Accepted for/Published in: JMIR mHealth and uHealth
Date Submitted: Aug 5, 2020
Date Accepted: Feb 22, 2021
Date Submitted to PubMed: May 25, 2021
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
How to strike the balance between data accessibility and data privacy in the case of contact tracing applications
ABSTRACT
Background:
The ongoing COVID-19 pandemic has resulted in the rapid implementation of data-driven innovation, as part of the efforts to curtail the spread of the virus. However, not all digital solutions have been launched expeditiously. A case in point is the adoption of contact tracing mobile applications, although they triggered a debate regarding the issue of data privacy. The objective of our study is to discuss the effective use of digital solutions that are in compliance with data privacy regulations.
Objective:
To address the question how to strike the balance between the data accessibility and data confidentiality to ensure the greatest benefit of contact tracing mobile applications.
Methods:
A systematic review of Pubmed, Medbase, and grey literature was performed. To ensure a standardised approach for reviewing contact tracing applications, two checklists assessing both effectiveness and compliance with data privacy were developed. Based on a scorecard comprising 16 criteria, the ranking of digital solutions was also conducted.
Results:
Overall, 18 applications were reviewed. While seven provided a definition of contact tracing, eight allowed for COVID-19 test result verification and only one defined the efficiency threshold. Explicit consent was requested in 15, and anonymisation techniques and data retention were provided in 14 and 13, respectively. Compliance with data minimisation in terms of Bluetooth was reported in seven cases. Principally, 10 applications collected additional information, of which six adopted anonymisation and/or aggregation for data sharing with a third party. The decentralised approach was identified in eight of 18 cases. With regard to ranking, COVIDSafe received the maximum score (15 of 16 points), while Alipay Health Code ranked last (-3 of 16 points).
Conclusions:
The compliance with data privacy was the highest with respect to explicit consent and data retention while the lowest with respect to data minimization and sharing in anonymised and aggregated manner. There is still a room for improvement in terms of the usefulness of digital contact tracing in the compliance with data privacy regulations.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.