skip to content


Michelle Seng Ah Lee, PhD student Department of Computer Science and Technology

Data Ethics in combating COVID-19 after lockdown

As COVID-19 spreads, governments are placing restrictions of non-essential movement with substantial human and economic costs. South Korea is a notable exception to this trend: as one of the worst-hit countries by coronavirus with its first case detected around the same time as in Italy, it curbed the growth in infections without a lockdown by rapidly scaling up its testing capabilities and effectively leveraging data to identify and isolate those infected.

The lockdown is intended to lower the number of newly confirmed cases to a manageable level while ramping up testing capacity. As governments face mounting pressure to ease the movement restrictions, it is important to derive lessons from other countries’ use of data to prevent COVID-19 from escalating again as people resume their daily activities.

This two-part series Getting out of lockdown looks at the risks and ethics of data-driven methods in combating COVID-19 now and enforcing social distancing after the lockdown:

1 - Risks and ethics of data-driven contact tracing (pdf) or read on Medium

2 - Risks and ethics of data-driven social distancing enforcement or read on Medium

Invasive technologies to track individual movements

Those arriving in Hong Kong are given electronic bracelets to track their movements during the 14-day quarantine. In addition to its invasiveness, the bracelet raises concern that the data in Hong Kong may be used to identify people who join anti-government protests. Similarly, Taiwan has implemented mandatory phone location tracking to enforce quarantine, texting those who go beyond lockdown range, directing them to call the police or face $33k fine. The government provides phones for those without a GPS-enabled phone.

South Korea initially requested self-isolating patients to voluntarily download a mobile application to notify health authorities if they leave the house, but recently introduced similar bracelets for quarantine enforcement, after it was shown to be ineffective with many flouting the isolation requirements by leaving the phone at home. A recent survey run by a government ministry showed that 80.2 percent of people supported the policy of using electronic wristbands to keep track of those under self-quarantine. Almost half of them cited the “greater importance of controlling the spread of infection” as the reason. The majority of dissenting opinions opposed the policy as a “potential human rights violation.”  

Use of “anonymized” and “aggregate” mobile location data

While many governments have shied away from using individual-level tracking to enforce quarantine, there is widespread interest in using anonymised, aggre-gated mobile location data. These may be used to identify and forecast high-risk areas for a more targeted policing of lockdown and social distancing measures.

In the UK, BT, the owner of mobile operator EE, is in talks with the government about using its phone location and usage data to monitor whether the measures to get the public to stay at home are working. Vodafone has already helped the Italian government mapping out the movements of people in Lombardy, the centre of an outbreak that has seen large parts of the country put on lockdown.

The promise of anonymisation and aggregation may be more acceptable to the public than individual tracking, but this data usage is not without its ethical concerns and privacy and GDPR risks.

Mobile phone location data may not be fully representative of the population; elderly populations without a GPS-enabled phone are invisible in these data sets, and any insights derived from the data may overlook the people who are in fact most vulnerable to the infection.

It is unclear to what level the data should be aggregated to be simultaneously useful and minimise the risk of reidentification. While individual privacy may be protected, the data set may reveal a wealth of information at a group-level, e.g. for church groups, social networks, and families.

When combined with other data sets, even aggregated data sets may allow for reidentification of individuals, and overpromising anonymisation is misleading to the public. There should be robust testing procedures to understand to what extent the data sets are anonymised, and cryptography, differential privacy, and cybersecurity measures should be in place to ensure anonymity and security of the data. For more on this topic, see this paper demonstrating the limitations of anonymisation.

Without sufficient legal safeguards, there is also concern that these data sets may be used for external purpose and that these actions during a crisis could set the new norm. Governance and policies should be put in place for each stage of the epidemiological crisis, from crisis response to post-crisis return to normalcy.

Beyond the lockdown

As governments are pressured to lift the restrictions on the freedom of movement, they will need to more effectively use available data to enforce social distancing. Rather than being a simple trade-off between privacy and freedom of movement, any policy decision should ensure that appropriate controls and precautions can be put in place to govern the risks of any data usage.

Any usage of mobile location data to enforce quarantine and inform social distancing policies should be conscious of these ethical considerations and risks. As and when governments ease the strictness of lockdowns, South Korea’s example suggests that more targeted testing, effective contact tracing, and social distancing enforcement can help keep the infection rates low as people begin to resume their usual daily activities, and we should find ways to leverage data while preserving privacy, avoiding entrenchment of surveillance, being conscious of the potential biases and limitations, and ensuring responsible and accountable use of our data.

Keep in Touch

    Sign up to our Mailing List
    Follow us on Twitter
    Email us