How much access to data should be permitted during the COVID-19 pandemic?

Urs Gasser explores the risks and benefits of mining data to combat COVID-19

One of the more innovative ways to fight the battle against COVID-19 is through the tracking of data. Researchers at the Berkman Klein Center for Internet & Society at Harvard University are exploring the ways data can be mined to increase understanding of the virus and to fight it more efficiently.

Why your online data isn’t safe

Credit: Asia Kepka Professor of Practice Urs Gasser LL.M ’03

The center’s Executive Director Urs Gasser LL.M. ’03 is partnering with colleagues at Harvard Medical School and the T.H. Chan School of Public Health to pioneer the use of mobility data to track the spread and incidences of COVID-19. The group recently had a letter published in Science magazine, also emphasizing the need for safeguards on privacy. Gasser is also working with a team of experts at ETH Zurich on a forthcoming paper that looks at new apps and technologies for contact tracing, in light of ethical as well as health issues. He is also continuing to work with the global Network of Internet and Society Research Centers on a series of discussions around the intersection of public health and technology issues, with a focus on vulnerable populations and COVID-19.

In a conversation with Harvard Law Today, Gasser sheds light on the benefits of using data to address the pandemic, and calls on the federal government to approve comprehensive digital privacy protections.


Harvard Law Today: Can you talk about the advantage of and need for data collection in the fight against COVID-19?

Urs Gasser: One of the differences to previous pandemics like the Spanish flu in 1918 is that we have much more data available to understand the virus, how it spreads, and how it affects people’s lives. Public health officials, epidemiologists, and other researchers are particularly interested in analyzing different types of location data—which is collected through a range of digital devices and apps, including surveillance cameras, cellphone towers, Bluetooth connections, smart thermometers, and apps on our smartphones. But this data is extremely sensitive from privacy and ethical perspectives—even more so in a moment of crisis. The hard questions we’re working on are how much access to data should be permitted and how it can be secured, how new data can be collected in a privacy-respecting way, which legal, organizational, and computational safeguards we can put in place to manage the remaining risks of data sharing, and how we can manage the risk that such data can be misused. At the Berkman Klein Center and HLS, we have a lot to contribute in this area based on years of interdisciplinary research on such questions.

HLT: Can you give an example of how mobility data could be used to combat the virus? How would this data be collected and used?

Gasser: There’s a lot of focus on the use of location data for contract tracing. The idea behind it sounds simple: If one can track down the movements of an individual who turns out to be infected, such profiles will help to notify people who have been in contact with this person and to recommend measures to prevent the further spread of the virus. The practice of it is much harder, unfortunately. Some of the data sources, such as cell site location information, vary greatly in terms of the precision, or don’t work inside buildings. A more fundamental problem is that contact tracing only makes sense if tests and treatment are available. And there’s a long list of ethical and privacy concerns that need to be addressed.

Given these risks, some of us have focused on the use of aggregated and de-identified mobility data. Such data can help to better understand “people flows” and changes over time. This can be important to monitor how effective measures like social distancing are, but also to understand how flows can be better organized.

A final example: Aggregated mobility data can also be used to make predictions about the next hot spots of infections as it shows how people move from an infected area to another where there hasn’t been an outbreak yet. And it can help with planning ahead as to how resources need to be allocated.

HLT: You have noted that collection of data opens up privacy issues. What are some of the legal limits to data collection during an emergency?

Gasser: Privacy and data protection issues vary greatly depending on the types of data, use cases, and actors involved. And countries around the world have very different baselines and practices in place determining how such rights are protected. European law puts forth the strongest legal protections that also govern the processing of personal data used to fight COVID-19. The European Data Protection Board recently clarified how the EU General Data Protection Regulation and other data protection laws apply to the current situation. With respect to mobile phone data, the ePrivacy Directive requires that such data be anonymized or only shared with the consent of the individual, unless member states introduce specific emergency legislation. Such emergency measures have to put in place adequate safeguards and accountability mechanisms. In the U.S., protections are unfortunately much less robust, given a patchwork of laws that leave open massive privacy gaps. The use of consumer data in the U.S. is largely governed by the privacy policies of the various service providers, affording only limited privacy protections, as the past few decades have taught us the hard way. In my view, the current crisis further demonstrates the urgent need for comprehensive federal privacy legislation.

HLT: You are working with a team of medical school and public health professors. How did you assemble this group, and what type of collaborative input were you looking for? What do the different disciplines bring to the work you are doing?

Gasser: I got involved in this effort—the COVID-19 Mobility Data Network—based on previous interactions with colleagues at Harvard Medical School and the School of Public Health in the context of my work at the Berkman Klein Center as an interdisciplinary hub. What makes this collaboration special is that we’ve been developing and piloting “on-the-fly” protocols and workflows for privacy-respecting data analysis in partnership with tech companies.

In a nutshell, the global network of researchers serves as a “filter” between companies and public health officials to avoid having any raw data flow directly to governments. The researchers also support government officials to understand and put into perspective the reports about mobility rates that are created based on the aggregated and de-identified data sets.

HLT: You have just done extensive research on tracking technologies used throughout the world. Can you tell us some of your findings? How do U.S. efforts compare with those in other countries?

Gasser: With a team of researchers at the ETH Zurich, we’re currently reviewing a broad range of digital technologies and data initiatives that pop up in the context of the current pandemic, including tools for proximity and contact tracing, symptom monitoring, and quarantine compliance. We started to create a database of such initiatives to review the privacy safeguards that have been put into place and study some of the ethical implications. There’s much more work that needs to be done, but what I’ve seen so far is giving me reason for concern, and the concern is not limited to nondemocratic countries. However, there are also case studies in the mix that look promising so far, including Singapore’s TraceTogether app, or the PEPP-PT initiative in Europe. I already mentioned the COVID-19 Mobility Data Network, which launched here in Cambridge, as another promising approach.

HLT: What recommendations would you make to the U.S. government in order to step up its efforts for fighting the virus? A broader question, but since time is of the essence—are there other things that could be done to fight the pandemic that are not being done yet?

Gasser: At least in some parts of the federal government, there still seems to be a need to listen more carefully to the recommendations of health experts that are grounded in the best available data. Governments like Germany serve as good real-time examples of how to do this better. But I’m ready to admit, digital technology and experts are only a small element in this story at a point where we now pay the price for systematically ignoring the risks of a pandemic and for our failure to build safety nets for vulnerable and underserved populations.