In the current situation to trace people with an infectious disease is key and quite some manual Sherlock Holmes style work to find the traces of a patient in a certain region and who her/she/it met and potentially infected.
Technology could be at help here. GDPR is protecting personal data and the wherabout’s of a person falls into this category, but GDPR describes the current situation.
- Article 46
The processing of personal data should also be regarded to be lawful where it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. Some types of processing may serve both important grounds of public interest and the vital interests of the data subject as for instance when processing is necessary for humanitarian purposes, including for monitoring epidemics and their spread or in situations of humanitarian emergencies, in particular in situations of natural and man-made disasters.
- Article 6 (d) – Lawfulness of processing
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Some data (geolocation data) has been provided by German Telekom of its mobile customers to the RKI for people movement research, no individual identifiable data though. Please note it is a small subset and anonymized, there are quite a number of social meida posts and comments informing wrongly.
This is the right thing to do in this situation, the data exist and can speed up the containment. Though it need to be ensured that the date is not used for other purposes or beyond the crisis (as long personal data is stored). Unfortunately this could serve as reference for more (meta-)data harvesting by authorities in future without immediate purpose.
Google and Apple would be in the best position to track down individuals and find the cross roads of tracks and potential infection clusters etc. Most of the people have Android or iOS phones and even not all of them have GPS enabled, the devices still log into the cell towers.
In an earlier project I created an app that is recording the cell tower information while you are on the move. (The app is not in the playstore due to GDPR). Using the recorded cell tower info and matching with the opencellid celltower geolocations I created a map of my own movements in Python using the Folium library.
The geolocation data of the individual towers coming from opencellid is not always 100% accurate on the spot but certainly good enough to to estimate the track. Individual points are too coarse, in this sample dataset, created when I was driving along the highway (red line) the phone connected to various celltowers along the way, even to towers further away from my route. Conclusion: Only the complete dataset can help datascientists to estimate my track and potential contact points with other people.
It will be much harder to track down an individual in a urban environment with 100’s of cell towers, see OpenCellid sample for Frankfurt. I would guess that is the reason RKI only tries to identify streams of people between places.
In China or Israel the technology is already used to pin down individuals. I leave it to you to comment. In Europe, in the interest of personal data protection, an innovative approach would be to (continue to) trace (yourself) but allow the individual to be alerted or verify against an open dataset to be informed about clusters etc. Though, as mentioned before, at some stage the authoroities should make use of the data as long it matches laws and is purposeful.
Further Reading: Wired Magazine