COVID-19, Privacy and Telecoms: A Round-Up

Telecommunications is a truly global industry, and providers of telephony and internet services have responded admirably to the increased demand created by the coronavirus pandemic. At the same time, telcos have been asked to track the movements of ordinary people to an unprecedented degree, raising questions about the implications for privacy. Here is a summary of stories from around the world about the ways telcos and their suppliers have enabled the monitoring of the spread of disease, and the response from privacy advocates.

Israel and South Korea are perceived to be amongst the countries that have most successfully used data to monitor the spread of disease. However, the South Koreans are said to be have caused significant embarrassment to many individuals through their detailed public map of people’s movements, and the many targeted SMS messages they have sent, reports The Guardian. The Israeli government, with its advanced security infrastructure, has given their Shin Bet domestic intelligence service and the Israeli Police the right to track mobile phones without needing a court order, reports Haaretz. A special ministerial team has been set up to manage the use of Israel’s telecoms monitoring database, per The Jerusalem Post.

Telcos have been told to give governments data about the location of their customers even in countries previously considered to have strong privacy regimes, including European countries such as Italy, Germany and Austria that comply with the EU’s General Data Protection Regulation (GDPR). The European Commission has also told operators including Deutsche Telekom and Orange to provide data to help them track the location of phone users, though they also say they will comply with existing privacy laws.

Governments in other countries have taken a more forceful approach to tracking their populations through phone data. Anyone entering Taiwan is told that their phones will be tracked by satellite, and one student tweeted about the police visiting his home when his phone was off.

Pakistan has a system that uses cell site locations and CDRs to identify who may have been exposed so SMS messages can be sent to them. The UK government is reported to have had conversations with leading telcos about accessing their data. Meanwhile, the UK’s National Health Service is testing its own contact tracing app.

Other countries are also using contact tracing apps on smartphones to determine who may have been exposed to the coronavirus. Samuel Woodhams, Digital Rights Lead at, has compiled a list of 23 countries that are using contact tracing apps. More countries are expected to adopt this approach. Of the existing apps, most rely on GPS rather than the greater precision which can be achieved with Bluetooth. Over a quarter of the apps being used worldwide have no privacy policy. Woodhams’ analysis suggests that the Indian Aarogya Setu app is being used the most, with 50 million downloads in total.

The Chinese introduced their ‘close contact detector’ app in February, which uses a color-coded system to indicate whether users should quarantine themselves. Xinhua reported (in Mandarin) that the app was rolled out to 100 cities within a single week of February. The system uses a platform belonging to Ant Financial, a sister company to Alibaba. Chinese tech giant Tencent, owners of WeChat, are also reported to be partnering with the Chinese government to offer a similar system.

The USA is amongst the countries to use contact tracing apps, and the Wall Street Journal reports that the many initiatives being implemented at federal, state, and local level includes some significant use of data from mobile adverts. The US government’s aid package for coronavirus includes USD500mn for the development of a surveillance and data collection system by the Centers for Disease Control and Prevention (CDC).

Google and Apple are developing monitoring technology that will let users know when they have come into contact with somebody who may be infected. However, this technology will not let authorities track movements in aggregate, leading to conflict with some bodies including the UK’s National Health Service. The two tech giants have also said they will shut down the service when the pandemic has been contained.

Some vendors who have experience of collating and analyzing telecoms data have also been rapidly developing new services in response to the pandemic. Subex has told customers of their revenue assurance system that it can be adapted to identify phone users who may need to be quarantined and also to map high risk locations.

However, the use of telco data to understand the spread of disease is far from new. Public health experts from Sweden’s Karolinska Institute pioneered the use of anonymized CDR data to improve the response to health crises as far back as 2010, following the earthquake and cholera outbreak in Haiti. They subsequently set up the not-for-profit Flowminder organization to encourage the use of their open source software, which has the backing of the GSMA. More recently they have created free resources to advise telcos and governments on how to use data from mobile networks to respond to the current pandemic.

The need for anonymity is a key concern for privacy advocates. Austrian campaigner Max Schrems, who famously showed the European Commission failed to comply with European law when agreeing a framework for sharing personal data with US organizations, expressed skepticism about the need for so much data to be gathered when speaking to Reuters:

As long as the data is properly anonymized this is clearly legal, but to be honest, in Austria you just have to look out of the window to see that people stay home.

Schrems is the moving force behind noyb, which stands for ‘none of your business’ and is a body that lobbies for data protection rights in Europe. They recently issued draft guidance on how to respond to coronavirus without infringing GDPR. noyb have also begun a process of reviewing contact tracing apps.

Meanwhile Privacy International has warned against corporate exploitation of the data being gathered to deal with coronavirus, and questioned if anonymized telecoms data is sufficiently granular to identify who people come into contact with.

Please accept my apologies if your country or organization has not been mentioned here. I merely seek to provide an indicative overview of how the world is using telecoms data to deal with the pandemic, and the privacy concerns being raised in response. The current situation is in flux, and any summary will soon be out of date. However, we know the world has changed. When this crisis is over there will be a great need to discuss the transition back to ‘normality’, and whether our expectations for what is normal have been permanently altered.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.