Privacy vs the Public: A COVID-19 Dilemma
Huda Iftekhar | October 9, 2022
In the face of a horrific pandemic, desperate governments tried to halt the disease through the use of contact tracing apps. However, with increasing complaints of privacy concerns, the question arises: is the priority to protect the people or the people’s privacy?
Originating from Wuhan, China in late 2019, the COVID-19 virus spread rapidly across the globe, infecting over 600 million people and claiming the lives of 6.5 million. It is one of the worst pandemics to date. Countries took numerous actions to safeguard its citizens and slow the spread. One of the many strategies employed was the controversial use of contact tracing apps.
What is Contact Tracing?
Before the rise of cell phones, contact tracing involved a lot of leg-work and investigation. Once an infected person was identified, extensive questioning had to be done to find close contacts and notify them. For COVID-19, governments believed that contact tracing apps would be ideal due to the “stealthy” nature of the disease [2]. Some apps would utilize the Bluetooth signal between users’ phones to determine which people had close enough contact to spread the infection. Once a person was infected, the app would be able to notify everyone who came into close contact with that person. As an iPhone user, there was more than one instance that an Exposure Notification appeared, despite no app being downloaded. Upon further research, it was discovered that Apple and Google had worked together on devising a notification system through Bluetooth [4].
According to the General Data Protection Regulation (GDPR), the law “allows public health authorities and employers to process personal data in the condition of an epidemic, by national law” [3]. Although these permissions may be legal, there is significant debate occurring on whether user privacy was adequately handled during the pandemic.
Centralized and Decentralized
There were two types of contact-tracing apps developed: centralized and decentralized. For centralized apps, governments and health organizations would collect user data for both infected and non-infected people. Although this allowed countries to obtain a detailed and accurate report of people’s status, there are serious concerns of data sharing. An example of the centralized contact tracing app is the South Korean Virtuous Surveillance, which would publicly report “the infected user’s information: last name, gender, credit card history, and all recent location visits” [1].
In contrast, decentralized apps would let users record their infection status on their phone (without data leaving to an external server) and be able to verify whether they may have come into close contact with an infected person through a data anonymized process. It ensures more security as it utilizes digital signatures and encrypted keys [1]. In the United States, the CMU Novid App would generate random IDs for users that would become encrypted and they allowed users to delete and copy their personal data.
Public Good vs Privacy
It appears that centralized apps are conducting more violations of user’s privacy. Solove’s taxonomy has four categories in regards to data privacy: information collection, information processing, information dissemination, and invasion. Although the GDPR grants governments more authority during a pandemic, there was extensive surveillance being conducted by these apps by tracking location data. For information processing, the aggregated data could be quite extensive and easily identifiable, as in the example of the app Virtuous Surveillance. Information dissemination is a major concern of these apps, as the data that is being shared could be publicly accessible in some instances.
When it comes to the fourth principle of invasion, it’s clear that there was decisional interference occurring for users. Those who were notified were likely to self quarantine or avoid people out of concern of passing the virus, which protected the public. That is the moral dilemma present in these contact tracing apps: what is more important to people? Centralized contact-tracing apps were more effective than decentralized apps due to their invasive approach. Out of all of the continents, Asia had “…better control over the virus’ spread than Europe”, which could be “…attributed to Asian citizens’ willingness to sacrifice privacy in the interest of public health” [1]. If the decision is life or death, should users give up their right to privacy?
Conclusion
The COVID-19 pandemic wreaked devastation upon the globe. Contact-tracing apps became a useful way for governments to track and notify its citizens of possible exposures. To truly improve their effectiveness, however, governments need to revise their policies and put protections into place to protect people’s privacy without sacrificing safety. By promoting privacy, more people will opt-in to the apps, and more lives will be saved as well.
Sources
[1] Alshawi, A., Al-Razgan, M., AlKallas, F. H., Bin Suhaim, R. A., Al-Tamimi, R., Alharbi, N., & AlSaif, S. O. (2022, January 4). Data Privacy during pandemics: A systematic literature review of covid-19 smartphone applications. PeerJ. Computer science. Retrieved October 10, 2022, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8771796/
[2] Servick, K. (n.d.). Covid-19 contact tracing apps are coming to a phone near you. how will we know whether they work? Science. Retrieved October 10, 2022, from https://www.science.org/content/article/countries-around-world-are-rolling-out-contact-tracing-apps-contain-coronavirus-how
[3] Müftüoğlu, Z., Kızrak, M. A., & Yıldırım, T. (2022, January 14). Data Sharing and privacy issues arising with covid-19 data and applications. Data Science for COVID-19. Retrieved October 10, 2022, from https://www.sciencedirect.com/science/article/pii/B9780323907699000037?via%3Dihub
[4] Privacy-preserving contact tracing – Apple and Google. Apple. (n.d.). Retrieved October 10, 2022, from https://covid19.apple.com/contacttracing
[5] A Taxonomy of Privacy. Open Rights Group. (n.d.). Retrieved October 10, 2022, from https://wiki.openrightsgroup.org/wiki/A_Taxonomy_of_Privacy#:~:text=Solove’s%20taxonomy%20is%20split%20into,Information%20dissemination
[6] Coronavirus Cases. Worldometer. (n.d.). Retrieved October 10, 2022, from https://www.worldometers.info/coronavirus/
[7] Kaushal, A., & Altman, R. (n.d.). Can contact tracing work at Covid Scale? Stanford University School of Engineering. Retrieved October 10, 2022, from https://engineering.stanford.edu/magazine/article/can-contact-tracing-work-covid-scale