This article is part of Privacy in the Pandemic, a new series from Future Tense.
Governments around the world, including the U.S., are seeking to collect location tracking information as a tool to combat the spread of the novel coronavirus. Privacy advocates have appropriately been warning that any such efforts must include robust safeguards for privacy and human rights, while recognizing that it may be necessary to permit some collection of our data. But we should not simply think of governments’ requests for location data as a trade-off between public health and privacy. Rather, as we address this pandemic, policymakers must focus on what kinds of data would actually be helpful to public health authorities and effective in achieving their goals. Such an approach will also reduce the privacy risks.
Public health authorities need to map where the novel coronavirus is spreading and where hospitals need supplies. As the U.S. Centers for Disease Control and Prevention has explained in the context of monitoring other infectious diseases, data showing where infections occur “helps public health authorities monitor the effect of these diseases and conditions, measure the disease and condition trends, assess the effectiveness of control and prevention measures, identify populations or geographic areas at high risk, allocate resources appropriately, formulate prevention strategies, and develop public health policies.” The vast troves of location data created by mobile phones and apps may seem like an attractive source of information to arm government officials in this mapping to battle against COVID-19. But it is important to distinguish between the need to track the disease and marshal resources accordingly, and any effort to use location data to track the movements of specific individuals. That is, aggregated location data holds promise to help public health officials assess where the next hot spot is likely to occur and where to direct critically needed medical equipment. Individualized data following the movements of specific people, on the other hand, provides little value, and it does not make sense for officials to collect it, particularly given its high level of invasiveness.
Heat maps and analytical tools relying on aggregate location data may be a valuable resource for public health officials planning public health responses. Many companies are working to develop tools that rely on such aggregate location information. In Europe, telecommunications companies are providing governments with heat maps to show how population movements are changing as a result of guidance and orders for people to restrict their movements and stay at home. For example, Telenor reports that it has developed a model to provide aggregated mobility data showing population travel in Norway, which is helping authorities to predict the number of hospital beds needed in certain areas. Similarly, Telia has announced its “crowd insights” tool showing commuting patterns and crowd density throughout Scandinavia and the Baltics to assist the government response.
Here in the United States, Facebook adapted its Disease Prevention Maps, and just last week Google launched its new COVID-19 Community Mobility Reports, through which the company provides data showing the changes—compared with a prepandemic baseline in February—in people’s movements for 131 countries and regions. The Google tool relies on aggregated location data to show movement trends across six categories of locations including grocery and pharmacy, parks, and workplaces. Google states that this information can help officials understand changes in travel patterns and identify where additional resources may be needed. Although it is too soon to know how helpful these various tools based on aggregate location data will prove to be, they are designed to provide the types of information that public health authorities need.
By contrast, some governments have sought to use location information for a second purpose, to track specific individuals’ movements. For example, Israel has used location data to retrace the movements of individuals who test positive for COVID-19 in order to identify other people who may have come into contact with the infected individuals. Despite the privacy implications, this might appear to be a productive move, since social distancing is one of the key recommendations by the World Health Organization as protection against the novel coronavirus. But as experts have explained, phone location data is not precise enough to allow assessments of whether particular people are staying 6 feet apart from one another, and even GPS data does not provide a sufficiently granular source of information to assist such efforts.
As a result, tracking specific individuals for epidemiological tracing or to promote social distancing is not an effective use of location information, and governments should not seek it for that purpose. Nonetheless, tracking the movements of a specific individual over time is highly privacy-invasive. As the U.S. Supreme Court recognized in Carpenter v. United States, this information “provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’ ” Therefore, the court held that if law enforcement officials seek to obtain location information on a particular individual—at least if they are seeking such information for a period of seven days or more—they must get a warrant. Hopefully, states will not turn to criminal enforcement to address the pandemic, but if states that have included criminal penalties in their stay-at-home orders seek location information for criminal enforcement, they will need to get a warrant.
Ultimately, as companies and policymakers seek to leverage location data to address the COVID-19 crisis, they should focus on how such information can actually be useful to public health authorities. To the extent that authorities want to identify locations where people may be congregating in violation of social distancing guidance or actual emergency orders, heat maps based on aggregate data can provide that information. For example, such a map may demonstrate that a certain park needs to be shut down because too many people are gathering there at the same time. Relying on aggregate data is a more productive approach that also better safeguards privacy.
Even with the use of aggregated location information, we must hold companies accountable to incorporate robust privacy safeguards in the tools they develop and share with government officials. There remain risks that aggregate anonymized data can be reidentified, and it is important for tools to use modern, sophisticated methods like differential privacy (which involves adding “statistical noise” to results drawn from datasets to prevent anyone from being able to learn facts about a specific individual whose data is included in the dataset) to protect the anonymization of data. Similarly, governments and companies should limit the deployment of these emergency responses to the duration of the current public health crisis. Google, for example, has promised that its new COVID-19 mobility reports will only be available for a “limited time,” so long as public health officials find them useful to address COVID-19.
Some have already noted the lessons we should learn from our nation’s response to the tragic attacks of Sept. 11 in addressing the current battle against COVID-19, such as questioning whether “data is actually accurate and actionable.” Another lesson we can draw from the United States’ post-9/11 counterterrorism efforts is that when our government collects only the information it really needs in order to address the threats we face, the effectiveness of the government response increases and the risks to privacy decrease; indiscriminate bulk surveillance is both privacy-intrusive and ineffective. With health surveillance as well, the first question should be what information will actually help our government to address the threats we face. Promoting efficacy and protecting privacy go hand in hand.