UK’s Information Commissioner’s Office (ICO) has announced over the weekend that the government can use anonymized mobile phone tracking data to help fight the current coronavirus pandemic.
ICO’s Deputy Commissioner Steve Wood said in a statement that as long as the government anonymizes the mobile phone tracking data, it has the green light to do so as no individuals can be identified and privacy laws aren’t breached.
“Generalised location data trend analysis is helping to tackle the coronavirus crisis,” Wood said. “Where this data is properly anonymised and aggregated, it does not fall under data protection law because no individual is identified.”
“In these circumstances, privacy laws are not breached as long as the appropriate safeguards are in place.”
Since the start of this pandemic, Singapore, South Korea and China have already made us of mobile phone tracking to fight the spread of the SARS-CoV-2 virus, while Israel and the US both want to make use of similar data collection practices to keep track of how the virus spreads.
Secure data store for tracking pandemic-related info
On the same day, UK’s Department of Health and Social Care said that the NHS, Britain’s publicly funded healthcare system, needs accurate real-time information to be able to fight this pandemic for an”operating picture of the virus, how it’s spreading, where it might spread next and how that will affect the NHS and social care services.”
All this information will be collected with the help of Palantir, Amazon, and Google within a secure, central data store controlled by NHS England and NHS Improvement on Microsoft’s Azure cloud platform, and it will either be destroyed or returned once the current public health emergency will end.
For the time being, mobile tracking data is not among the info that will be centralized in this data store, as only 111 online/call center data and COVID-19 test result data are being assembled at the moment.
“All the data in the data store is anonymous, subject to strict controls that meet the requirements of data protection legislation and ensure that individuals cannot be re-identified,” the department said.
“The controls include removing identifiers such as name and address and replacing these with a pseudonym. GDPR principles will be followed, for example, the data will only be used for Covid-19 and not for any other purpose and only relevant information will be collected.”
Data collection can help in public health threat situations
“The ICO has provided advice about how data protection law can continue to apply flexibly to protect lives and data. The safety and security of the public remains our primary concern,” Wood concluded.
“We will continue to work alongside Government to provide advice about the application of data protection law during these unprecedented times.”
The British privacy watchdog previously said in a statement on data protection and coronavirus that data protection and electronic communication laws do not stop the government, the NHS, health professionals, and public bodies from requiring “additional collection and sharing of personal data to protect against serious threats to public health.”
“Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency,” the ICO added. “The safety and security of the public remains our primary concern.”
An information hub was also set up by the ICO to help organizations and individuals alike to navigate data protection during the coronavirus pandemic.