Microsoft has joined with national, state and local healthcare authorities and providers, researchers, non-profit organizations and governments around the world on our shared mission to develop solutions to the COVID-19 pandemic. We’ve partnered with the U.S. Centers for Disease Control and Prevention (CDC) on a Coronavirus self-checker tool, worked directly with hospitals to protect them from ransomware, launched a Coronavirus tracker on Bing, provided AI to decode immune system response to COVID-19 and will continue to embark on many other scientific, technical and logistical efforts to help the global community navigate new challenges and needs.
As countries and companies focus on technologies such as tracking, tracing and testing to fight the pandemic, it’s critical that we also protect people’s privacy. Today, we’re offering seven principles as ideas to consider as we move into the next phases of helping to fight this pandemic.
Governments, public health authorities and industries spanning the globe are engaged in the hard and important work of identifying a path forward to get society back together again. Tracking individuals who are infected, tracing those with whom they have recently come into physical contact and making testing available to those contacts may play an important role in managing the next phase of COVID-19 around the world. As in all other aspects of modern life, digital technologies are likely to be used for tracking, tracing and testing. This requires special care, as sensitive data about our location and health status may be involved.
Preserving privacy as we develop and implement these technical solutions will be critical. Here are seven privacy principles that we offer for governments, public health authorities, academics, employers and industries to consider as we collectively move forward into this next phase of tracking, tracing and testing, and using similar technologies developed to address the COVID-19 pandemic.
- Obtain meaningful consent by being transparent about the reason for collecting data, what data is collected and how long it is kept. Data should only be collected with consent and used in the manner explained when people are making the decision to participate. Clear and user-friendly information serves to help promote voluntary participation and can ensure everyone interacting with the technology is making informed choices to participate in data collection and is aware of the purpose of the data collection, the type of data that will be collected, the time period the data will be held and the benefits of the data collection.
- Collect data only for public health purposes. The data collected from an individual for purposes of tracing those who have been in physical contact with an infected person and other public health purposes is owned by the individual and should remain under that person’s control. As a general matter, this data should be used by public health authorities only for the articulated public health purposes, and not for unrelated reasons. Public health authorities should provide input regarding the types of data that will be most useful for fighting the pandemic.
- Collect the minimal amount of data. Data that is collected by public health authorities for public health purposes, such as tracing, should be limited to only the specific data required, and should only be collected and used for the time period identified as necessary by public health experts.
- Provide choices to individuals about where their data is stored. The data must be wholly in the individual’s control, including allowing the individual to choose where to store this data, such as on a device or in the cloud.
- Provide appropriate safeguards to secure the data. Reliable security safeguards such as de-identification, encryption, rotating and random identifiers, decentralized identities or similar measures should be in place to protect people’s data from harmful exposure and hacking attempts.
- Do not share data or health status without consent, and minimize the data shared. An individual’s data or health status shouldn’t be shared with the individual’s contacts or others without securing the individual’s meaningful consent. If such sharing is pursuant to legal requirements, then the sharing should be strictly limited by the scope of the law. When notifying individuals that they may have been in physical contact with an infected person, only share the minimum amount of data necessary to protect against inferences about the identity of the infected person.
- Delete data as soon as it is no longer needed for the emergency. Individuals own their own data, whether stored on a device, a server or in the cloud. Copies of the data that were transferred to public health authorities and others for tracing and other public health purposes should be deleted when no longer useful for public health purposes, as defined by public health authorities. None of the individual’s information should be retained by the authorities or others for future unrelated uses or purposes.
These principles are designed to apply to any COVID-19 technological solutions that involve the collection and use of personal data such as health data, precise geolocation data, proximity or adjacency data, and identifiable contacts.
Our approach is grounded in the belief that, for technology to succeed, people need to be in control of their data, and be empowered with information that explains how their data will be collected and used. Furthermore, companies need to be accountable and responsible for this data. Policymakers, advocacy groups and regulators are starting to share their ideas about guidelines to preserve privacy in any deployment of tracking, tracing and testing technology. We don’t have all the answers, and we look for others to contribute additional ideas, but we hope our principles help advance the discussion.
We need to fight COVID-19 and protect privacy
Addressing global problems of this magnitude understandably creates an urgent need for innovative uses of data to fight the pandemic, and we believe these measures must take privacy into account. The good news is that, today, we have more tools and methods than ever – such as differential privacy, federated learning, decentralized identities, privacy-preserving contact tracing protocols and open source repositories, and other techniques for managing data privacy – to allow society to use data for good and be confident that personal information is kept private.
In the U.S., the need for this conversation in the midst of a pandemic underscores the urgency for a strong federal privacy law. An updated legal framework placing obligations on businesses that collect and use personal data would help provide the necessary guardrails for companies to know how to protect and respect personal data as they create tools and technologies to address urgent societal needs.
Considering the bigger picture
In the context of rising excitement about the possibility of leveraging computing technologies to help with mitigating the pandemic, we note that the issues with, and opportunities for, helping with COVID-19 are complex. Technical advances, such as the use of mobile phones to collect data of various kinds, need to be considered in the larger context of the complexity of the world, such as how comfortable people will be sharing data, the availability of testing resources, the efficacy of the methods under realistic situations of usage, and evolving local and national policies. Concerns over any technology or program include inclusion and the potential for systematic discrimination based on numerous factors. For example, different populations may face different challenges when attempting to participate in health-centric programs based on access to, and familiarity with, technology, depending on race, age, education and income levels. These are also vital issues to address as we move forward.
Privacy and ethical concerns must be considered as we move forward to use data responsibly to defeat the COVID-19 pandemic. Microsoft is committed to serving as a constructive partner in this fight.