Feydzhet Shabanov - stock.adobe.
Re-purposing data and questionable effectiveness could undermine trust in NHS contact-tracing app
Experts call for greater clarity over how contact-tracing data will be used, while discussing the limitations of the coronavirus app
Data experts have expressed concern about the UK government’s approach to building a Covid-19 contact-tracing app, citing the potential for data to be re-purposed and its questionable effectiveness as primary worries.
Developed by the NHS’s digital healthcare innovation unit, NHSX, the app is currently being tested in the Isle of Wight before a planned roll-out in mid-May.
Having recently broken with Apple and Google’s decentralised application programming interface (API) approach to contact tracing, NHSX has instead chosen to upload “proximity contacts” and other data to a centralised server, which has brought mixed reactions.
Speaking on a location data and disease panel organised by the Benchmark Initiative, which promotes the ethical use of location data, Oxford Internet Institute researcher Jessica Morley said that although privacy concerns get the most attention, largely because of the public becoming more familiar with the issues in recent years, the centralised approach also poses serious questions about how data could be re-purposed in the future.
“There are privacy implications, but there are bigger implications from the perspective of autonomy and the potential secondary uses of these types of data,” said Morley.
“There are, in most instances [where it is being done], very little transparency around what those uses might be, what the government or the health system might do with that data in the future, and, if you push it out further, you start seeing the risks of linking that data to other types of data that your phone may collect, for example.”
However, Morley stressed that although a decentralised approach could ease some of these concerns, because the location data would be stored on the user’s device instead, it does not erase them completely.
Concerns over data re-purposing
Timandra Harkness, author of Big data: does size matter? and a member of the Royal Statistical Society working group on data ethics, also shared concerns about how the data could potentially be re-purposed further down the line.
“If you are being asked to consent to give up quite private information, which is who you have been near, it’s not only private to you, it’s also private to those other people that you are near,” she said.
“It is very difficult to ask people to trust you for one purpose, but retain the option to then re-purpose it to something else without really being clear about it up front.”
Harkness said the main problem is that the limits of what can be done with the data are very unclear, and there is a great deal of ambiguity surrounding who will get access to it, what they can use it for, and whether it will be destroyed at the end of the pandemic.
Some of these issues were raised by legal experts to Parliament’s Human Rights Committee on 4 May, when they argued that the app could benefit from additional legislation in order to safeguard data security and enhance the general public’s trust in using it.
“You are being asked to do your duty and sign up to download the app with really no control on what happens to your data,” said Harkness. “It’s anonymous enough for them to say ‘well, it’d be really hard for us to delete it off our database afterwards because we'd be trying to pick it apart from all the other data’, but it’s not so anonymous that it couldn’t be linked back to you.”
She pointed out that “mission creep” is an intrinsic problem to using big data. “One of the great potentials of big data is that you can get data that was collected for one purpose and ask a different question and put it together with another data set, and do things with it that were never imagined by the people who originally collected it,” she said.
Necessary, proportionate and effective?
According to Morley, one of the ways to restrict the ethical issues associated with the app is to give it a very limited function to fulfil and a very small window of time to operate in.
“The way that we restrict people’s civil liberties and rights is, particularly in time of national crisis, based on necessity, proportionality and effectiveness,” she said. “If those three primary conditions cannot be met, then you haven’t really got a justifiable reason for imposing that level of invasiveness on an individual.”
On the point of effectiveness, panel chair Hannah Fry, a UCL associate professor and TV presenter, said the app would have to see widespread adoption in order to work properly, adding that if three-quarters of smartphone users downloaded it, but reverted back to pre-lockdown behaviour, the coronavirus reproduction number would only go down to 1.4, whereas it is crucial that number remains below 1.
The reproduction number, known as R, is one of the key criteria the government will assess before it starts to ease the lockdown. The figure for R is directly correlated to the number of people that someone infected with Covid-19 comes into contact with.
“It’s not that these apps don’t have promise because I think they do, but you have to consider them, even in the best scenario, as one tool among a suite of tools that will work to help us establish some sense of normality,” said Fry.
Others on the panel questioned whether the collection of location data was even necessary to respond to the crisis, at least on the individual level.
“It doesn’t necessarily have to collect location data,” said Andy Tatem, professor of spatial demography and epidemiology at the University of Southampton. “It’s the two phones that were close to each other, and an anonymous ID so they can be contacted afterwards without the need for location data.
“There can be value, though, in that location data in identifying hotspots of transmission, but again those don’t need to be at an individual level – we don’t need to know there’s an individual house with a case.”
Read more about coronavirus countermeasures
- Governance and data decentralisation are among measures that organisations can take to allay security and privacy concerns over contact-tracing apps, according to RSA.
- Federal government launches Coronavirus Australia app to keep Australians updated on the latest developments in its fight against the coronavirus outbreak.
- The architects behind China’s largest makeshift hospital turned to computer simulation to model the airflow regulated by ventilation systems in a bid to minimise cross-infection.
When asked by Fry whether the benefits of the app outweighed the risks, and whether the panellists themselves would download it, all responded in the negative.
“At the moment, my opinion of whether I will do it is shifting around,” said Harkness. “The unfortunate thing is that every new thing I find out about it makes me feel less inclined, because of all the stuff we’ve talked about, like mission creep and especially the complete lack of regulation.
“If I thought it was going to be very, very effective and make a big difference, I think I would be more inclined. But I think its effectiveness will be limited, and I think giving the government carte blanche to collect a lot of data that includes other people’s privacy as well as mine is something I try not to do.”
Tatem said he would only sign up to the app if there were reassurances put in place about the precise use of data and there was more openness and clarity around the time limits of the project.
Morley also said she would not use the app in its current form, and her support would be qualified on the basis of whether appropriate changes were made.
“I think it’s problematically designed, and probably likely to be quite ineffective,” she said. “That’s the dual combination that makes me say no.
“I’m a big fan of using data for research if you manage it properly, but it’s the blurred lines that worry me.”
Such concerns are also being voiced by others. On 5 May, MP Damien Collins, ex-chair of the Digital, Culture, Media and Sport Committee, wrote to health secretary Matt Hancock and the Department of Health and Social Care with a list of 10 questions about their approach.
These included why “Covid-19 flare-ups” in particular locations cannot be monitored through positive test results rather than location data; why the UK has not taken the Australian approach of destroying the data when the pandemic is over; and how concerns regarding the re-identification of individuals from anonymised data will be satisfied.
