The European Telecommunications Standards Institute and the Association for Computing Machinery have proposed standards for smartphone-based contact-tracing systems to protect personal privacy.
A sudden technology need is running directly into the politics of personal privacy—especially in Europe, where the General Data Protection Regulation has been in effect since 2018.
And that’s making the road difficult for companies trying to build contact-tracing apps to assist human contact tracers in limiting the spread of COVID-19. In the U.S., Apple and Google are developing apps that would use smartphone Bluetooth functionality to detect when a person’s phone is close to someone who’s tested positive for the disease. A recent Washington Post survey found that roughly half of respondents would not use such an app.
How do you ensure a balance between privacy and public safety? A pair of European tech groups are working on that.
The European Telecommunications Standards Institute recently announced a plan to develop a standardization framework for proximity-tracing systems implemented via smartphones that would maintain privacy for millions of people. An internal task force, Europe for Privacy-Preserving Pandemic Protection, will seek to make the systems interoperable as well as secure. The working group is made up of telecom operators, vendors, and researchers.
“By their nature, smartphones are highly personal devices, carrying large amounts of data about individuals,” ETSI Director-General Luis Jorge Romero said in a news release. “In ETSI we are committed to support an international development community with a robust standardization framework that allows rapid, accurate, and reliable solutions while winning the trust of the population at large.”
Similarly, the Association for Computing Machinery’s Europe Technology Policy Committee released a set of essential principles and practices [PDF] for COVID-19 contact tracing earlier this month.
In a statement, the ACM committee called on governments implementing contact-tracing systems “to use only those which, by technical and legal design: respect and protect the rights of all individuals; safeguard personal data and privacy to the highest degree technically possible; and are subject to scrutiny by the scientific community and civil society before, during and after deployment.”