Preserving Privacy in a Unified Contact Tracing System

After more than a year and a half into this pandemic, be honest: have you ever grown tired of filling up contract tracing forms or apps by this time? Do you ever feel like you’re only doing it to comply (and not really because you believe it’s useful)? Have you ever asked yourself: where will my data go; are they being kept safe; is there really a need to get this much information from me?

If you have, you’re not alone. The adoption of contact tracing systems for the COVID-19 pandemic has become such a common practice by this time all across the globe. It’s been the same here in the Philippines, where private companies and government entities alike have all come up with their own mechanisms, all for the same common purpose of contact tracing.

For all its efforts, though, the country is still having a hard time tracking down and monitoring COVID-19 cases and their close contacts. Just this March, the government admitted that contact tracing has consistently been the weakest point in its pandemic response. One major reason for this are the numerous apps currently being used today and their inability to operate in an integrated manner.

Taking stock of the country’s contact tracing problem, a House Resolution calling for a unified contact tracing protocol in the country was filed by current House Speaker, Lord Allan Velasco, and subsequently approved by the House Committees on Health and Information and Communications Technology. The Resolution notes that the different contact tracing apps and the decentralized nature of storing the collected data have led to redundant products, cost duplication, and ultimately, a very ineffective contact tracing effort.

If the call is heeded, it may allow StaySafe.ph, the country’s official contact tracing system, to assume a prominent role in the government’s centralized approach to disease monitoring and management. In theory, at least, the app will let the authorities act more promptly based on the greater amount of incoming information it will get, after all the different apps currently in use have been integrated.

Despite its good intentions, however, the Resolution doesn’t seem to address the trust issues people have with Staysafe.ph, both in terms of security and reliability. And it certainly hasn’t helped that former Undersecretary of the Department of Information and Communication Technology, Eliseo Rio, and even contact tracing czar, Mayor Benjamin Magalong, have both come forward and expressed their doubts about the app.

Most concerns relate to the possibility that the collected information could potentially be used for surveillance and other unauthorized purposes, as a result of function creep. Some are worried that the government could retain the collected data and use it for other purposes even after its usefulness for contact tracing has expired.

Not even assurances from the Department of Interior and Local Government, the agency currently managing the app, about its compliance with all applicable laws, rules, and regulations have had the effect of calming people’s nerves. Neither has the express endorsement by the National Privacy Commission via its press statement.

This is unfortunate since social trust is extremely important if a unified contact tracing system is to be effective. This, since the collection and use of personal data in contact tracing cannot be avoided. And in order for people to be okay with that, they need to trust the system.

A good way to earn that trust is to take data protection seriously. The government needs to show people it can and will take care of their data. To go about doing that, here are some data privacy principles the government needs to adhere to when the unified contact tracing system is implemented:

Limit data processing to what is needed for contact tracing.  Collect and process only those data necessary for contact tracing. The Department of Health has already released the guidelines for this. They should be followed. In line with this, retain the data for a limited period of time only (i.e., thirty days as per NPC Advisory No. 2020-03), and dispose of it soon after.

Be transparent and obtain consent, if necessary. To demonstrate commitment to transparency, inform users about the collection of their information, including the nature of the data processing, its purpose, scope, and any available safeguards. Explain also when and how disposal of the data will be carried out. This is usually achieved by drawing up a Privacy Notice. There may be times when consent will have to be obtained—usually, when sensitive personal information is involved. Keep in mind the elements and acceptable formats of a valid consent.

Adopt or implement security measures.  There should be adequate security measures for the system, whether it be in the app, website, or overall process. They should be incorporated in such a way that they mitigate any possible disadvantages and risks that users may be exposed to.  Conducting a Privacy Impact Assessment as a prelude will help identify such risks and disadvantages.

Establish and enforce data governance policies and procedures.  Well-crafted policies make sure data is used and managed properly and consistently. They keep everybody on the same page, regularly following agreed-upon best practices.

Execute appropriate contracts or agreements. Since contact tracing is a collective effort, the collected data will usually end up in the hands of multiple entities. It is therefore important to make sure that all of them are complying with the Data Privacy Act (DPA) and are aware of their respective responsibilities. One way of doing this is by entering into contracts like data sharing agreements (with LGUs or other entities acting as personal information controllers), data processing outsourcing agreements (with service providers), and non-disclosure agreements.

Continuous monitoring and evaluation of the system.  As with any other system, constant monitoring for technical vulnerabilities, policy gaps, or any unauthorized access or use of data is necessary. Technology upgrades, new policies, and revised procedures may be necessary to address issues and other problems that come up along the way.

Observing these practices is not an easy task. But it is worth pursuing, since they all help gain the trust of the public, which, again, is crucial when asking them to embrace a system they are supposed to entrust their sensitive personal data with.

Is the list exhaustive? No, but it should be at least sufficient to show the level of commitment the government has towards the preservation of privacy and the security of personal data when it comes to its contract tracing system.