When the World Health Organization launched an initiative in 2007 to eliminate malaria in Zanzibar, it turned to an unusual source to track the spread of the disease between the island and mainland Africa: mobile phones sold by Tanzanian telecommunications groups, including Vodafone, the British mobile operator.
In collaboration with researchers from the University of Southampton, Vodafone has started to compile location data sets from mobile phones in areas where cases of illness have been recorded.
Mapping how people move from place to place has proven invaluable in tracking and responding to epidemics. The Zanzibar project has been replicated by academics on the African continent to monitor other deadly diseases, including Ebola in West Africa.
“Diseases don’t respect national borders,” says Andy Tatem, epidemiologist in Southampton who worked with Vodafone in Africa. “It is vital to understand how diseases and pathogens cross populations using data from mobile phones.”
With much of Europe stalled due to the coronavirus pandemic, politicians want telecom operators to provide similar data from smartphones. Thierry Breton, former CEO of France Telecom, now the European Commissioner for the Internal Market, called on operators to provide aggregated location data to track the spread of the virus and identify where help is needed most.
Politicians and industry are insisting that data sets be “anonymized”, which means that the individual identity of customers will be erased. Breton told the Financial Times, “We are not going to follow people under any circumstances. This is absolutely not the case. We are talking about fully anonymized aggregated data to anticipate the development of the pandemic. “
But the use of this data to track the virus has raised fears of increased surveillance, including questions about how the data could be used after the crisis is over and whether these datasets are truly truly anonymous.
The debate over the use of location data sets could be a precursor to a broader discussion of civil liberties and surveillance in Europe and the United States, as governments put in place plans to at least lift part of the blockages.
Strategies to reopen an economy prior to the development of a vaccine may involve monitoring the contacts of newly infected people, which will raise questions about the reduction of ready-to-take privacy firms.
In South Korea, which is considered a benchmark in the fight against infectious diseases, the authorities can require telecommunications companies to hand over mobile phone data of infected people to track their location. The data enabled the rapid deployment of a notification system alerting Koreans of the movements of all potentially contagious people in their neighborhoods or buildings.
China and Israel have also used personal telecommunications data to track coronavirus patients and their contacts. Governments around the world are creating apps to collect more personal data, such as who is sick and who they have been in contact with.
Even the EU’s general data protection regulation, which was adopted in 2018, contains a clause allowing exceptions in cases that are in the public interest.
Number of people who went to Milan to get in and out of Milan when Italy was to be in its first week of closure.
Proportion of time Belgians spend in their original postal area after the introduction of containment measures.
Percentage of people whose study found that they could be re-identified with 15 demographic characteristics, even when their data was anonymized.
Vittorio Colao, former CEO of Vodafone now at General Atlantic, says people should be prepared to allow the use of “pseudo-anonymized” data by health services such as the British National Health Service to respond to the pandemic. Originally from northern Italy, he says citizens understand the need to trust the authorities to manage their data.
“It’s not about spying on everyone forever but about saving lives for a time that requires temporary rules,” he said. “We trust Uber to know where we are going, we trust Gmail for everything we write. If we don’t trust the NHS with our health data, then who do we trust? “
Vincent Keunen, founder of application developer Andaman7 in Belgium, who works on ways to securely share health data, says citizens have legitimate concerns about the large amounts of data used to track it individually. But he says it’s difficult to strike a balance between using technology to help cope with health crises and protecting privacy.
“The use of technology should stop as soon as people’s health is guaranteed. We have to be vigilant, ”he says. “If you go to an extreme, you will have great privacy but you will die and it will be useless to have privacy. It’s a very delicate balance to strike. “
The use of location data to follow the disease has been applied in Italy, Spain, Norway and Belgium, the United Kingdom, Portugal and Greece should follow.
In cities like Madrid and Milan, telecom operators have created heat maps that show how traffic restrictions work and what behavior the presence of the police has on the streets.
Telecommunications companies in Spain were able to show that the movement of people in a city fell by 90% in the first week of the foreclosure and by 60% of the rest in the second week, while in Italy the Lockout was largely overlooked for the first week, with between 800,000 and 1 million people still traveling in and out of Milan.
In Belgium, data showed that long-distance journeys of more than 40 km fell by 95% after the introduction of containment measures. Belgians spend 80% of their time in their home postal area, with mobility decreasing by 54%. The data can show whether a large number of people in cities have fled for their second home, as was the case in France.
The information telecommunications companies can gain from these data sets is based on their experience working with epidemiologists to track infectious diseases in developing countries. Telenor, the Norwegian company, has participated in big data projects to predict the spread of dengue fever in Pakistan and malaria in Bangladesh. Kenth Engo-Monsen, lead researcher at Telenor, said he was able to show that travel between Norwegian cities had dropped 65% after the restrictions were applied.
“It is essential to know the movement patterns of a population to understand how an epidemic spreads across a country,” he said.
Telefónica, the Spanish national operator with networks across Latin America, has developed expertise by working with companies like Facebook to use data to deal with natural disasters such as earthquakes. He also worked with UNICEF and the University of Notre Dame in 2017 to improve epidemiological models for predicting the spread of the Zika virus in Colombia.
