Phone data helps fight against COVID-19 in Europe

Mobile phones are becoming an unlikely weapon for European governments in their fight against the coronavirus pandemic.

In late March, Belgian authorities turned to the country’s mobile phone operators to see if movement restrictions were being obeyed enough to slow the spread of the pathogen. The companies’ data showed that Belgians were spending about 80% of their time within their zip codes, suggesting they were largely adhering to shelter-at-home orders — which helped authorities shelve plans for tighter confinement rules.

“Aggregated mobility data helps us make more balanced decisions,” Belgian Telecom Minister Philippe De Backer said. “It has helped us decide to continue the confinement measures, rather than becoming too strict.”

Now, as countries from Austria to Germany ease lockdowns, governments want to leverage such data even more to keep the virus in check — raising some privacy concerns. Unlike Apple Inc. and Alphabet Inc.’s Google, whose tracking software to alert users if they’ve come into contact with an infected person will be voluntary, mobile phone operators inherently need access to a subscriber’s approximate location to route calls or text messages through the nearest cell tower.

Operators have for years collected and sold aggregated data to companies and authorities, typically showing the number of people in an area for crowd management or to help municipalities and public transport companies predict commuting patterns. On rare occasions they’ve provided private location data to confirm or contest alibis in criminal cases.

With vast amounts of movement data now flowing into the hands of government agencies, privacy experts are urging caution. For some, the initiatives are reminiscent of the National Security Agency programs exposed by Edward Snowden, under which the U.S. government scooped up massive amounts of metadata from phones without a warrant.

European authorities say they’re only using the aggregated data to review mobility patterns or to build models to trace the trajectory of the epidemic. Still, privacy concerns remain.

“It probably won’t be traced back (to the individual), but it always remains open,” said Diego Naranjo, the head of policy at internet rights association Edri.

In Belgium, the pandemic taskforce gets aggregated information showing trips between two zip codes and their duration.

The Norwegian Institute of Public Health uses data from Telenor ASA to help local authorities determine the number of hospitalizations and ICU beds needed. The institute has asked Telenor to break the data down by age and gender to better model the pandemic, a request the phone company is looking into, said Kenth Engo-Monsen, a senior researcher at the operator.

Mobile phone location data will play an important role in the easing of lockdowns, says Dirk Brockmann, a professor at Berlin’s Humboldt University and a member of the project on epidemiological modeling of infectious diseases at the Robert Koch Institute, a German government public health agency.

“It’s a very good measuring device on how people respond to the release of restrictions,” said Brockmann, who has access to daily movement updates from German phone companies.

While telecom operators stress they’re only sharing aggregated and anonymized data in accordance with EU privacy rules, governments could pass special laws to obtain data on people suspected of being infected, as officials have done in China, for instance.

Slovakia is one of the first European countries to pass such a law, giving government agencies access to individualized phone data to stem the spread of the virus. In the U.K., Germany and elsewhere, voluntary mobile apps are being developed to track infections.

Anonymized data isn’t subject to the EU’s strict privacy rules — including user consent — since it’s no longer considered personal information. But if aggregated location data can be traced back to an individual, it could be sensitive. It could reveal where someone spent the night, whether they have drug addictions or other deeply personal information.

Telecom companies use multiple steps to process such data. In Austria, A1 Telekom Austria AG encrypts and strips identifiers from the raw location data before sending it to Invenium Data Insights GmbH, a data-processing company. The data is sent in the form of a hashed ID — a code of garbled letters, numbers and symbols — that would take 100 years to de-anonymize, according to Michael Cik, a co-founder of Invenium.

In France, Orange SA aggregates anonymized data of around 50,000 people and adjusts it to reflect the carrier’s market share for predictions on the total population, according to Chief Technology Officer Mari-Noelle Jego-Laveissiere. Sweden’s Telia Co. removes outliers, such as a small family in a rural area, from the dataset to protect them.

For all those precautions, the process still isn’t failsafe. While aggregating data provides another layer of safeguards, privacy lawyers and experts say clear industry standards don’t exist. Datasets considered anonymous could identify someone if combined with another dataset.

In a statement in early April, the Dutch data protection watchdog warned that “anonymizing this type of data is not possible.” If someone with knowledge of where a person lives or works had access to the “anonymized” location data of a range of people, they could make some deductions, it said.

Telecom operators, on the hook if client confidentiality is compromised, have tried to keep some control over the process.

While they’ve agreed to hand over aggregated data to the European Commission to help fight the propagation of the virus across the bloc, they’ve raised questions about who will have access to the information and whether it would be combined with other datasets.

The EU says the data would be handled with “the highest security standards,” and that it won’t be processed in a way that could unintentionally identify individuals.

Back in Belgium, recent mobile-phone data showed that Belgians increased their mobility in the holiday week after Easter, drawn probably by the sunny weather and because of lockdown fatigue.

“This has been used to reinforce the message that the current measures must be kept in place and, more importantly, respected,” a Belgian official said.

Now read: South Africa’s “essential services” definition is hurting tech businesses

Latest news

Partner Content

Show comments

Recommended

Share this article
Phone data helps fight against COVID-19 in Europe