UK government may trace COVID-19 patients using mobile phone data

The government may introduce emergency measures to trace the mobile phone data of individuals believed to have contracted coronavirus, as well as the data of those they’ve been in contact with.

UK authorities may have the powers to bend data protection laws and trace individuals to contain the spread of the virus, as a string of other countries has begun to do in response to the COVID-19 outbreak.

Israel, for example, has recently passed laws allowing its authorities to effectively spy on, and communicate with, individuals thought to have been exposed. South Korea, similarly, has used technology to implement heavy surveillance measures to clamp down on people spreading the virus.

Facing questioning by the chair of the House of Commons’ health select committee, Jeremy Hunt, the government’s chief scientific adviser Sir Patrick Vallance said that such measures certainly have merits.

“I think that would have been an absolutely brilliant thing to have had in January,” he told MPs, when asked by Hunt.

“So at the beginning, that sort of approach makes total sense. It may well have utility later on, and may well have utility as you go to a situation where you get the armor down and you see what happens when you release.

“So I think those technologies do have certainly a place that needs to be looked at carefully and implemented, and I know people are working very hard on that sort of approach, and as you are probably aware I think that was used extensively also in China through the WeChat app that they have.”

The UK is poised to pass a set of emergency measures under the Coronavirus Bill. Although there is no explicit mention of using data in such a way, mobile phone tracing may fall under national security provisions outlined in the legislation.

Health Secretary Matt Hancock, meanwhile, has preempted the privacy concerns that may arise by suggesting the General Data Protection Regulation (GDPR) does not inhibit the use of data for coronavirus response.

“GDPR has a clause excepting work in the overwhelming public interest,” he said. “No one should constrain work on responding to coronavirus due to data protection laws. We are all having to give up some of our liberties; rights under GDPR have always been balanced against other public interests.”

The Information Commissioner’s Office (ICO) has also issued a brief statement suggesting it would not seek to investigate or punish authorities and public sector bodies for bending data protection principles. It’s labelled itself a “responsible and pragmatic regulator” that takes into account the compelling public interest of the current coronavirus crisis.

“Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing,” the ICO said.

“Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.

“The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency.”

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.