For over twenty years, PI has been pushing back against ambitious government surveillance initiatives to regularise the retention of telecommunications data, or the bulk collection and processing. We have also pushed to ensure that telcos and other data aggregators do not exploit the data they hold.
Despite its reputation for data protection and the existing of the EU Charter, the European Union has been a particularly problematic surveillance actor in this space. The EU Directive on communications data retention was made invalid in 2016 by the European Court of Justice (CJEU) and yet repeatedly governments and the EU have sought to re-establish the policy. Sweden and the UK are currently before the European Court of Human Rights on bulk surveillance powers and the sharing of data across borders, including telecommunications data.
Valuable data from mobile phone companies will for the most part be the location data they collect as a result of your phone connections to their cell towers. They also hold data on all the calls you make, so they can see who you are interacting with -- though less valuable for health purposes, this is what intelligence and police agencies often crave. Therefore they will be able to provide insights into location and contact-tracing.
The emphasis on this data is primarily for enforcement purposes. So when Swisscom notifies Swiss authorities of mass gatherings, Telco A1 to the Austrians, or O2 shares data with the UK Government, or in Belgium the telcos are giving data to a third-party analytics company -- they are doing so to aid the monitoring and enforcement of social distancing.
This isn't necessarily helping health researchers in the 'delay' phase; though there is confusing news from Russia believing that contact tracing can occur using this data, or reports that in Italy 'anonymised' location data can aid contact tracing -- either the data is anonymous or merely de-identified and re-identifiable when someone tests positive.
When we see this in the form of enforcement rather than direct healthcare, it's easier to understand why the Israeli government would therefore hand this data to its internal policing agency, Shin Bet.
In later stages, this data could be used for enforcement of self-quarantines, where any given individual's movements across cells could be notified to authorities.
The Austrian telecom operator A1 has voluntarily provided the government with "anonymized" location data of its customers for the first two Saturdays in March. The data shows that citizens have significantly reduced their social contacts. After critics expressed privacy concerns, the company issued
In a statement, Vodafone said it is "producing an aggregated and anonymous heat map for the Lombardy region in Italy to help the authorities to better understand population movements in order to help thwart the spread of COVID-19." The company offered to help governments develop insights based on
A task force at the Italian Ministry of Innovation, in collaboration with the University of Pavia to leverage big data technologies to deal with COVID-19, after the WHO advised governments that lockdowns alone are not enough, and that testing, isolation, and contact tracing are crucial. The effort
