Commentary

Covid-19 Tracking: Privacy Risks and Lessons for Digital Advertising

April 16, 2020April 17, 2020 by Gary Stevens

Tracking Around the World

Given the trajectory of Covid-19, it’s no surprise that one of the first countries to mobilize its surveillance apparatus was China. Reports from the country claim that CCTV cameras were set up outside the doors of people required to self-isolate to verify that they were in compliance.

In other countries – and predominantly those in Southeast Asia – similar systems have been rolled out. In Singapore, the government rolled out an app called TraceTogether, which uses BlueTooth to track if infected individuals have been in close contact. In Hong Kong, some citizens have essentially been put under house arrest: They are required to wear a wristband that tracks their movements and alerts authorities if they leave the house.

Perhaps the most extreme measures are those being used in South Korea. From the earliest stages of the epidemic, the government of South Korea started using credit card transactions, location data pulled from smartphones, and live CCTV to track the movements of everyday citizens. These data were then compiled into a map that could tell people whether they had come into contact with an infected person.

Israel has also been using data pulled from citizens’ smartphones to track their movements, but with a crucial difference: The government openly admitted that it was already collecting these data for counter-terrorism purposes.

Privacy Concerns

These programs have raised significant concerns from data privacy groups. These concerns have been apparent for a while, particularly in the context of the growing amount of spyware in the IoT and the poor digital security measures of many businesses collecting data, shortcomings that cost businesses over $2 million a year on average.

But the coronavirus pandemic has made the level of surveillance more apparent to people not working in digital media or marketing, and has therefore re-ignited the cybersecurity and tracking debate. One of the major criticisms that has been raised of these measures is that they simply do not work.

The types of data collection tools being used by governments around the world are similar to those used by remote marketing teams, after all, and have been designed for advertising, not pandemic control. Location data pulled from smartphones, for instance, only locates users to within 16 feet on average. This is great for advertising, but not great for controlling a disease that can only pass between people at a range of six feet.

Another issue is that the laws being passed to facilitate these surveillance regimes grant governments extensive new powers, and in many cases they are not time-limited. This has led some to question whether these governments will ever give up the powers they have been granted. In the US, for instance, the Patriot Act gave the government significant new surveillance powers, but these were only designed to last until 2005. Parts of that law are still in effect. This has led some to question whether consumers have already lost the privacy war.

Some governments, particularly in Europe, have responded to criticism by releasing information on exactly what data they are collecting, how they are processing it, and with whom they are sharing it. The issue that remains is that even these governments are not asking for permission to collect data, and long after the pandemic is over these data could be used by law enforcement agencies to identify individuals.

Even governments that have taken steps to collect data in a transparent way have not escaped criticism. This is because governments’ records when it comes to keeping citizen data safe are pretty poor. This is reflected in citizens’ attitudes toward the ability of governments to protect their data and privacy: 49% don’t trust the UK government to protect their privacy, and nearly 90% of the same respondents trust the US government even less.

It’s also largely for these reasons that privacy legislation like Europe’s GDPR contains a clear principle that organizations should only collect the information they absolutely need to do their job. Governments and private businesses largely fail to meet that standard at the moment.

The Advertising and Politics Parallels

While these might seem like abstract debates, advertisers who have been keeping an eye on the news will recognize them. The concerns being raised at the moment are the same as those that have been an issue for advertisers – and particularly local advertisers who rely on location data – for a decade or more.

The surveillance systems now being rolled out for the pandemic are unlikely to have a direct impact on local marketers. However, the debates that they have precipitated should remind us all of the importance of customer trust when it comes to data collection.

In short, advertisers who rely on consumer data should ensure that they are only collecting what they need, that they store and process this securely, and that they are open and transparent with their customers about collection. Many of those same best practices apply to governments collecting data to fight Covid-19.

Gary Stevens is a front-end developer and copywriter who specializes in writing about cybersecurity, blockchain, and tech trends.