, or even using protective equipment, such as masks.
There’s also a (more than) slight issue with adoption. According to this article, contact tracing apps can only be efficient in slowing down the pandemic if, at least, 60% of the population uses it. At the same time, there are privacy and security concerns because tracing apps need user data when identifying and tracking individuals on a permanent basis.
To make this happen, two types of technologies can be used: the Global Navigation Satellite System (GNSS), which includes the GPS, and Bluetooth, the latter being the weapon of choice for Europe because it aligns better with GDPR requirements.
When it comes to security, we have to dive into the tech’s implementation types: centralised and decentralised. The infographic below explains them very well.
The difference between centralised and decentralised
Contact-tracing apps: three things to take into consideration
1. Trust is key for public acceptance
Trust is a business imperative and a social pillar, that includes governmental institutions. No one, not even the most prestigious institutions, can hold people’s trust over time if attitudes and behaviours in the present or what our memory recalls don’t account for that. Reputation is a picky and fragile companion and COVID-19, a persistent enemy.
“Sow today, harvest tomorrow”, the popular old saying goes.
If the user doesn’t trust the institution behind the tracing app, it will probably not download it or, if it happens to do it, it will barely use it. In Europe, increasingly, knowing how personal data is used matters to citizens.
Could data controllers – in this case, the governments or institution behind the tracing initiative – find a way to fix the trust equation? During the webcast, the communication factor was mentioned consistently, a “solid and transparent communication” as a driver of any tracing initiative.
It is crucial that the provider explains the purpose of the tracing app, how the data is collected and analysed, where it happens, how it contributes to a greater cause, which is the time frame for using it, who is responsible for any improper use of personal data and which actions the citizen can take to exert its privacy rights.
In this case, by using tracing contact, one can break the transmission chain of the COVID-19 more efficiently, avoiding massive breakouts. Users might be more inclined to give up their privacy if they know how important and decisive the action is.
An important foundation stone when building trust is cybersecurity. The protection of the user’s privacy and personal data must be considered in the equation. The app controller must be able to protect the collected data and be prepared to mitigate cyberattacks.
2. The level of contact-tracing apps adoption is low, but it shouldn’t be
We humans are a mystery. When it comes down to it, we react differently under stress, especially when our lives are under threat.
Contact tracing apps reached the usage peak during lockdown in certain countries, while in others, like India, Norway and Singapore, their adoption has been a challenge.
As the world braces itself for the possibility of a second wave, we soon realise the hard truth we still face: the threat is far from being over. The chain of transmission of the COVID-19 spreads just as quickly as in the beginning. Using the power of communication can change the tides on the apps’ usage and, consequently, make the difference in a year dominated by this pandemic.
It’s important that people are informed of the existence of these apps and how they can benefit from them, mainly to remain safe and healthy.
3. There’s always room for improvement
Technology has been growing more complex and interdependent over the years. As a result, when organisations implement a new one, processes are meant to reinvent and transform themselves. And, when individuals embrace a new one consistently, certain social behaviours could be greatly influenced too.
For example, a few years ago, a single authentication factor on social media (i.e. the use of one static password) was enough to protect the personal data of millions of users. But, as technology evolves, so do the tools to crack it and make a bad use of the data stored.
Over time, the single line of defence became insufficient to protect users against phishing and cyberattacks. As a result, major social media companies introduced an extra layer of protection—a second authentication requirement—such as sending a phone message or an email to the users’ phone with a specific code.
The use of contact-tracing apps have, naturally, downsides. Centralised systems appetising to cyber attackers and the risk of attempts to steal data is higher. Bluetooth-based technology used in the contact-tracing apps can lead to the misinterpretation of users’ movements, not being able to make the distinction between day and night time. These are only a few of the current challenges that the organisation controlling these data must face. The margin of error is enough to influence the numbers significantly, making the data recovered untrustworthy.
The most viable solution is a mix between traditional tracing and digital tracing. While the traditional contact-tracing is both time and resource consuming, digital tracing still hasn’t fully proven its efficiency and effectiveness. However, if the data collected by the digital app could be filtered, treated and interpreted manually, the results would perhaps reveal numbers closer to reality and a better understanding of behavioural patterns.
What we think
Frédéric Vonner, Partner, GDPR and Privacy Leader at PwC Luxembourg
Using a tracking app in such current time, for the noble cause of breaking a pandemic, makes obvious sense. Yet, it creates a precedent, where we give away some of our privacy and rights for the good of all. We might get used to this. We should watch out not to erode the attention we bring to such questions, if we want to continue living in a society where privacy matters.
Koen Maris, Cybersecurity Director at PwC Luxembourg
The current approach is to attack the symptoms that endanger humanity, with technology. This will lead to eroding privacy and convert our private lives to a dataset accessible by commercial and/or government bodies in order to make money or gain control.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.