How Europe Is Bumping Against Privacy Laws in Coronavirus Battle
Google is looking at how to assist with the data from users who allow location sharing, and on Thursday published over 100 country-specific reports showing how mass movements have changed in the last month.
European Union governments have pushed the bloc's stringent data privacy rules to their limits by tapping the biggest telecom and tech companies for data to tackle the coronavirus outbreak.
Wireless companies such as Vodafone and Deutsche Telekom have shared mobile phone location data to show users' movements and gauge the effectiveness of lockdowns in certain areas. Google is looking at how to assist with the data from users who allow location sharing, and on Thursday published over 100 country-specific reports showing how mass movements have changed in the last month.
All this is happening against the backdrop of the bloc's General Data Protection Regulation, which is among the strictest of such laws in the world. Overstepping it can cost companies as much as 4% of their global annual revenue.
The wireless companies stress that data is being aggregated and anonymized. Processing of personal data is also justifiable under GDPR to protect lives "for humanitarian purposes, including for monitoring epidemics."
Countries like South Korea have managed to stymie the outbreak in a way Europe can't copy, with contact-tracing to map contagion at a person-to-person level. To do this in Europe, governments would have to push controversial new or emergency laws -- or get users to voluntarily share more about themselves at a massive scale.
Attempts at the latter include a piece of software dubbed Pan-European Privacy Preserving Proximity Tracing, designed to use a smartphone's Bluetooth radio to scan and log the location of nearby people, or, more specifically, the phones they're carrying. Its developers say they hope EU states can use it as the engine inside future contact-tracing apps.
Users must rally to one app en masse for such technology to work, but there are several other disparate attempts. Here's how different European countries are attempting to balance the need for data with personal privacy laws.
Former state monopoly BT is using mass population data in measures backed by the Information Commissioner's Office, the nation's privacy watchdog. Officials and carriers are also in talks about how roaming data used carefully could help repatriate Brits stranded abroad, according to people familiar with the matter.
Palantir is also working with data for Britain's National Health Service. Health Secretary Matt Hancock signaled that citizens must consider making a trade-off with privacy on March 18, when he tweeted "we are all having to give up some of our liberties; rights under GDPR have always been balanced against other public interests."
Although it's the European nation most concerned with privacy, its biggest carrier Deutsche Telekom has shared "anonymized mass data" with the Robert Koch Institute to map mass movements and predict Covid-19's spread, based on procedures approved by the country's data regulator in 2015.
Meanwhile, German startups are working on an application to help the government track infected people, and the state data protection authority for Rhineland-Palatinate has said that approach may be the best option, provided it remains voluntary and the data is later deleted.
"General location data is not sufficient to understand infection chains, said the watchdog. "Taking the route of a voluntary mobile phone app seems more feasible here."
Stephane Richard, CEO of the biggest French telecommunications company Orange and also chairman of the mobile industry lobby group GSMA, has been pushing for the use of voluntary tracing apps on radio and in newspaper Le Monde.
He's advocated something like the app used to trace citizens in Singapore, TraceTogether. It would trigger fresh privacy debates, but Richard said it's less of "a destroyer of freedom" than the techniques seen in places like China.
The country's biggest network operator, Telekom Austria, is sending "anonymized data" to authorities, based on technology originally developed by south Austria's Invenium Data Insights to analyze travel patterns.
The hardest-hit European country was one of the first to test how data can be used. Officials have used anonymized data from Vodafone -- and data mapping earlier in the month showed millions in the epicentric Lombardy region were still moving beyond their homes.
However, after a month of enduring and enforcing a national quarantine, and more than 13,000 deaths, there are early signs the disease's spread in Italy is starting to plateau. Its neighbours and the EU will need to decide soon whether the monitoring regime there was enough, or more aggressive methods are needed.