COVID Contact Tracing: Privacy implications & considerations

Published on

Robert Cattanach, partner at the international law firm Dorsey & Whitney, says contact tracing has raised a variety of concerns and has been looking into it since COVID began.

Get Our Activist Investing Case Study!

Get The Full Activist Investing Study In PDF

Q2 2020 hedge fund letters, conferences and more

The Potential Of COVID-19 Contact Tracing

"Almost as soon as COVID-19 began ravaging the world, countries turned their hopes to mobile apps as a weapon to fight against it. Contact tracing was quickly recognized as a potential tool to monitor, and possibly contain, the spread of the virus. The ubiquitous presence of cell phones and their capacity to record and transmit data offered a perfect application to track the risk of potential transmissions of the novel coronavirus. However, the potentially intrusive nature of cell phone tracing raised a myriad of privacy concerns," Cattanach says.

"There are essentially two types of contact tracing.  The first is the Apple-Google Bluetooth method, where users voluntarily download the app and they are alerted if they come within a certain distance of another individual who likewise voluntarily installed the app, and is subsequently diagnosed with COVID.  There is no central repository of who has been exposed, where the virus is spreading, or who has self-disclosed their own infection.  From a privacy perspective, this is terrific, since its completely voluntary, and you don’t have to worry about anyone knowing that you as an individual have tested positive – all anyone will know is that they have been in the near vicinity of an infected person.  The problem is that this doesn’t appear to work very well from a public health perspective, since there is no central data base collecting aggregate information that can be used to identify hot spots, alert local authorities to the possibility that some form of intervention may be needed (e.g. restrictions on public gatherings, restaurant limitations, etc.)  This is why several European countries declined to use this approach, and only a handful of states in the US are intending to implement it," Cattanach says.

"The second technology is a tracking mechanism that connects to a central repository so health officials can carefully monitor the spread and take steps to intervene as appropriate.  This too is voluntary in the US (by way comparison, Israel and South Korea have made their programs mandatory), and data is collected in a way that allows health officials to monitor the spread and take corrective action if necessary, but supposedly is not shared or used for any other purpose.  The challenge, however, has been that even though the technology has been touted as avoiding the compromise of privacy, in fact problems have arisen where location data in is inadvertently being shared with other entities.  For example, South Dakota’s contact-tracing app was sending personal identifying information to Google and Foursquare, despite claiming not to share any data," Cattanach says.

The Three Important Implications

"What implications will these experiences have going forward?  Three important ones immediately come to mind:

  1. State-by-state approaches produce a patchwork quilt of data and effectiveness, which will add further impetus to more uniform federal approaches to privacy issues;
  2. This will provide real-life context for the ongoing discussion of how best to resolve the tension between privacy and the public interest, and perhaps add a dose of reality to the idealistic notion that individual privacy interests are sacrosanct under all circumstances; and
  3. Technology designed to obtain sensitive personal information but at the same time protect privacy interests will continue to be viewed with healthy skepticism," Cattanach says.

About the Author

Robert Cattanach is a partner at the international law firm Dorsey & Whitney. He has previously worked as a trial attorney for the United States Department of Justice and was also special counsel to the Secretary of the Navy. Today he is a expert on CCPA, cybersecurity and data breaches, privacy and telecommunications, and international regulatory compliance.