As attention turns towards ways to lift the lockdown and relax the emergency measures which are beginning to become normalised, there are interesting questions being considered in the search for an appropriate balance between economic considerations, public health and societal risks. Technology-based tools are being discussed and developed including symptom tracking apps, immunity certification and other less obvious interventions – such as the use of technology to monitor and mitigate the spread of misinformation on social media platforms. This article will briefly consider some of the questions which relate to one of the non-clinical measures being trialled: digital contact tracing apps.
Contact tracing apps facilitate access to data from mobile phones as a means to try and control the epidemic by speeding up contact tracing. It is thought that a significant proportion of Coronavirus infections have been occurring before an infected person shows symptoms and traditional contact tracing has (in the UK) been unable to make any significant impact on the spread of the virus. The aim is to use digital technology as a tool to speed up contact tracing as part of the broader effort to break the contamination chains as early as possible, reduce the spread of the virus and, ultimately, facilitate a more rapid return to a state of normality.
Countries around the world have announced their intention to rapidly develop and deploy this technology. In the UK, a contact tracing app, the NHS COVID-19 App, is being rolled out in the Isle of Wight today, as the first phase of Government’s new ‘test, track and trace’ programme. The Government’s intention is to link testing, tracking and tracing in as seamless a process as possible and to ensure that the app complements more traditional measures that will remain in place to protect those who cannot or do not want to access digital tools.
How do contact tracing apps work?
Contact tracing apps work by tracking people users have been physically close to. Once the app is installed it will start logging the distance between a user’s phone and other phones nearby that also have the app installed and an anonymous log of how close a user’s phone is to others will be stored securely on their phone. The app works by broadcasting a unique Bluetooth ID from an individual’s phone simultaneously with the phones of individuals around them who are using the app. The exchange of data registers that a user has been in proximity with another user: the app knows how close it has been to other phones running the app and for how long. This allows the app to build up a picture of which app users are most at risk.
In the UK, the technology underpinning the NHS COVID-19 App is based on research developed by epidemiologists, mathematical modellers and ethicists at Oxford University’s Nuffield Departments of Medicine and Population Health. If a user becomes unwell with symptoms of COVID-19, they can choose to allow the app to inform the NHS, which will trigger an anonymous alert to other app users whose phones have been sufficiently proximate over the previous few days. The app will advise users what action to take if they receive an alert – including advising a user to self-isolate if necessary. If the NHS later discovers that a diagnosis was wrong and the reported symptoms were not coronavirus, the other users will receive another alert, letting them know that they can stop self-isolating. The exact advice will depend on the evolving context and approach. Government guidance indicates that scientists and doctors will continuously fine-tune the app to ensure it is as helpful as possible both to individuals and to the NHS in managing the pandemic.
In future releases of the app, the Government has indicated that people will be able to choose to provide the NHS with extra information about themselves to help identify hotspots and trends.
What are the key privacy concerns?
Key concerns around protecting personal data include whether the technology is capable of completely anonymising app users’ data. If data is anonymous (and users cannot be re-identified), there are no privacy concerns involved in sharing the data. However, data about location is notoriously difficult to anonymise: every individual creates a “geoprint” by reference to their unique geographical movements – for example (in ‘normal’ times) from work, to the gym, to a particular shop and within their local neighbourhood. If that information is combined with the fact that, say, an individual worships regularly and you could also identify that user is a member of a particular faith group, a detailed profile can quite quickly be created.
Other key privacy concerns are that the amount of data processed by the app is minimised, that personal data collected by the app is not used for purposes other than the specific purpose of tracking the spread of disease by monitoring contact between infected individuals and others and to limit the period that the data will be retained. In an environment where technology giants frequently face scrutiny by privacy regulators about their use of personal data for multiple purposes which have not been transparently communicated to users (remember Cambridge Analytica), the need for safeguards here is paramount.
The Information Commissioner’s Office (ICO) has produced a series of simple questions for Government and app designers designed to ensure that the privacy implications are properly considered, and that they do not put public trust and social licence at risk. They are set out below.
- Have you demonstrated how privacy is built in to the processor technology? The principles of data protection by design and by default are central to the law. Although it acknowledges that the onus is on organisations to move quickly, the ICO stresses that even an initial privacy impact assessment (which can later be developed) is a minimum requirement.
