Privacy and App-Driven Contact Tracing

Jul 9, 2020, 13:58 PM by BBB National Programs

SARS-CoV-2, commonly known as coronavirus, hit the world by storm, altering the lives of people from the American midwest to Shanghai. As the world unites to “flatten the curve” and guard the surge capacities of hospitals, a common term that has emerged is “contact tracing.” Contact tracing is broadly defined as monitoring individuals that have had contact with a person infected by a disease to ensure that they get treatment and prevent further transmission.

Effective contact tracing is a key strategy to fighting transmissible disease and has been employed throughout history – from the outbreak of syphilis in the sixteenth century to the 2014 Ebola outbreak. Today, major tech corporations have proposed new methods for contact tracing powered by a fixture of 21st century life – the smartphone.  

Mobile Tech vs Coronavirus

In the world of epidemiology, traditional methods for contact tracing consist of recordkeeping, mass interviews, and maintaining lines of communication with infected individuals to learn about infection, treatment, and movement. Often, medical personnel conduct interviews with individuals to determine which people they’ve been around over a 14-day period, a strategy which frequently relies on human memory.

After the start of the coronavirus pandemic, governments and corporations quickly noted that existing technologies in mobile operating systems and apps can be used to achieve the same ends.

For example, a typical smartphone can track its location (using the GPS satellite network) and send signals to other devices (using Bluetooth). As the recording of an infected person’s movement and social encounters is a key part of any contact tracing strategy, the ubiquity of smartphones can theoretically be harnessed to help stop the spread of the virus.

To use these technologies for contact tracing, some corporations and governments have proposed creating mobile apps that allow users to log information about:

  1. Whether or not they have tested positive for coronavirus, and
  2. Which other individuals they have been near during the time they’ve been infected.


If a user indicates they are positive for the virus, their mobile device alerts other individuals they have recently been around that they may have been in contact with a carrier. The users receiving alerts can then take appropriate steps to limit contact, seek treatment, or quarantine themselves.  


The Approach: Centralized vs. Decentralized

Though many proposed contact tracing strategies fit the pattern described above, each method falls on a spectrum between “centralized” and “decentralized” approaches.

A “centralized” approach takes data generated from the use of contact tracing technology and stores it on a server accessible by a government or corporation. In theory, this allows a public health authority to analyze data about the rate of infection and the location of individuals suffering from the virus. While this approach is understood to be less protective of individual privacy, advocates of a centralized approach insist that this provides valuable information to public health authorities regarding the geographical spread of a virus.

In contrast, a “decentralized” approach does not permit data generated by contact tracing technology to be accessible to a third party. For example, if user Jane logs herself as positive for coronavirus through a contact tracing app and the app alerts user John about his recent proximity to Jane, data generated about these events would only be stored locally on John and Jane’s devices.


The Tech: Bluetooth vs. Location Data

Google and Apple: the Bluetooth model

The two biggest players in the mobile operating system marketplace, Google and Apple, have taken the unusual step of joining forces to build a modern contact tracing strategy, which they have referred to as an “Exposure Notification” system.

Currently, the companies are developing new enhancements for their operating systems and an application program interface (API) that would allow app developers to build their own contact tracing software. Their proposal would use Bluetooth LE to track users’ proximity to other individuals through a device “handshake,” then alert users if an individual in their proximity is later diagnosed with coronavirus.  

This strategy represents a decentralized approach, as data about contact with other phones is never transmitted elsewhere. Moreover, by using “ephemeral” IDs for the Bluetooth handshake, it is difficult to identify a diagnosed person with certainty. An alerted user would only be informed that they had been in contact recently with a carrier, but not who the carrier is. Notably, their proposed system will not allow the use of GPS location tracking for contact tracing, and cannot be integrated into centralized models.

Apple and Google launched their API in May 2020 and Switzerland was the first country to launch an app based on this approach.

The location data model

Some other companies and governments have proposed utilizing precise location data for contact tracing. For example, GPS technology and crowdsourced WiFi data, which can track a user’s location, could provide valuable information about the movement of infected individuals, those they encounter, and locations that require disinfection. But because technologies like GPS that capture a mobile app user’s precise location consume more energy from a user’s battery, this method is understood to be both less privacy protective and less efficient.


Caution and Criticism

As the world works to fight coronavirus, many governments are employing the methods described above – across the United States, Europe, Asia, and Australia, governments are building their own contact tracing mobile apps and pairing them with other types of technology. But whether the approach is centralized or decentralized, or relies on GPS or Bluetooth, there are shortcomings and tradeoffs that should be analyzed to ensure that contact tracing works effectively. It’s critical that citizens, businesses and regulators understand these emerging strategies, so we can work together to return to a healthier world.  

Suggested Articles


The Critical Components for Self-Regulation in Direct Selling

Direct selling – when done correctly – can benefit distributors and consumers. Unfortunately, it only takes a few bad actors to compromise the integrity of an entire industry. The direct selling industry faces difficult and important challenges in enhancing consumer and regulatory confidence in the marketing of its products and services. Successful and effective self-regulation has often been described as a marathon and not a sprint and, as such, requires ongoing commitment and participation from the industry. DSSRC has been encouraged by the engagement and receptivity of the industry to our self-regulatory efforts, as well as the public support expressed by government agencies like the FTC and leaders such as the DSA to make the space a better one for salesforce members and the consumers they reach.
Read more

Truth-in-Advertising: Who Makes the Rules?

It is a common misunderstanding that the National Advertising Division (NAD) creates or establishes standards for the U.S. advertising industry. NAD does not make the rules, but instead serves as one arm of the U.S. system of independent advertising self-regulation to hold companies to established standards for claim substantiation. Substantiation standards may be set by laws, guidance documents, or industry organizations. This post outlines how NAD looks to those different sources for guidance when reviewing advertising claims.
Read more

Turning Lemons into Lemon-Aid – How to Navigate a Vehicle Warranty Claim During the Pandemic

The COVID-19 pandemic has affected all aspects of our lives, from the ability to socialize to the ability to work. Keeping up with routine vehicle maintenance, for many who have been moving around less since the pandemic began, has become less routine. So, what happens when you discover an issue with your vehicle? To make sure your vehicle gets fixed, follow these guidelines and, if your vehicle cannot be fixed, we at BBB AUTO LINE have some guidelines for that, too.
Read more

Call to Action: Improve Green Marketing and Avoid Greenwashing

Green marketing can be a strong marketing tool for companies to differentiate their sustainable approach to business and help consumers choose more sustainable products. But with the variety and volume of green marketing today, does it? Are environmental claims supported so that consumers can make choices that help the planet? While some observers call for more rigorous standards, governmental guidelines regulating environmental marketing already exist. Industry self-regulation also plays an important role in leveling the playing field on green marketing so that consumer purchases align with their environmental goals.
Read more