It’s September 21, 2020. I’m off to the airport, traveling from San Francisco to Germany for a client meeting and conference speech. As I pass through security at SFO, I have to certify that I’m not experiencing any symptoms of illness, and a TSA agent takes my temperature with a handheld scanner. Before I could check in for the flight on my phone, I had to download the CDC-Trace app and register my trip. In the US, anyone traveling (domestic or international, by any mode of transportation) must allow public health officials to track their location, and Bluetooth signals trade anonymous IDs to alert us if we’ve come into contact with anyone who later tests positive. When I land in Frankfurt, the EU requires that I also install the Pan European Proximity tracing app. Security agents there also ask whether I’ve had any symptoms and take my temperature, and I’ll get text requests twice a day for the next 2 weeks – even after I return to the US – to certify that I am not showing any signs of illness.

COVID-19 will not be the world’s last pandemic, so this possible near-future scenario could be just the beginning. There is a wide variety of digital technologies rolling out around the world to help curb the spread of the novel coronavirus, and here we’ll examine contact tracing using mobile phone apps and data, which has been getting tremendous attention. 

At Avanade, we have been closely watching the proliferation of tracing app programs by countries, public health organizations, and private sector firms, some of which are already seeing success. Some of the more interesting initiatives we’re watching include The European Commission’s “tool box” for mobile apps, MIT’s SafePaths, TraceTogether, Pan-European Privacy-Preserving Proximity Tracing, Hong Kong requiring tracking bracelets, the German Red Cross, Apple and Google’s coordinated efforts, and the Coalition app, just to name a few.

As such programs head toward mainstream deployment around the world, we have to ask some very serious, lingering ethical questions:

• How can we protect people’s right to privacy while also addressing our urgent public health needs?
• What is the least invasive model to effectively trace contact?
• How do we coordinate a global response without creating an overarching central authority?
• How do we (if at all) incorporate minors and children into such a program?
• Who controls the data, and how long are they allowed to keep it?
• How do we define standards like “acceptable use” across cultures and jurisdictions?
• How might these programs impact employee/employer dynamics such as work-from-home policies, paid sick time, and health benefits?

As we monitor these emerging programs and talk with our clients about how they can use technology to keep employees safe and business running smoothly, we turned to the Avanade Digital Ethics Framework to assess the ethical implications of contact tracing technologies (there are many). Based on our assessment and Avanade’s core purpose and values, we developed a list of ethical priorities that we can apply to any pandemic response and mitigation technology we develop. In addition to meeting established regulatory requirements, such as GDPR, as a baseline, we encourage anyone developing these types of apps to do a similar assessment and prioritization.

• Alternative solution review – While digital solutions such as mobile contact tracing apps seem to be an efficient and effective measure against the novel coronavirus, it’s important to examine whether alternative solutions might be similarly effective and carry less risk of privacy violations or other detrimental outcomes. For example, do quarantine-enforcing wristbands provide comparable mitigation support? What about contact tracing using fitness trackers?
• Data collection– Any such technology should collect the absolute minimum amount of personal data possible to be effective. Protecting anonymity should be a priority, and data collected should never be combined with other data (e.g. security footage) that might make it possible to identify individuals. All data collection should be completely transparent to users, with easy-to-follow opt-in decisions.
• Data use – Any data collected for pandemic response should be used only for two purposes: alerting individuals of potential exposure and helping government and health authorities understand broad patterns of movement and infection. Any additional use (e.g. future pandemic prevention, health system planning, etc.) should separately require an upfront, fully transparent, and publicly-vetted request and approval process.
• Data control – All individuals whose data has been taken, transferred, or processed should remain in control of their data. This includes deciding where it is taken, what is taken, and how. It should also include how and where the data is processed and for what purpose(s). Finally, users should be able to obtain full disclosure of the above and the ability to unilaterally remove and destroy any collected and processed data about them.
• Data retention - Any organization that has collected, processed, received, or stored personal data related to this program must have a fully transparent explanation of who has access and why, with a commitment that it will never share with or grant access to another individual or organization except where there is a fully-transparent and publicly-vetted request, and only then for purposes of pandemic response, mitigation, and future prevention.
• Inclusive contribution – Any system or application built to combat the pandemic should include contribution from diverse stakeholders before it’s implemented for any purpose, to 1) assure the system itself reflects the unique needs and concerns of populations whom it will affect, and 2) assure that no single entity (tech provider, government agency, health care provider, etc.) has complete control over the design, development, and deployment of the system.
• Inclusive benefit – The system should serve as much of the population as possible. That includes providing information in a variety of languages, with interfaces that are accessible to people with visual, auditory, and other impairments. There should be accommodations for people who have limited or no access to mobile phone or high-speed connectivity. Thorough testing is a must to assure the accuracy and fairness of data, understanding that errors such as false positives will likely be disproportionally detrimental to already vulnerable populations. Those involved should also explore ways to improve stakeholder equity (i.e. to give priority service to otherwise under-serviced populations).
• Access to authoritative information – Within and alongside any system, we need to disseminate information, instructions, and advice from medical professionals and sanctioned authoritative sources. This also means implementing controls to prevent the spread of misinformation within or relating to the system. For example, any entity providing such a mobile app should monitor for other apps, web sites, spam, and malware that may be spoofing their app. The app may also include links to government guidelines about social distancing and personal hygiene. 
• Child protection – Because of their unique vulnerability to malicious behavior, additional controls should be in place in the system to protect minors from bullying, harassment, abuse, and privacy violations. This may include allowing minors to use an app for contact tracing, but have any notifications go to a parent or guardian. Such controls should only be in place if it is deemed necessary to include minors in the system at all, which should be the case only under careful consideration and recommendations from health and child welfare experts.
• Information/cyber security – Because of the sensitivity of data and extensive impact any such system might have, it will be a likely target for fraud, spoofing, manipulation, data theft, and other abuse. Therefore, comprehensive access controls, data security, application security, and thorough security testing are essential.
• Transparency – In all aspects of design, development, deployment, and operations, organizations involved with such systems must provide complete transparency. This includes explaining how the system was built, by whom, how it’s used, who owns and operates it, what oversight it has, and how/when it will be retired and possibly recommissioned in the future.
• Stakeholder feedback – In all aspects of design, development, deployment, and operations, organizations involved with such systems should have a clearly articulated process for collecting, assessing, and transparently addressing concerns from anyone directly or indirectly affected by the technology
• Oversight – Considering their potential importance as well as the potential for mistakes and abuse, any such systems must have a clear oversight structure, including independent oversight that represents the interests of citizens, employees, and other affected populations. This oversight body should be responsible for communicating with constituents to understand their concerns and explain any relevant decisions.

Addressing all of these considerations will not be easy, and anyone involved in these efforts will understandably feel the urgency to deliver a workable solution in a timely manner. However, neither of these points are excuses to circumvent the priorities above. While the pandemic is taking its toll around the world, technology designed to help fight it can also have a far-reaching negative impact without proper precautions. 

We believe that the best approach here is for any such project to have a governing body that can bring together privacy, security, risk, health, and other expertise to make sure each of the guidelines above receive full consideration and investment. Critical to this process will be transparency and stakeholder feedback, which together will provide users with the confidence necessary for widespread adoption of the system in question.

And, as always, if you’re looking for a more in-depth discussion or help on any of these topics, you can contact us or post a comment below. 

Download our Trendlines reports covering emerging trends that will impact the design, innovation and technology choices of large organizations.