- Is the planned collection and use of personal data necessary and proportionate? The ICO has always been supportive of digital innovation. Its stance remains the same in the current public health emergency and it has worked with the Government to support the development of the NHS COVID-19 App whilst stressing the public interest in finding the least privacy intrusive solutions. Clearly context is important: in the current circumstances, the Government’s primary focus is the protection of public health.
- What control do users have over their data and can they exercise their rights? The ICO expects app developers to be providing people with clear information on how their information was being used, and their options for preventing processing where applicable. For instance, where contact tracing is being incorporated into a wider package of measures, this additional information would need to be clear.
- How much data needs to be gathered and processed centrally? The starting point for contact tracing should be decentralised systems so that processing remains on individuals’ devices where possible. Safeguards and security measures need to accompany this, as well as any transfers of information.
- When in operation, what are the governance and accountability processes for ongoing monitoring and evaluation of data processing? Processing of personal data must remain necessary and compliant with data protection principles. Sufficient, suitable safeguards must continue to exist.
- What happens when the processing is no longer necessary? This is especially important: what is appropriate and proportionate in response to an international public health emergency looks quite different when that emergency ends. What consideration has been made to how data collection ends, and what happens to the data gathered.
A balancing act
The ICO’s approach to regulation of data protection is supportive of innovation. Its focus is the presence of appropriate checks and balances to prevent the build-up of intrusive pictures of individuals’ lives. This approach is very relevant in the context of contact tracing projects and location tracking as tools to assist in combating the pandemic and the development of technologies to better understand how society is responding to isolation measures. There is a clear public interest in the exploration and use of such technologies.
But, as with any new technology, there is an equal public interest in ensuring that the technology is being used in a fair and proportionate way. The ICO’s position in relation to Coronavirus emphasises that data protection laws do not get in the way of innovative use of data in a public health emergency – as long as the principles of the law (transparency, fairness and proportionality) are applied. The same approach applies to the use of contact tracing applications. Whilst there is intense pressure on Government to get the workforce back to work and to relaunch the economy, and a corresponding public desire for life to return to normal, it remains to be seen whether contact tracing apps can really be an effective part of the roadmap to achieve this. The launch of the NHS COVID-19 App in the Isle of Wight today will, according to Health Secretary Matt Hancock, pave the way, if successful, for a nationwide roll-out when the time is right. Public trust that personal data will be held securely and will only be used for the narrow purpose of halting the spread of the disease will be key.
Government messaging is strongly linking the technological tools to ‘heroic frontline health and social care staff’, promoting digital contact tracing as part of the key focus on protecting the NHS and saving lives. Today’s guidance suggests that the app will play ‘a vital role in getting Britain back on her feet’. The Government has spoken to the privacy concerns, with NHSX Chief Executive, Matthew Gould confirming that security and privacy have been the priority in all stages of the app's development, from the initial design through to user testing. As part of the commitment to transparency, NHSX will publish the key security and privacy designs alongside the source code so privacy experts can 'look under the bonnet'. NHSX has confirmed that the data will only ever be used for NHS care, management, evaluation and research.
Whilst in terms of compliance with the GDPR, there is no doubt that the processing of personal data for the purposes of assisting with the spread of disease is a lawful ground for processing personal data, it is also extremely important that public trust in the technology is maintained. Accordingly, Government guidance stresses that installation and use of the app is entirely voluntary. Users are informed that they will always be able to delete the app and all associated data as and when they decide to do so. In almost a mini privacy notice to potential users, NHSX has promised to be open and transparent about how the app works, how users can make choices in the app and what they mean. Guidance emphasises that, while these are unusual times, individuals’ privacy is crucial to the NHS and it is acutely aware of its obligations in relation to privacy and data security, noting that patient confidentiality is one of the key values of the NHS.
This new app has the potential to contribute towards the country returning to normality - but only if a large proportion of the population installs it. Which means that millions of us are going to need to trust the app and follow the advice it provides. The social dimensions of technology and its societal impact are important aspects of effective policy interventions: Government advisors in relation to technological tools should be diverse and representative and their deliberations and findings discussed openly and transparently. Open debate and scrutiny will be essential to raise public awareness of the complexity of the issues involved and to increase public trust.
The announcement about the NHS COVID-19 App is available here.