“We went through numerous steps to make sure the back-end data was protected, and all the source code is open source, so everybody is able to see it and review it,” Harte tells HealthTech. “Governments and third parties can validate that everything works the way we say it works, and it helps ensure privacy is handled the way it should be.”
Moreover, NearForm tracing tools use a decentralized approach, meaning that all the data is stored on the user’s phone. No personally identifiable information is uploaded to a centralized server, and all the data identifiers generated on the phone are anonymized.
Putting a dual emphasis on clarity and discretion helps promote the message that the apps are behaving the way they should be, which in turn could boost participation.
“These apps are targeted at the general population, so it’s important they protect people’s privacy, and it’s very important that everything you’re doing in the app leads to that,” Harte says.
Establish Trust to Support Contact-Tracing Efforts
Trust messaging around contact tracing tools must be simple in order to gain enough buy-in for the process to be effective, says Bart Willemsen, a Gartner vice president and analyst who focuses on privacy and risk management.
“If an organization says, ‘We do not track you, we do not generate individual identifiable data,’ the public will believe that,” Willemsen says.
However, if the technology doesn’t live up to that promise, he notes, the public will feel misled and won’t feel compelled to participate or answer accurately.
“Many people in the public feel contact tracing, to the level in which it can be done, is disproportionate to the risk, and therefore it doesn’t get adopted to the level where it can be effective,” Willemsen says, adding that distrust can run deeper. “There’s also the fear of being restricted in autonomy.”
A subsequent public concern is the desire to know who’s in control of the data and how it can be used.
“Will our autonomy still be protected, or will we be disproportionally discriminated based on what an app says?” Willemsen says.
Data Protection for COVID-19 Contact-Tracing Efforts
Robust security measures such as end-to-end data encryption, randomization of identifiers and retention of data on the mobile device must remain top of mind for app developers involved in contact-tracing tools.
Those functions also are critical to combatting “fallacy of privacy” concerns that prevent people from providing detailed personal information that could have a profound impact on their social movements, says Dr. Saif Abed, a London-based cybersecurity expert.