Governance & Risk Management , Privacy , Security Operations

Should Location Data Be Used in Battle Against COVID-19?

US, UK, Other Nations in Talks With Tech Firms to Provide Information
Should Location Data Be Used in Battle Against COVID-19?
Google and Facebook have been approached by the White House to share location data.

The Trump administration is in talks with technology companies, including Facebook and Google, to explore whether it's possible to use real-time location data from smartphones to support efforts to slow the spread COVID-19, according to The Washington Post and other news reports. But some lawmakers, attorneys and others have raised privacy concerns about such tracking efforts.

See Also: An Identity Security-first Approach to the Evolving Threat Landscape

The Post, citing people familiar with the matter, reports that government officials, as well as healthcare and technology experts, are looking at the possibility of allowing private companies to compile real-time location data in anonymous and aggregated forms.

The data could help track movements of people and allow researchers to map patterns, which could reveal the existence of COVID-19 hotspots and allow officials to direct more resources to specific areas, according to the Post. It could also help track whether individuals, in general, are following social distancing practices.

As of midday Friday, Johns Hopkins University reports, there were over 265,000 confirmed cases of COVID-19 worldwide and 16,00 cases in the U.S., with over 11,000 fatalities globally and over 200 in the U.S.

Privacy Considerations

Sen. Edward Markey, D-Mass., wrote a letter to Michael Kratsios, the CTO of the United States, Thursday expressing his concerns over the White House's plans to engage with Amazon, Apple, Facebook, Google, IBM and other tech companies to leverage location data.

"A person's location information can reveal other sensitive details, such as a place of employment, religious affiliation or political preferences," Markey says. "We need assurances that collection and processing of these types of information, even if aggregated and anonymized, do not pose safety and privacy risks to individuals."

Michelle Richardson, the director of the Privacy and Data Project at the Center for Democracy and Technology, a consumer advocacy group, calls for a cautious approach.

"There are ways that companies can use data that has no personally identifiable information in it at all, and that’s what we should start with, not this idea that we're going to track every individual by their cell phones and see where they go or who they interact with," Richardson tells Information Security Media Group.

Albert Gidari, a privacy lawyer and consulting director of privacy at Stanford University’s Center for Internet and Society, voiced similar concerns on Twitter.

White House Meeting

The White House held a private meeting Sunday with tech executives, entrepreneurs and investors who presented ideas on disease mapping and telehealth, the Washington Post reported. The meeting involved executives from Apple, Google, Hangar, telehealth startup Ro, public health leaders from Harvard University and venture capitalist Ron Conway, the newspaper reports.

Tech companies are weighing their legal obligations and data governance rules in light of the California Consumer Privacy Act, the EU's General Data Protection Regulation and other regulations (see: Data Governance: How to Tackle 3 Key Issues).

Google says executives are investigating potential ways to use its mapping and location data to help track the spread of COVID-19. The company says it will follow stringent privacy protocols, and it says any project will not involve sharing data about any specific individual's location, movement or contacts, Reuters reports.

Laura McGorman, policy lead for Facebook's Data for Good team, tells ISMG that the social media company has briefed the Centers for Disease Control and Prevention about sharing information with researchers to help them create data maps, but no official agreement has been discussed.

"There is no agreement to share people's location data with governments," McGorman adds.

Corporate Privacy Shift

Stephen Wu of the law firm Silicon Valley Law Group says that location data sharing proposals raise challenging legal issues because of varying state laws as well as the privacy protection guaranteed by the U.S. Constitution. Wu notes that any companies that may participate in tracking efforts may need to rethink their privacy guidelines and data governance rules.

"If you have a data company that ends up changing its business model where it's potentially sharing information with the government - and to the extent that it's not a national security issue where the government requires the company not to say anything publicly - then they should change their privacy policy to make sure that consumers understand that if they are doing business with you, their data might be shared with the government," Wu tells ISMG.

Wu adds that laws such as CCPA and GDPR require that when companies create new use cases for data, they must notify customers of that change, and they might also have to obtain a new consent from users.

Tracking Outside U.S.

Other nations are also weighing the use of location data in the fight against COVID-19.

In Europe, mobile carriers are sharing anonymous and aggregated data with health authorities in Italy, Germany and Austria in a way that complies with GDPR, according to Reuters.

Meanwhile, China, South Korea and Taiwan are using mobile phone location data to trace the contacts of people who have tested positive for COVID-19 in an effort to enforce quarantine, Reuters reports.

In Singapore, the government is publishing on public websites coronavirus patients' ages, nationalities, length of hospitalization, where they live and connections of victims to one another, Markey says. As a result, individuals are being stigmatized as data about the movements are revealed, he says.

"The Trump administration must take extreme care not to implement location data-use policies that run the risk of violating Americans’ privacy," Markey says.


About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.