Published April 1, 2020
If we are going to end social distancing, we will need to find a way to know who has COVID-19 and where they are. Temperature and symptom tracking, testing, and contact tracing are regularly mentioned as a part of long-term solutions. This is a lot of data about individuals that will be tracked and reported by businesses and government agencies. Actions will be taken based on this data – individuals will be told to quarantine, businesses will be told to shut down, communities will be told to stay at home.
Designing a data collection system that is trusted and regulated will be key for a sustainable solution. As a business school professor, regulation is not my answer to most problems. However, the intimacy of the data needed and the breadth of the collection required will necessitate strict regulations since we do not have trusted organizations to do this well (to be blunt). Data about individuals is covertly captured and aggregated by unknown companies. So it is not surprising to find location data aggregators and social networking companies suddenly able to provide the travel patterns of individuals to track the virus.
Let’s consider what will not work: having apps leak our location data to commercial data aggregators who maintain a dataset of identifiable location history data that is for sale; or having businesses collect our temperatures and symptoms – as employees or as customers – and then using that data to report pandemic concerns as well as keeping the data for later marketing or employment decisions.
Two rules to keep in mind when planning data collection:
Fortunately, we have done this before. Consider the Census. We generally share information about ourselves and our homes with an understanding that the information will be protected within the Census Bureau. However, Census data is heavily regulated. Within the Census Bureau, only small number of people have access to the individualized data – that data where you and I can be identified. Otherwise, researchers, reporters, statisticians, economists, etc work with Census data at block or anonymized level. There are clear rules about what organizations can have access to that data.
What this means is that data collectors, aggregators, and controllers of our location and health data need to be highly trusted and regulated organizations. In general:
We have a systemized collection of data at a national level with a trusted government agency that is then heavily regulated. We need to be similarly thoughtful in any systematic data collection effort to track COVID-19 or any infectious disease.
Martin, Kirsten. 2016. “Understanding Privacy Online: Development of a Social Contract Approach to Privacy.” Journal of Business Ethics 137 (3): 551–69. https://doi.org/10.1007/s10551-015-2565-9.
Martin, Kirsten, and Helen Nissenbaum. 2020. “What Is It About Location?” Berkeley Technology Law Journal (Forthcoming) 35 (1). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3360409.