Maintaining consumer trust in the fight against COVID-19

COVID-19 Consumer trust privacy

COVID-19 continues to fundamentally change the global landscape. Responding to this crisis situation, mobile network operators are working with stakeholders around the world –including governments, international organisations, NGOs, and academics– to ensure that mobile can play its part in responding to this pandemic. While some efforts harness mobile big data and artificial intelligence (AI), many are also focused on ensuring connectivity – keeping people in touch with their friends, loved ones, work places, and critical sources of health and emergency information.

In Argentina, for example, Movistar Argentina is working with the National University of San Martín (UNSAM) to develop a city mobility index (BMI) that allows measuring population movement and its correspondence with the spread of COVID-19. Based on the aggregated and anonymized data from the operator’s network, an interdisciplinary academic team will prepare scientific indexes that allow not only to identify the spread of the coronavirus in the national territory, but also to establish, using mathematical variables, a predictive model that facilitates decision making for the execution of public policies.

In Norway, Telenor now provides aggregated, anonymised mobility data to health authorities to help understand if actions such as school closures, tele-working and banning cabin trips can reduce the spread of infections. Telenor’s data has also enabled the creation of a COVID-19 transmission model, helping Norwegian health authorities estimate the current and future trajectory of the epidemic. Vodafone has provided several European governments with heat maps showing how population movements have changed before and after the imposition of containment measures. Vodafone also worked with the University of Southampton to create a dashboard enabling governments to model how COVID-19 might propagate in different scenarios. In Germany, Deutsche Telekom has provided aggregated, anonymised data to the Robert Koch Institute (RKI) to help RKI make statistical predictions about the spread of the pandemic. These mobile network operator initiatives are helping health authorities gain critical insights.

While the application of mobile big data analytics and artificial intelligence to an epidemiological emergency can be beneficial, it also requires an awareness of the privacy and ethics risks inherent to data collection and processing. These risks may be heightened given the sensitive nature of health data, and the vulnerability of the infected population.

The GSMA recognises that in some cases, circumstances can lead to questions about prioritising the protection of individual rights with the preservation of the greater population’s health. However, even in such circumstances, it is important to respect and protect privacy rights. The GSMA Mobile Privacy Principles should continue to be applied in the face of epidemiological challenges. These principles reinforce the fact that consumers should be notified about when and why their data is processed, and they should also be able to make meaningful choices about their data. Responding in particular to the COVID-19 crisis, the GSMA recently published new GSMA COVID-19 Privacy Guidelines, to help operators and others in the mobile ecosystem mitigate privacy risks. These guidelines include recommendations on how the mobile industry may maintain consumers’ trust while responding to governments and agencies that have sought assistance in the fight against COVID-19.

Of course, relevant laws and regulations should also be considered where relevant. It is important to consider that sharing of insights or aggregated non-identifiable data typically falls outside the scope of general data protection laws to the extent that they are truly anonymous.

As the GSMA COVID-19 Privacy Guidelines note, in some exceptional cases governments could request data about specific individuals, for example, to identify people who may have been in contact with confirmed cases, or to inform people if they have entered an affected area. This data should only be shared based on a valid legal ground for processing, such as acting in the individual’s vital interests in an emergency, or pursuant to a specific law requiring the sharing of the data. Such a specific law should, however, only be necessary for the purpose of public security, and be consistent with internationally recognised privacy standards, human rights and other relevant laws.

To help clarify requirements, a number of data protection authorities around the world have issued guidance on how organisations can protect privacy while also addressing the unique and extraordinary challenges presented by the pandemic. The GSMA believes that the objectives of protecting privacy and developing innovative ICT-based COVID-19 response tools are not mutually exclusive, and that responsibly using mobile network operator data can benefit society, now and in the future.

Together, the GSMA and its members will keep working to connect everyone and everything to a better future, while respecting the rights and values we all hold dear.