As COVID-19 continues to spread rapidly in many parts of the world, governments and NGOs seek to utilise products and services mobile operators have developed, to aid decision making and help save lives. Mobile network operators (MNOs) are increasingly able to deliver insights that leverage Mobile Big Data (MBD) analytics via reports, applications, visualisations or more sophisticated decision support systems.
Insights from mobile networks and other companies across the mobile ecosystem are important because mobility of people is one of the critical factors that contribute to the spread of human-transmitted infectious diseases. Therefore, accurate, up-to-date information on aggregated mobility patterns could be potentially vital for monitoring, predicting outbreaks, and planning future resource needs such as testing kits, hospital beds, medical staff, or equipment.
Using mobility data to respond to epidemics can raise concerns about maintaining the privacy of individuals. Privacy, therefore, is a key consideration when it comes to MBD analytics, and the mobile industry as a whole is committed to respecting and protecting privacy. When developing MBD analytics projects it is important for MNOs and governments to ensure the use of this data complies with requirements under different laws, regulations and licensing conditions present in the country. Beyond compliance, the GSMA recommends adhering to privacy best practices such as the GSMA Mobile Privacy Principles (2011).
Why are legal and regulatory frameworks so relevant when it comes to MNO data and MBD analytics?
Over 130 countries have developed or are developing and revising existing privacy frameworks. In some of these countries, there may be other sectoral privacy and data requirements in place, such as specific telecommunications privacy and confidentiality requirements (for example, the European ePrivacy Directive), or there could be a license obligation with certain requirements for how subscriber information is used.
This creates a complex legal landscape, which can present challenges for MNOs and other stakeholders trying to build MBD projects.
All stakeholders must comply with requirements, but there are types of legal frameworks that can better facilitate MBD projects and the data economy at large.
What can be done to mitigate the risks and complexity of the legal landscape around MBD projects?
Building on the GSMA Mobile Privacy Principles, the GSMA developed a Smart Data Privacy Laws report. This report provides a guide for those involved in drafting and reviewing data privacy rules or legislation and distils what has been learned from data privacy law implementation to date into guiding principles by which proposals can be measured. The report highlights several key components of a smart data privacy law, such as horizontal application of the law across all sectors, an emphasis on accountability, and identifying and mitigating privacy risks. This type of framework can create regulatory certainty for MNOs, while also protecting consumer privacy, and enabling commercial innovation.
How does AI4I ensure a smart, responsible approach to privacy?
From its inception, the GSMA’s AI4I initiative considered how to ensure privacy, data protection and ethics. All projects under the AI4I initiative have been based on aggregated anonymised data, and are underpinned by a code of conduct Task Force members conducting trials adhere to. This is in addition to any specific regulatory requirements upon an operator in their jurisdiction. Therefore, it is important to consider engagement with local relevant stakeholders to clarify areas of ambiguity or to respond to governmental concerns about potential privacy issues when considering an MBD project.
What is AI4I doing regarding privacy concerns arising specifically from the COVID-19 response?
Governments have had to act with urgency to stem the flow of COVID-19 and are looking at how various types of data, including telco data, could be used to help with the response. At the same time, the GSMA recognises that use of such data by governments raises serious privacy concerns. For this reason, the GSMA developed COVID-19 Privacy Guidelines, to reflect recommendations on how the mobile industry can maintain trust whilst responding to governments and public health agencies that seek assistance.
The overarching principles of these guidelines are to establish trust. To achieve trust, the use of MBD must be:
- Lawful
- Transparent
- Time-bound
Why are cross-border data flows so relevant in MBD analytics?
Cross-border data flows can play a critical role. Free movement of data enables the internet economy but is also applicable in the context of MBD analytics. In countries with requirements that prevent access to or transfer of data across borders this may impede or inhibit MBD projects. For example, an MNO with a multinational footprint that has data science team in one country, and data in another, may need to transfer or provide access to the data to enable analytics, but local rules may prevent this happening. There should be a range of mechanisms (adequacy findings, contractual clauses, certifications, codes of conduct) for MNOs to choose from to enable trustworthy data flows across borders. In particular, the law should allow accountable organisations to transfer data and allow data to be transferred to organisations, sectors, regions that have been deemed to have adequate safeguards in place.
Where can I learn more about policy and privacy in the context of MBD analytics and COVID-19?
The AI4I Webinar Series, themed ‘Using mobile big data analytics to combat challenges including COVID-19’, provides a platform for a deeper level of understanding for mobile operators and governments who wish to develop and adopt impactful products and services to aid decision making.
The AI4I webinar series started by providing a high-level introduction to the core topic areas, with resources available:
Read the blog post: Overview of Mobile Big Data Analytics to combat challenges including COVID-19
Watch the video highlights here
You can find more information about AI4I and the above themes on the AI4I digital toolkit, which contains a specific section on policy and regulation.