1. Comment
  2. Comment
July 23, 2021

Covid-19 apps’ trade-off between pandemic management and data privacy

By GlobalData Thematic Research

As part of efforts to combat and control the Covid-19 pandemic, countries across the world have developed mobile apps that can track and alert the contacts of an infected individual. This includes nearly all EU member states and large swathes of the Asia-Pacific region.

How the apps operate varies significantly. Many use Bluetooth technology. The strength of the Bluetooth signal determines the distance between two people. Generally, a user of the UK’s NHS Covid-19 app will be notified by the app (commonly referred to as being pinged) and instructed to self-isolate if they have been within two meters of an infected person for at least 15 minutes within 24 hours. The NHS app cannot be used to identify users or track their location, nor can it be used to enforce self-isolation or social distancing.

Following the move to Step 4 of the UK government’s roadmap and the lifting of all legal restrictions concerning the pandemic, there has been a backlash around the delay in changes to the track and trace self-isolation system. Until 16 August contacts of a positive case will still be instructed to self-isolate for ten days, after which fully-vaccinated people and under-18s will no longer be required to self-isolate, including those contacted by test and trace officers.

The combination of the lifting of legal restrictions on 19 July and the growing case numbers leading to increasing ‘pinging’, has prompted discontent. Business owners are finding themselves in a position where they could be serving the public as normal but cannot do so due to a lack of staff. There has also been significant disruption to supply chains, resulting in shortages of some products in UK supermarkets.

One possible solution would be to increase the precision of contact identification, decreasing the likelihood of instructing someone to isolate unnecessarily. This could be achieved by expanding the breadth of data collected, such as users’ vaccination status and location. This was the route taken by countries, like China, that were hit hard by SARS in 2003.

Apps and data privacy

A trade-off is required between the accuracy of the app’s contact tracing ability and the data privacy of its users. However, it remains unlikely that the UK public would buy into this sort of surveillance, meaning that, even if it were implemented, reduced participation would undoubtedly compromise the efficacy of the track and trace system.

Other related apps have also emerged throughout the pandemic, such as the Covid Symptom Study, on which people can record symptoms and other data for themselves and others. This is then shared with the NHS, King’s College London, Guys & St Thomas’ Hospitals, and the app’s developer, ZOE. Anonymized data may then be shared with other research institutions.

While the likelihood of the abuse of this data may be low, it could set a dangerous precedent. Messaging throughout the pandemic has encouraged behaviour to the collective benefit of society. Alongside the desire to avoid unnecessary isolation, this could result in greater participation with personal data collection through apps. Having been sensitised to disclosure in this way, people may be more forthcoming with their personal information in the future.

For the (hopefully limited) remaining life span of Covid-19 apps, a balance is required between effectively preventing transmission and respecting users’ rights and civil liberties. Getting it wrong could have impacts that extend far into the future.