Professor Tatem cites the coastal areas of Namibia as an example where heat maps detailing migration in heavily infected areas can be used to prioritize other areas where mosquito nets and insecticides need to be deployed.
Vodafone has a researcher paid by the Bill & Melinda Gates Foundation integrated into its data team at the company’s headquarters in London, to work on data sets providing information to academics who follow a variety of diseases.
Nick Read, CEO of Vodafone, says the team offers valuable information. “We have seen how aggregated data can control the spread of disease in Africa. We are now using the same ideas to understand and combat the spread of Covid-19 in Europe, ”he says.
European telecommunications companies remain stressing that the information provided to governments is anonymized and aggregated. This means that it cannot be assigned to a specific person or phone. The data cleansing process usually takes 24 to 48 hours to become available in datasets which can then be used by governments.
Industry insists that user data is of little use in analyzing big contagion data: the best way to track the spread of the pandemic is to use heat maps based on data from several phones that, if covered with medical data, can predict how the virus will spread and determine if government measures are working.
Telecommunications companies say they are frustrated by the confusion between the type of group data they provide and the personal data that can be gleaned from applications on mobile phones. In Europe, personal information, such as the presence or absence of a coronavirus on social networks or the search for symptoms on Google, is not legally accessible under the GDPR by a telecommunications provider.
However, assurances from industry officials and leaders have done little to allay the anxiety that privacy rights may be waived as governments seek to use mass surveillance tools in their efforts to fight the virus. Concerns about the political use of the data have been exacerbated by the fact that the European Commission wants telecom companies to provide the actual aggregated data, not just access to the information derived from it.
Latvia, for example, has exercised its right to be exempt from certain obligations under the European Convention on Human Rights, which grants citizens rights to privacy and data protection. Last month, Slovakia passed a law to use telecommunications data to ensure that people comply with quarantine laws.
Some researchers are not convinced by the claim that these datasets are completely anonymous. A 2019 study by researchers from Imperial College London and the Catholic University of Louvain in Belgium found that there is a way to re-identify 99.98% of individuals with only 15 demographic characteristics at the time. using location data. Other studies have come to similar conclusions that individuals can be identified on the basis of aggregated data sets with relative ease. Spanish far-right party Vox has urged people to turn off their mobile data, reflecting anger at the government’s intrusion into their privacy.
Austrian data protection activist Max Schrems warns citizens to beware of the rights they grant in times of global panic. “I fear that we will accept state surveillance during the health crisis, but that it will then take years before the courts to get rid of it.”
However, he says there are apps that help citizens choose the data they share, which allows more efficient tracking of the virus. “If people can decide for themselves whether or not to participate, then we have private alternatives. It is a game-changer. “
Some analysts fear that the data sets may be used for other purposes in the future.
“They must demand assurances from governments [that the data] will not be reused. The last thing they want is to wake up after Covid-19 and find out that the data is still being used for other purposes. How do you control who uses it? Asked an industry leader. “There must be a sunset clause. “
The telecommunications industry has had to be cautious about using the data or face sanctions. In the United States, the Federal Communications Commission last month fined the industry’s four largest players $ 200 million for the historic sale of location data to third parties without the explicit consent of users.
Francisco Montalvo, director of data at Telefonica, argues that governments must combine the need to use data without endangering the right to privacy. “Governments and regulators should strike a balance between privacy and the public interest,” he said.
Many of these problems come to the head with health apps that have been widely used in Asia and are gradually being introduced in Europe to track an individual’s health status.
The Robert Koch Institute in Germany has introduced an app, developed with Berlin-based digital health group Thryve, which links fitness groups and connected watches. He says the app will help him map the spread of Covid-19 by monitoring anonymized data for telltale signs of infection, including a user’s resting pulse, sleep and activity levels, which tend to change considerably with acute respiratory problems.
Data from these apps can both track individual victims and people they meet via contract tracking methods to create a much deeper data set for governments.
In Singapore, the government asked citizens to join its system, and European governments, including Germany, have stressed that the use of tracking and tracing applications must be on a voluntary basis.
“It is far from the South Korean, Chinese or Israeli model where they have the power to follow you, to know that you have the disease and who you know. We are far from that, ”explains Enrique Medina, director of policies for Telefónica, who works with the Spanish government.
The European Commission is working on guidelines on the use of tracking applications. Vera Jourova, vice-president for values and transparency, says that citizens must be able to give their informed consent.
“There must be no hidden agenda or something I don’t know as a citizen,” she said. “The bottom line is that people who enter such a system know what they are doing.”
Under pressure from privacy activists, the scientific community has created an organization called the Pan-European Coalition to Monitor Privacy by Maintaining Proximity in Switzerland, led by the German Fraunhofer Heinrich Hertz Institute, to create standards for applications under development that comply with European privacy laws.
The GSM Association, the commercial body for mobile telecommunications, is also preparing a blueprint for best practices for managing data collected through applications.
Juan Rio, who specializes in analysis at telecommunications consultancy Delta Partners, says there will always be a compromise between the common good and civil liberties in times of crisis, but questioned the effectiveness governments to force people to use apps because they can rebel and stop using their phones.
“With the invasive way, you affect the experience. You change people’s behavior and you cannot trust the results, ”he says.
Additional reporting by Ed White in Seoul and Sam Fleming in Brussels