Julian RangerChairman, digi.me
We Must All Work Together to Combat COVID-19. That Starts with Giving People Control of their Data
In brief: An individual’s personal data is, by definition, personal. Any data collected for tracing people’s contact with COVID-19, therefore, must have both individual consent and public acceptance before private data is collected and used for a societal purpose. Digi.me has a comprehensive, nationwide solution for contact tracing that respects individuals’ privacy within two weeks.
WHO and country-specific health organizations—such as the Centers for Disease Control in the United States and National Health Service in the United Kingdom—have been advocating the need for contact tracing to combat the spread of COVID-19. Contact tracing is the process by which individuals who may have come into contact with someone infected with a virus can be identified and further information, monitoring, and follow-up may occur to help prevent the further spread of an infectious disease.
Contact tracing helps identify and quickly recommend self-quarantine for individuals who may have come into contact with COVID-19. Self-isolation through contact tracing can help limit the spread of infection. Various options for contact tracing through mobile phone data have been proposed and implemented with great success in some countries. In most instances, the location of an individual is uploaded to a centralized server. Notwithstanding the potential benefits of contact tracing for combating the current pandemic, it does raise serious privacy concerns.
Governments need robust data to understand and combat this virus and its spread. Questions such as who has COVID-like symptoms, who is currently infected with COVID-19, and who has had the virus are all vitally important in flattening the curve of infection. Privacy issues arise when trying to solve how this private, personal data can be made available to government agencies, policymakers, and researchers with an individual’s consent. What happens when additional information is sought urgently? How can a person know that their data is safe and their information won’t be used for other purposes?
Accurate and timely personal data that respects a person’s privacy and the need for consent is one of the most critical components to implement an efficient and effective contact tracing program to curtail the spread of COVID-19. While consent plays an important role, just consent is insufficient in protection individual agency over their data, and it is imperative upon countries to exercise purpose limitation to ensure this data will be used only for contact tracing and not subsequently used for enforcing lockdowns or quarantines.
One of the companies where Omidyar Network was an early investor—digi.me—has been working on such a solution. Their technology is currently available and could be deployed as a comprehensive, nationwide solution for contact tracing that respects individuals’ privacy within two weeks.
Whether that is self-care using apps to prevent or manage conditions, or medical care through telephone and video consultations with nurses and doctors, crucial data can now be collected to track the spread of COVID-19, but must be done with an individual’s consent. With large numbers of people self-isolating, receiving care at home has become even more important. A digital services means a person may see many more medical professionals during this time. But these healthcare apps and remote medical consultations need access to an individual’s medical history to be effective. How can all these caregivers provide the highest level of care without access to a person’s medical records? How can a person know that their medical records are secure and that they maintain control over them?
By empowering individuals to have the final say in how their data is used, it is now possible to share private health information for contact tracing and telemedicine to combat COVID-19. The solution developed by digi.me is based on the simple principle that personal data about an individual can only be effectively collated and aggregated with the consent of the individual, who has ultimate ownership over his or her own data. Once an individual has access to all of their data, and it is secured in their own data silo, then a person can choose to share any or all of their data with any third party—be it a healthcare app or a government entity.
Today, digi.me empowers individuals to obtain all of their data including health, financial, social, and location information. Digi.me has already been approved by the British, Dutch, and Icelandic governments to access health data for individuals. This data is encrypted and stored in the user's own cloud, creating a rich personal data silo that is private and secure. The digi.me software, through its unique consent process, allows individuals to share their information privately and securely with any app or service that they deem appropriate. Multinational businesses have already begun developing services that incorporate the digi.me framework. The result is customized services based on accurate information with personal privacy respected and personal data secured.
This is an important opportunity for nations to establish this type of personal data infrastructure with privacy protections so that new apps and services can be rapidly developed and deployed in days to ensure that we learn how viruses spreads and people receive the most timely information and accurate treatments. Now is also the time to allow people to take control of their data and enable everyone to share their data, safely and securely, with health policy makers, care-related apps, and other service providers that will limit the impact of COVID-19 for us all.