Study examines contact tracing apps' compliance with individual rights
Some of the COVID-19 contact tracing apps in use today fall short of meeting the UN's criteria for individual rights and fairness, a new study shows.
The UN’s criteria for individual rights and fairness form the basis for a newly-published critique of COVID-19 contact tracing app guidelines for Europe, and of apps already being used by millions in Austria and Singapore. Released today by researchers in Sweden and Denmark, the analysis is presented with a “scorecard” that rates the apps according to how they comply with the UN’s Sustainable Development Goals.
Among the three cases, Singapore’s TraceTogether app was ranked lowest in overall compliance with the 17 Sustainable Development Goals that comprise the UN’s “blueprint for peace and prosperity.” Austria’s Stopp Corona, was ranked highest.
The real benefit of aligning with the Sustainable Development Goals is that by doing so, the apps will appeal to more users and get more downloads, says Associate Professor Ricardo Vinuesa, a researcher in the department of Engineering Mechanics at KTH Royal Institute of Technology.
“The apps alone are not a solution, but part of a strategy to fight the pandemic; so the strategy should be about transparency,” Vinuesa says. “The use of the apps cannot be mandatory, and you need a significant fraction of the population to download the app in order for this approach to work.”
Adopted by the UN in 2015, the Sustainable Development Goals are intended to provide a way forward as nations struggle with societal challenges such as reducing poverty, providing resilient infrastructure, and making fresh water available.
But the goals also take aim at non-material matters, such as such as global political stability and justice, growing inequality, biased election outcomes, hatred for minorities and increased nationalism.
“That’s the context in which contact-tracing apps begin to pose problems, even if they prove effective,” Vinuesa says.
The European Data Protection Board (EDPB) guidelines for app development, as well as the apps Stopp Corona (published by the Austria Red Cross) and TraceTogether (published by Singapore Government Technology Agency), were judged according to a range of criteria, including discrimination, privacy and data protection, transparency, individual rights, data management and security. In their presentation of the analysis, the researchers divided these criteria into three general categories: impact on citizens, technology and governance.
Significantly, none of the publicly-funded efforts provide protection against individuals’ data being used beyond contact tracing, Vinuesa says. Nor do the apps contain a sunset clause. The European Data Collection Board does provide a clause to halt the use of apps once the situation returns to “normal,” but what constitutes “normal” remains undefined, the researchers found.
Decentralization of data collection is another key area where the trust of citizens is at stake, Vinuesa says. The researchers had also analyzed the first proposal for COVID-19 tracing in the UK and they called out its centralized data collection, a fatal flaw which would eventually lead to the app’s rejection by the National Health Service.
But data management is not the only aspect of governance where things can go wrong. The technology behind Singapore’s TraceTogether app scores high but the governance scores low in part because “the government was sending messages several times per day and telling citizens too much information – essentially invading their privacy,” Vinuesa says.
Vinuesa says that the report can be used by governments and citizens alike in judging whether the apps maintain standards of transparency and fairness.
The compliance scores were as follows (The full report provides detail on each of the four contact-tracing systems and how their scores were arrived at):
Governance, including the right to contest and liability, plus non-intended uses of data: Stopp Corona 56%; TraceTogether 50%; EDPB Guidelines 63%; NHS COVID-19 38%;
Technology, including security, ease of deactivation and data management: Stopp Corona 100%; TraceTogether 80%; EDPB Guidelines 80%; NHS COVID-19 60%.
Impact on Citizens, including guarantees on rights to safety, health, non-discrimination and freedom of association: Stopp Corona 83%; TraceTogether75%; EDPB Guidelines 75%; NHS COVID-19 33%.
David Callahan
A socio-technical framework for digital contact tracing, Results in Engineering
DOI: 10.1016/j.rineng.2020.100163.