skip to Main Content

Governments are using mobile location data to contain Covid-19 – is your private information safe?

September 14, 2021 | Digital article
Published on

By Kerry van der Mescht

By James Claude.
Published on: Fin24

Data has become one of the most valuable assets in the world. The analysis of data by governments, corporates, and other institutions continues to increase in the pursuit of efficiency in the delivery and allocation of services. However, there is concern over data privacy and security, including whether the data is sold or used for anything other than the intended purposes.

Globally governments are using mobile location data to respond and effectively contain the spread of Covid-19. In South Africa, the Council for Scientific and Industrial Research (CSIR) is instrumental in the government’s data-driven approach to managing the pandemic. The CSIR developed a platform that monitors human mobility, with data provided by mobile network operators, tracking companies, and cloud-based service providers, such as Google and Apple. The movement patterns of people across specific areas provide insight into virus hotspots, high-risk and vulnerable areas assist in determining where resources need to be deployed.  The platform also monitors lockdown compliance and the spread of the virus.

However, Human Rights Watch is particularly concerned by these platforms because mobile location data can contain sensitive and revealing insights about a person’s identity, location, behavior, associations, and activities. The use of mobile phone network data creates granular, live targeting opportunities, which can be used by governments to forcefully impose quarantine, discriminate, or crackdown on populations for other reasons. In the hands of abusive governments that already have adopted intrusive surveillance practices, this can serve to enhance repression.

The issue of privacy and technology systems used by governments is highly contested. There is a fine balance in how to use data in a way that individual privacy is protected and complies with regulations. But at the same time have a complete dataset that is detailed enough so that the analytics provides insight that is meaningful.

To solve this dilemma companies who collect mobility data must ensure pseudonymizing – particularly if it is a special category of personal data.  This process masks data by replacing identifying information with artificial identifiers.  It removes, replaces, or adds fake identifiers, and therefore the data cannot be linked to an individual’s private information.

However, pseudonymizing alone has its limits because it allows anyone with access to the data to view part of the data set. Therefore, including encryption is also recommended.  It also obscures information by replacing identifiers with something else, but it allows only approved users to access the full data set.  Both processes can be used simultaneously or separately. It is also important to work with huge clusters of data, the bigger the cluster, the less identifiable an individual’s data is.

This is the recommended approach outlined in the General Data Protection Regulation (GDPR) implemented by the EU in 2018, which is regarded as the gold standard in the protection of private information. In South Africa, the recently enacted POPI Act is closely aligned to the GDPR, although POPI is more extensive and rigorous in that it includes information collected about companies, body corporates, trusts, and other entities.  The GDPR only applies to information about individuals.

Dr. Jabu Mtsweni, Manager of the CSIR’s Information and Cyber Security Centre in Pretoria, says that “access to this data made it possible for the government to review regulations and speed up response interventions, such as targeting points for screening and testing, issuing lockdown alerts, and using heat maps to plan for emerging hotspots”.

Over the last decade, there are many examples of the benefits of the use of mobile location data. It was successfully used to analyze the spread of the Zika virus. It showed potential in predicting the spatial spread during Haiti’s 2010 cholera epidemic. Interesting this 2015 scientific research report found that mobile operator data is a highly promising data source for improving preparedness and response efforts during cholera outbreaks. It also concluded that the findings were important regarding containment efforts of emerging infectious diseases, including high-mortality influenza strains.

Looking beyond the usefulness of mobile location data to manage the spread of diseases. The ability to build analytical models based on non-identifiable data is an important trend indicator and is immensely helpful to governments in their policy creation, execution, and oversight.  Australia’s DS&R legislation is based on the recognition that greater sharing of data can lead to more efficient and effective government services for citizens, better-informed government programs and policies, greater transparency around government activities and spending, economic growth from innovative data use, and research solutions to current and emerging social, environmental, and economic issues.