At the global Internet Governance Forum, NGI examined trustworthy Internet technologies against COVID-19 from the EC, government, research and consumer perspective.
The public health crisis caused by the COVID-19 pandemic created an unprecedented global challenge to health care systems and our way of life. Digital technologies have played an important role since the beginning of the crisis outbreak and they will play an even more important role in supporting countries and citizens to manage and overcome the crisis.
- Mrs Gemma Carolillo, Deputy Head of the Next Generation Internet Unit at the European Commission
- Mr Dirk-Willem van Gulik, Consulting Expert at the Dutch Ministry of Health, Welfare and Sport on the corona crisis response
- Mrs Jelena Malinina, Digital Health Policy Officer at the European Consumer Organisation
- Dr Yen-Nun Huang, Director for Research Center for Information Technology Innovation (CITI), Academia Sinica, Taiwan, and Mr Hong-wei Jyan, Director General of Department of Cyber Security, Executive Yuan. Taiwan
Dr Giovanni Rimassa, Chief Innovation Officer , Martel Innovate
Gemma Carolillo – Deputy Head of Unit, Next-Generation Internet, DG CNECT
As part of the team at the European Commission
s that deals with Next Generation Internet components and technologies, Ms Carolillo emphasised that the EU approach to digital technologies is founded on key EU values of privacy, accessibility and citizens’ needs. In terms of digital health, beyond the contact tracing apps, important work is ongoing in regards to research, with a specific Covid-19 emergency call under the Horizon 2020 funding programme to deploy solutions and use AI to increase the EU’s response capability. In addition a new project, EXSCALATE is operational at the Italian Supercomputer in CINECA, analysing COVID-19 proteins based on data available from the scientific community in order to accelerate the search of an effective therapy against the pandemic virus.
“In the use of emerging technologies, like AI and supercomputing, it’s important that we can build the trust framework for communities and citizens to believe, endorse and adopt the results of such research.” She said.
Contact tracing recommendations and review
In the EU, contact tracing is implemented at the national level and there are 19 initial contact tracing apps in the Member States, with a range of uptake. Currently there around 55 million EU citizens using these apps.
Early on in the EC’s response to this emergency outbreak, it adopted a Recommendation to support Member States in exiting the COVID-19 crisis and supported European Member States in preparing and implementing a common European Toolbox for the use of mobile applications for contact tracing and warning. The accompanying guiding principles indicate apps should be voluntarily installed and that the information provided voluntarily; they should be effective, without tracking people’s movements; data should not be stored longer than 14 days, a retention period which corresponds to the contagion period. Principles also cover the preservation of privacy of the users and interoperability which is important in the EU where the disease does not respect national boundaries.
The European Commission has also funded several projects developing technologies and apps that proved to be very relevant in times of sheer increase of online activities, like during the COVID-19 outbreak. These include apps developed through NGI for human-centric technologies in times of crisis. The other major initiative that is part of the Commission’s effort to support Member States in overcoming the pandemic, is the Tech Review Facility that provides independent security and privacy analysis of COVID-19 related technology. The team performs testing and provides advice on the development of contact tracing apps based on security, privacy, accessibility and compliance with legal requirements. Through NGI there is also a drive to stimulate use of open source and gather feedback from the community of experts.
Dirk-Willem van Gulik – Special advisor to NL government for COVID-19 tracing apps
Mr van Gulik works in a team which built the Covid-19 tracing app ‘CoronaMelder’ in the Netherlands which has been installed by nearly 5 million people. The team can see warnings of Covid-19 infections when they come through the system. People rely on the app to know when to contact public health authorities to get tested. Mr Gulik commented that the survey-based feedback his team gathers is not obtained via monitoring or Google analytics, it is via user and hospital surveys. This approach is deemed appropriate to the Dutch context in order to avoid a sense of ‘surveillance’.
A transparent, open source approach
In the design phase of the app, the private sector was requested for input, but companies were not able to adhere to the standards of the Tech Review Facility of privacy and inclusiveness. Therefore the Ministry of Public Health took responsibility for developing an app which could be trusted by the public. Everything is open source and anyone can build the app and run it on their phone – verifying the code on GitHub. Community testing was performed with people with different reading skills and ability to use a smart phone. Due to public concern around privacy, this had to be built in with a ‘privacy by design’ concept. The resulting app has come about through a decentralised and collaborative approach and the design is now available for further applications.
“This app is working both from the perspective of public health and society at large. You don’t have to trust it blindly; you can actually verify the code and people do. So it really means that trust becomes vital in how acceptable the app is by people.” He said.
Jelena Malinina – Digital health, policy officer at BEUC, the European consumer organisation
BEUC is the umbrella group for 44 independent consumer organisations from 32 countries. Ms Malinina explained that not all countries are conducting an open and inclusive approach to app development. Trust is essential for the adoption of contact tracing apps, because people will not opt in unless they believe in the public health strategy and understand their personal advantage to do so.
GDPR is the data protection bible in Europe and Ms Malinina stressed the importance of how it is implemented because the theory is there but enforcement may be lacking. She stressed that apps that track content respect the data minimisation principle with limited data retention – and that the app is only in use for the time it is necessary.
Transparency is so important, it is critical to show how the technology is made, but not every citizen, patient or consumer are IT experts, so it is important this information is publicly available. In general, European apps constitute of the client app which is managed by the national public health body, towards another component which in many countries is the Google exposure model. While the client side has public scrutiny and data protection, there is no such documentation for the other component. It would be better to have full transparency of the data model.
The apps should be useful, and it is difficult to see whether people actually act after they receive the notification of proximity to an infected person and go and get tested. These apps may be with us for some time and it is important to establish criteria on their usefulness.
“There is no such thing as an average person” said Ms Malinina. “We are a society and there are different citizens and consumers with very different needs, capacity, values and goals when it comes to use of any kind of digital health tools. We insist that digital health solutions including COVID-19 contact tracing apps must correspond to a variety of user preferences. It’s important for everyone to access the app, for example, in Belgium, it is not possible to download the national app on an iPhone which is three years or older. The app must also target those people with hearing or other problems. Everyone has the right to use it and to use it conveniently. Covid-19 tracing apps – or any other technology must be trusted by citizens.”
Dr. Huang Yen-Nun Director for Research Center for Information Technology Innovation (CITI), Academia Sinica, Taiwan and Hong-Wei Jyan – Director General, Department of Cyber Security of Taiwan, responsible for the development of the apps on COVID-19
In Taiwan, a national central command center was set up in January 2020, working to achieve a balance between privacy protection with transparency on one hand and disease control and collaboration on the other.
In Taiwan all information on Covid-19 morbidity and mortality is shared, with daily media announcements. There is also strong collaboration with the private sector. A smart system links border control to the tracking system and the information is available to the local police.
In Taiwan, there is collaboration with the Telecommunications industry, because they do not use GPS nor apps, they collect the radio signal from the station of the Telecom operator so that they may know the location of each mobile phone to monitor quarantines. This is important as many people do not use smart phones in Taiwan, so cannot use apps. If a person who is supposed to be in quarantine leaves their house, they receive a series of two alerts and then the police will be called to find them. This guarantees that people stay home for their quarantine period. The information is not stored after the end of the person’s quarantine period. The central command center has a visualisation of the isolation types as well as any people who avoid quarantine. This is visible only to the center and the police and is not publicly available. The system has high security standards.
Although a contact-tracing app has been developed, it is not in use as people have privacy concerns. However, if the Covid-19 situation persists, it may be deployed at the end of the year.
The session concluded with observations from the audience.
Link to the IGF session (recording will be made available soon).