In the present, as many countries are struggling to save its citizens from the second wave of the covid-19 virus, many methods are being created for people to check if they have been in contact with a person infected with the coronavirus. One of these methods is Contact Tracing Data, which is a method that is used by many countries. But, as same as the god of Janus, although this method seems to be important and effective, there's a dark side of this method concerning one's privacy and public safety. Therefore, this content is brought for you to make awareness of the privacy risks of Contact Trace Data Disclosure on people with covid-19.
How do they know your information?
Most significantly, contact tracing which is defined as the identification and follow-up of persons who may have come into contact with an infected person gives data about the gender and the age of the patients. Rather than that personal information, such as demographics, sensitive information, social relationship, routine behaviors are included in the contact trace data. This is the same as sharing our data in apps we use or on social media. Such apps and social media use these data to send us personalized advertisements based on our interests. As such, although contact tracing identifying can be advantageous for public safety, revealing personal data would infringe upon one's privacy. Therefore, privacy risks such as online harassment, spreading rumors based on uncertain information may cause social stigma which would be a dangerous side effect of contract tracing. For example, these data can be simply and easily used by an unauthorized person or a company for different purposes such as for marketing campaigns, researches, or for any other dangerous activities such as blackmailing, without user consent.
How to ensure the safety of privacy of information?
As contact trace data carries many information mentioned above, it has now been identified that limited, the right amount of information would be helpful for people to self- identify potential close contacts with people confirmed to be infected. It's important to notice that it is possible to automatically check privacy issues such as with an intelligent system that detects possible privacy issues from the patient data before disclosure. If a machine can be used to learn and analyze the semantic, structural, and lexical properties of the data or by any other ways to estimate the privacy risks of data, it would be highly adequate to decrease the threat.
“Patient privacy is a top priority of public health authorities – there can be no investigations without trust, and therefore people can rely on public health agencies to protect their privacy. However, privacy is also a huge concern in the era of smartphones and digital tracking. Cell providers, marketing companies, and the government all have access to cell phone tower data that can localize mobile devices. This data has been used by some countries to guide their disease investigations. However, there are privacy-preserving approaches such as the Apple/Google partnership using opt-in Bluetooth data. There is a risk that this pandemic becomes a slippery slope that encourages more monitoring of the population for other purposes. Researchers and policy-makers alike should work with the public to identify which conditions are acceptable for the use of such information.”
— Neil Abernethy, PhD, Associate Professor of Biomedical Informatics and Medical Education, University of Washington (Posted 4/16/2020)
However, all such approaches should be handled with care. And, another issue that can be identified is that unidentified persons would create similar systems, pretending to authorize persons and gather information about people. Therefore, an information system that is officially created by a local government and if delivered to the public via authorized communication methods would help to manage the privacy of the people. It is better if such a system can authorize data usage, a tracking system to track how the data is being used, and delete information when it is outdated. Rather than these methods, unified management of contact tracing data, mobile technologies for contact tracing are preferred to be adequate for protecting data.