The use of digital technology in responding to the Covid-19 pandemic has brought to the fore once more concerns around privacy and security in relation to data usage.
The past decade has seen a substantial push within health systems to utilise digital technology advancements to provide greater efficiencies and ultimately better outcomes. Digital health records, automatic procurement and big data analysis are just some examples whereby Northern Ireland has sought to modernise and transform the delivery of healthcare.
The advantages of each digital advancement, particularly those that deal with personal information of citizens, have all had to be closely balanced with privacy rights, as well as security concerns.
Understandably, following the outbreak of Covid-19, attention has been turned to how technology can be best utilised in tackling the pandemic. To date, the result has been mainly a greater focus globally on two major digital programmes: digital contact tracing and the use of big data. However, the extent to which these technologies are being utilised has differed significantly across the globe and, particularly in Europe, have been met with some resistance over concerns around privacy.
In May, the Northern Ireland Assembly’s Research and Information Service produced a briefing paper on the use of digital measures to combat Covid-19 to support the Covid-19 Ad Hoc Committee and the Health Committee with their scrutiny of the pandemic response, focussing on the technical and ethical challenges of the use of contact tracing apps and big data.
Northern Ireland, which has resumed contact tracing following an earlier move away from the policy, has yet to announce any plans to introduce app-based software. Instead contact tracing is being done manually, through telephone calls. Both the UK Government and the Irish Government have announced plans to use digital platforms and introduce apps, however, both have experienced delays and will likely not be launched until July.
Asian countries were the first to rapidly develop digital technologies in response to the spread of the virus and in a bid to emerge from lockdown. However, while the effectiveness of a range of measures such as communication monitoring, movement monitoring and facial recognition were recognised for their effectiveness, the intrusiveness of such technologies made their introduction in Europe highly unlikely, given the greater levels of legal restrictions and stronger privacy culture.
Many countries across Europe did recognise the potential benefits of contact tracing technology and initiated work on how the technology could be adopted to in a way that at least lessens the privacy concerns of citizens. The result was a call from the EU Commission for a more cohesive approach, both for greater operability purposes and more effective regulation.
However, varying levels of government and citizen levels of awareness and concern in relation to privacy, within individual countries, have been highlighted by the fragmented approach to contact tracing apps.
Most concerns are based around a centralised and decentralised approach. Centralised data collection relates to control by a health authority of a central server for data collection. In comparison, a decentralised model, such as that being developed through the Google and Apple in collaboration, uses individual phone technology, negating the need for data to be retained in one place. This approach is widely viewed as better from a privacy perspective but less accurate than a centralised model and removes the ability of health authority to gather data for resource planning.
For Northern Ireland, public acceptance of the model will be important if and when a contact tracing app is developed. Norway, for example, was one of the first European countries to exit their lockdown and use a centralised app. However, citizen concern around privacy are said to be largely responsible for a high drop put rate in app usage. Less than 900,000 people are actively using the app, out of the 1.5 million who downloaded it.
The UK and France continue to pursue a centralised models, however, both Germany and Italy have changed their original stances in favour of a decentralised model, and many countries have followed their lead.
Understandably, the privacy issue is also prevalent in any progress to utilise mobile data for policy decisions such as the easing or hardening of social distancing measures or the location of resources regarding testing.
As well as gathering mobile data for contact tracing apps, governments have also recognised the value in utilising location data for better understanding of movement patterns before, during and eventually after the pandemic.
The health service in Northern Ireland, in its recognised need for transformation, has put a much greater emphasis on big data analytics in recent years, recognising the potential it provides for preventive models of care rather than reactive treatment. Again, central to progress and ambitions, has been the legal underpinning of the ability to gather, retain and use people’s personal records.
Understandably, the privacy issue is also prevalent in any progress to utilise mobile data for policy decisions such as the easing or hardening of social distancing measures or the location of resources regarding testing. There are question marks over whether, if channels of data gathering and sharing are opened, it would ever be possible to return to previous ways of working.
Whereas contact tracing technology in most countries requires an action to be taken by citizens to include themselves in a programme designed to digitally exchange details, the technology needed to gather data regarding movement is already present in most people’s personal devices. Location signals and individual device IDs are commonly used in even the most basic smartphone apps.
Utilisation of big data in relation to disease outbreak has been proven to be effective prior to Covid-19. For example, the Assembly’s research report highlights that in Africa, in particular, aggregated mobile data has been used to track malaria in order to identify areas with large medical needs and to track future potential outbreaks and mobile phone carriers have increasingly been sharing mobile data with individual EU governments to assist with tracking Covid-19.
Mobile phone operators are not the only organisations working with governments to provide mobility patterns and data. Both Facebook and Google are also producing data for use. While all data providers have stressed the security of their measures to anonymise the data provided, concerns exist about the potential to reverse these security measures.
“Privacy commentators and civil liberties groups have raised concerns about whether the data will be repurposed for other means and for how long the EU intends to hold onto the data,” the report states.
With the pandemic expected to come in waves, consideration of the best use of big data in Northern Ireland will be an important factor in both assessing the impact of measures in ensuring the health service is prepared for both potentially high and low demand, as well offering the opportunity to analyse restriction impacts for future scenarios.
The rapid pace of technology development in healthcare have brought with them a host of advantages but also present a range of new challenges in regard to privacy. Policy makers will have to balance ambition with public trust in deciding how best to utilise new technologies both during the pandemic but also planning for the extent to which it continues to use these in the post-pandemic period.