Advertisement
Mayo Clinic Proceedings Home

Contact Tracing to Manage COVID-19 Spread—Balancing Personal Privacy and Public Health

      The coronavirus disease 2019 (COVID-19) pandemic has opened up an important conversation about how we balance interests of privacy with public health. Examples of contact tracing tools to identify exposed individuals have shown promise in facilitating early responses to minimize disease spread. These tools use geographic location data from smartphones and other devices to understand when and where infected individuals may have interacted with others. These tools, however, have come at the expense of personal data privacy, leading to concern over widespread use despite public health benefits.
      • Servick K.
      Cellphone tracking could help stem the spread of coronavirus: is privacy the price? Science.
      The decision to deploy contact tracing at a regional, national, or global level needs to take into consideration a balance between individual data privacy and societal benefit. The concept of “data sharing” to facilitate public good is not new: for example, phone-based map applications give real-time traffic data by aggregating user information via global positioning system active on devices. These data libraries are maintained by private companies with permissions enabled by device users. In many cases (eg, with credit cards, smartwatches, and other devices), the user may be unaware of data being stored on the device. However, citizens make decisions to share data in return for various benefits (targeted advertisements, instructions on optimal driving directions, and so on). In the United States, this sharing of data usually occurs with private corporate entities. However, when sharing data for contact tracing, it is expected that the data are aggregated by a central authority such as a state or national government.
      In the midst of the COVID-19 pandemic, privacy concerns related to sharing historical location data have been raised, even as public health benefits have become obvious.
      • Wei W.E.
      • Li Z.
      • Chiew C.J.
      • Yong S.E.
      • Toh M.P.
      • Lee V.J.
      Presymptomatic transmission of SARS-CoV-2—Singapore, January 23-March 16, 2020.
      For example, studies in South Korea and Singapore suggest that use of citizens’ location data facilitated mitigation without the same level of societal lockdowns used in Europe and the United States. Although additional waves of disease are possible, the initial results are promising. However, concerns have been raised about the acceptability of surrendering privacy over location data to government entities. This has raised considerable debate in public and academic spheres regarding how to balance privacy risks against public health benefits.
      • Lee J.
      • Sun J.
      • Wang F.
      • Wang S.
      • Jun C.H.
      • Jiang X.
      Privacy-preserving patient similarity learning in a federated environment: development and analysis.
      ,
      • Raskar R.
      • Schunemann I.
      • Barbar R.
      • et al.
      Apps gone rogue: maintaining personal privacy in an epidemic [published online ahead of print March 19, 2020]. arXiv. arXiv.
      The balance between public good and private data ownership thus comes to a forefront with contact tracing. In using contact tracing, the goal is to understand the movement history of infected individuals to then be able to inform healthy users who may have crossed paths with an infected individual of potential exposure. In an ideal scenario, users who were exposed would then be isolated or tested so as to mitigate further spread (Figure A).
      Figure thumbnail gr1
      FigureA, Infectious spread occurs exponentially through interactions that occur starting with an infected individual. By recognizing index exposures, it is possible to isolate exposed individuals from the population, mitigating further spread. B, Two examples of contact tracing are shown. In the left panel, identifiable user data are aggregated on trackable devices (1), sent to a central authority (2), compiled into a centralized data set (3), and because all users are identifiable, the authority approaches users or law enforcement directly to isolate exposed individuals (4). In the right panel, user data exist on personal devices (1) but are fully de-identified when transmitted to a central authority, keeping the user’s identity private (2). The central authority then aggregates data only knowing infectious status of a specific de-identified location history (3) and these data are available for import to the user’s devices in which personal location history has been stored (4). It is then the user’s device that informs the user of potential exposure due to overlap with infected paths (5).
      There are 2 scenarios for contact tracing: one that allows for user identification and one that allows for individual privacy (Figure B). In scenario 1 (most commonly used to date), a central authority aggregates data and responds to that data via direct interaction with the user (who is identifiable) or via law enforcement. In scenario 2, the user’s data stay encrypted when provided to a central authority.
      • Berke A.
      • Bakker M.
      • Vepakomma P.
      • Raskar R.
      • Larson K.
      • Pentland A.
      Assessing disease exposure risk with location data: a proposal for cryptographic preservation of privacy [published online ahead of print April 8, 2020]. arXiv. arXiv.
      In this iteration, the central authority never knows from whom the data originated, but does know whether data were from an infected individual. Isolation of exposed individuals remains feasible by a user’s personal device being able to access aggregated data, recognizing possible intersection with an infected individual, and informing the user of potential exposure. Thus, in scenario 2, no central authority or law enforcement body is aware of the identities of exposed individuals, but users can still be made aware of potential exposure and respond accordingly (eg, pursuing testing or self-isolating).
      Such a privacy-first approach may still be met with skepticism but ideally will allow the implementation of tools to mitigate the current pandemic and potentially future outbreaks. By enabling individuals to understand exposure history, to have full control over their data, and to share their data privately, it may be possible to balance privacy and public health. Ultimately, such data may allow the mitigation of spread by cutting “branches of spread” earlier on.
      There are several limitations, though. Societal level benefit is dependent on broad and diverse user adoption. This may occur through legal regulations enforcing use or public addresses to raise awareness and adoption. In many countries in which contact tracing is being considered, legal compulsion as a method to raise adoption is being debated. Also, modern perspectives on trust in government may vary, and this may affect perceived importance of personal data privacy. Finally, whether privacy-enabled interventions reduce the efficacy of contract tracing due to dependence on private user response rather than direct enforcement by a central authority requires further study.
      In conclusion, given the promise of digital solutions to mitigate disease spread, it is critical that the science of contact tracing be explored, particularly given their cost efficiency and scalability. It is feasible to manage privacy and public good by innovating appropriate solutions for how data are aggregated and users are informed of exposures. However, potential benefit to address waves of the current pandemic or future outbreaks cannot be understated.

      References

        • Servick K.
        Cellphone tracking could help stem the spread of coronavirus: is privacy the price? Science.
        (Published March 22, 2020. Accessed April 1, 2020)
        • Wei W.E.
        • Li Z.
        • Chiew C.J.
        • Yong S.E.
        • Toh M.P.
        • Lee V.J.
        Presymptomatic transmission of SARS-CoV-2—Singapore, January 23-March 16, 2020.
        MMWR Morb Mortal Wkly. 2020; 69: 411-415
        • Lee J.
        • Sun J.
        • Wang F.
        • Wang S.
        • Jun C.H.
        • Jiang X.
        Privacy-preserving patient similarity learning in a federated environment: development and analysis.
        JMIR Med Inform. 2018; 6: e20
        • Raskar R.
        • Schunemann I.
        • Barbar R.
        • et al.
        Apps gone rogue: maintaining personal privacy in an epidemic [published online ahead of print March 19, 2020]. arXiv. arXiv.
        2003: 08567 ([cs.CR])
        • Berke A.
        • Bakker M.
        • Vepakomma P.
        • Raskar R.
        • Larson K.
        • Pentland A.
        Assessing disease exposure risk with location data: a proposal for cryptographic preservation of privacy [published online ahead of print April 8, 2020]. arXiv. arXiv.
        2003: 14412 ([cs.CR])