Data Privacy vs Utility Fallacy: The COVID-19 Tracing App Problem

Should we be willing to give up privacy for increased security? Or for access to specific services? Well the perceived trade-off in the case of trying to tackle COVID-19 is undoubtedly serious. Should we allow widespread and severe risks to public health vs enabling invasive and widespread risks to privacy in the form of corporate or government surveillance?

The recent introduction of COVID-19 contact tracing applications has rapidly accelerated this debate, as governments press ahead with plans to roll out COVID-19 monitoring apps that they say can ensure individual privacy without compromising data use. However, there is still going to be a problem with adoption. Unless the general public trust these apps, they won’t use them – and without widespread adoption, the apps will not fulfil the purpose for which they were introduced.

The origins of COVID-19 tracking & tracing apps

The proposals for introducing tracing apps began when governments realised that a vaccine against COVID-19 would take a considerable amount of time to develop. In addition to this, the ongoing impact of enforced lockdowns and social distancing guidelines have clearly negatively impacted global economies. As plans to ease such measures have been considered, contacting tracing has become a critical consideration in terms of attempts to prevent the virus from spreading.

Early examples of tracing apps such as ‘Trace Together’ used Bluetooth technology to determine whether two people had been in contact with each other. However, the problem with this was that the app had to be open at all times, making it impractical. The next option proposed was to utilise location data, but this also came with a problem. That being that location-based data is notoriously difficult to anonymise, and that even if done successfully, anonymisation can be reversed. These privacy concerns alone rendered a GPS-based option redundant.

In recent weeks, the likes of Apple and Google have proposed tracing app frameworks that look to implement something called the ‘DP-3T’ approach, which is a decentralised system that uses Bluetooth to determine user proximity for contact tracing. This sees all user information stored on the devices rather than being aggregated in one centralised location.

Another approach proposed by a group of researchers is the Pan-European Privacy-Preserving Proximity Tracing project. This solution uses a centralised model, in which all users who test positive to COVID-19 would have their IDs stored in a central server. Advocates of this proposal believe it could give them increased insight into the infection rates of the virus and enable the app to be evolved. The approach received initial support from many governments within the European Union.

However, the two proposals have caused a debate over which is better. The main accusation aimed against centralised systems is that despite the potential for generating additional insights, they are vulnerable to ‘scope creep’ – allowing a government or company to use the data gathered beyond its original purpose. As a result a number of governments have withdrawn support for the centralised approach, with questions around privacy and data use at the forefront of their concerns.

The false choice of either/or

The primary issue in the debate about whether privacy must be sacrificed to produce data utility is actually a false trade-off. In adopting this stance, people are wrongly focused on a traditional and binary approach to privacy protection, which forces the trade-off between privacy and data use to occur. However, there are in fact solutions available that do not require this to be factored into account at all.

Indeed, in many situations such as this, greater data use (alongside strong privacy protections) would provide major benefits to society. In light of the COVID-19 pandemic, a new way forward should be considered – one that allows both privacy and data use to be expanded.

New approaches, such as newly defined GDPR-compliant Pseudonymisation, as well as the concept of data protection by design and by default, do not degrade the accuracy and effectiveness of data, while at the same time providing greater privacy protection. Such technology-led approaches can and should be embraced by governmental organisations in developing COVID-19 monitoring apps to ensure the privacy of end-users without compromising the value of these tools.

Embedding technical controls in the data itself to provide protection for when it is in use enables a risk-based approach in developing COVID-19 contact tracing apps, expanding data use without sacrificing on privacy. Implementing dynamic technical controls and a functional separation approach to data processing means it is possible to process information about people without having to know who they are.

What can we learn?

Just because not all regulators are aware of technical controls beyond the traditional models of privacy and data, it does not necessarily mean that such technologies do not exist. Data protection laws such as the GDPR can be complex, meaning technical innovations can get lost or overlooked.

However, it is important to remember that the GDPR itself states that “processing of personal data should be designed to serve mankind” and that the right to the protection of personal data “must be considered in relation to its function in society.”

Let’s consider this – the purpose of data use should be to help society. So when a false choice between data utility and privacy is pushed to the forefront of public consciousness, innovative solutions and technologies can be easily overlooked. The COVID-19 contact tracing app debate might not be the time to make advancements, but a paradigm shift must occur before the next crisis hits.

By Magali Feys, Chief Strategist – Ethical Data Use at Anonos