Smartphones are now becoming the unlikely tools for the European governments in fighting the coronavirus outbreak. Towards March ending, Belgian authorities turned to the country’s phone data operators to see if the restrictions on movement were being obeyed enough to slow down the spread of the virus in the country.
The mobile phone companies’ data showed that Belgians were spending about 80% of their time within their zip codes, this suggests they were largely adhering to stay-at-home orders which are helping the authorities to shelve plans for tighter confinement rules.
“Aggregated mobility data helps us make more balanced decisions,”
Belgian Telecom Minister Philippe De Backer said.
“Mobile phone data has helped us decide to continue the confinement measures, rather than becoming too strict.”
Currently, as countries from Austria to Germany ease the lockdowns, governments want to leverage such phone data, even more, to keep the coronavirus virus in check-raising some privacy concerns. Unlike Apple Inc. and Alphabet Inc.’s Google, whose tracking software to alert their users if they have come into contact with an infected person will be voluntary.
The mobile phone operators inherently need access to a subscriber’s approximate location to route calls or text messages through the nearest cell tower. Mobile phone data operators have for years collected and sold aggregated data to companies and authorities, typically showing the number of people in an area for crowd management or to help municipalities and public transport companies predict commuting patterns.
On rare occasions they have provided private location data to confirm or contest alibis in criminal cases. With vast amounts of movement data now flowing into the hands of government agencies, privacy experts are urging caution.
For some, the initiatives are reminiscent of the National Security Agency programs exposed by Edward Snowden, under which the U.S. government scooped up massive amounts of metadata from phones without a warrant.
The European authorities say they are only using the aggregated mobile phone data to review mobility patterns or to build models to trace the trajectory of the epidemic. Still, privacy concerns remain.
“It probably won’t be traced back (to the individual), but it always remains open,”
said Diego Naranjo, the head of policy at internet rights association Edri.
In Belgium, the pandemic taskforce gets aggregated information showing trips between two zip codes and their duration. The Norwegian Institute of Public Health uses phone data from Telenor ASA to help local authorities determine the number of hospitalizations and ICU beds needed.
The institute has asked Telenor to break the data down by age and gender to better model the coronavirus pandemic, a request the phone company is looking into, said Kenth Engo-Monsen, a senior researcher at the operator.
Smartphone location data will play an important role in the easing of lockdowns, says Dirk Brockmann, a professor at Berlin’s Humboldt University and a member of the project on epidemiological modelling of infectious diseases at the Robert Koch Institute, a German government public health agency.
“It’s a very good measuring device on how people respond to the release of restrictions,”
said Brockmann, who has access to daily movement updates from German phone companies.
While the telecom operators stress they’re only sharing aggregated and anonymized data in accordance with EU privacy rules, governments could pass special laws to obtain data on people suspected of being infected, as officials have done in China, for instance.
Slovakia is one of the first European countries to pass such a law, giving government agencies access to individualized phone data to stem the spread of the virus. In the U.K., Germany and elsewhere, voluntary mobile apps are being developed to track infections.
Anonymized data isn’t subject to the EU’s strict privacy rules including user consent since it’s no longer considered personal information. But if aggregated location data can be traced back to an individual, it could be sensitive. It could reveal where someone spent the night, whether they have drug addictions or other deeply personal information.
Telecom companies use multiple steps to process such data. In Austria, A1 Telekom Austria AG encrypts and strips identifiers from the raw location data before sending it to Invenium Data Insights GmbH, a data-processing company.
The phone data is sent in the form of a hashed ID code of garbled letters, numbers and symbols that would take 100 years to de-anonymize, according to Michael Cik, a co-founder of Infinium. Continue reading