Imagine a world where you could know whether or not you were exposed to COVID-19 — where you’d know, among the thousands of people you cross paths within a city, whether any had symptoms in the last month.
This world may be closer than we think. The technology solutions that make it possible already exist and are being deployed. China has launched apps that track people’s exposure to the virus by requiring them to share their location, address, and unique identifier with government authorities. South Korea tracks citizens that have been quarantined with a smartphone safety protection app to make sure they do not break their quarantine. A similar solution has been used by Taiwan, where a mobile-based electronic system monitors phone signals and sends alerts to the police if those in quarantine leave their home or switch off their phones.
But there’s an obvious problem here: the privacy violation. Coronavirus can be used as an excuse for countries and companies to breach personal freedoms and impose mass surveillance.
Even in Europe, the standard-setter of privacy protections with its General Data Protection Regulation, a provision in the law that allows suspension “for reasons of public interest in the field of public health” has been invoked due to COVID-19. The European Data Protection supervisor stressed that “the processing of personal data should be designed to serve mankind,” and that “the right to the protection of personal data is not an absolute right,” but “should be considered in relation to its function in society.” But the European Union considers the use of geo-location GPS tracking as too privacy-invasive and calls for a creation of a network of interoperable apps based on the proximity tracking via Bluetooth signals sent even when the phone is in the background mode.
The E.U. approach is in line with the recent initiative of the two biggest tech companies, Apple and Google, which announced a joint partnership to release an application programming interface tool enabling the creation of applications that collect contact tracing data via Bluetooth and share it across iOS and Android devices. The main challenge of proximity tracking via Bluetooth, however, is that mobile applications based on such a technology would require adoption by at least 60 percent of the population to be effective. Reaching that percentage is highly unlikely, as not everybody has a smartphone.
The good news is that many groups are working on ways to better solve the tradeoff between privacy and safety. For example, the MIT Media Lab team is designing a multi-modal solution combining GPS and Bluetooth technology for better inclusivity and accuracy. Supported by over 1000 volunteers (including me), it has just created a “privacy-by-design” contact-tracing tool: COVID Safe Paths. Safe Paths is a collaborative open source app where people who have tested positive voluntarily share their location data so that users can trace their interaction with COVID-19 carriers and health officials can better manage the pandemic’s outbreak. User privacy is protected because the data is anonymized and personally non-identifiable. The app also stores data on the user’s own device for a limited period of time and requires user consent for data sharing, thus eliminating the risk of government surveillance.
These projects around the world demonstrate the need for a new post-pandemic privacy regime. This regime will require the collaboration of governments and health providers in sharing health data — but foremost, it will require civic collaboration. To make people voluntarily give up their data, however, these apps will have to be trusted, data should be accurate, and people should see actionable results. More specifically, collected data should be useful, unbiased, acquired with consent in a secure and transparent manner, and processed only when necessary for the purpose for which they are supposed to be processed.
Groups like Harvard’s Expert Working Group on Government-Tech Partnership to Track COVID-19 are already having conversations about how such a privacy regime should look. After all, data is not going to end the epidemics — the system set in place after COVID-19 contact is traced will. If we can build trust, we will be in a position to achieve a new notion of privacy — one based around voluntary collectives, rather than loss of agency.
Or maybe it’s not so new. After all, in 1624, the poet John Donne, himself recovering from a bout of typhus in quarantine, famously wrote: “No man is an island entire of itself; every man is a piece of the continent, a part of the main … any man’s death diminishes me, because I am involved in mankind.”
Kasia Jakimowicz is a graduate student at the Harvard Kennedy School.