Nanni M, Andrienko G, Barabási AL, Boldrini C, Bonchi F, Cattuto C, Chiaromonte F, Comandé G, Conti M, Coté M, Dignum F, Dignum V, Domingo-Ferrer J, Ferragina P, Giannotti F, Guidotti R, Helbing D, Kaski K, Kertesz J, Lehmann S, Lepri B, Lukowicz P, Matwin S, Jiménez DM, Monreale A, Morik K, Oliver N, Passarella A, Passerini A, Pedreschi D, Pentland A, Pianesi F, Pratesi F, Rinzivillo S, Ruggieri S, Siebes A, Torra V, Trasarti R, Hoven JVD, Vespignani A
Ethics Inf Technol - (-) 1-6 [2021-02-02; online 2021-02-02]
The rapid dynamics of COVID-19 calls for quick and effective tracking of virus transmission chains and early detection of outbreaks, especially in the "phase 2" of the pandemic, when lockdown and other restriction measures are progressively withdrawn, in order to avoid or minimize contagion resurgence. For this purpose, contact-tracing apps are being proposed for large scale adoption by many countries. A centralized approach, where data sensed by the app are all sent to a nation-wide server, raises concerns about citizens' privacy and needlessly strong digital surveillance, thus alerting us to the need to minimize personal data collection and avoiding location tracking. We advocate the conceptual advantage of a decentralized approach, where both contact and location data are collected exclusively in individual citizens' "personal data stores", to be shared separately and selectively (e.g., with a backend system, but possibly also with other citizens), voluntarily, only when the citizen has tested positive for COVID-19, and with a privacy preserving level of granularity. This approach better protects the personal sphere of citizens and affords multiple benefits: it allows for detailed information gathering for infected people in a privacy-preserving fashion; and, in turn this enables both contact tracing, and, the early detection of outbreak hotspots on more finely-granulated geographic scale. The decentralized approach is also scalable to large populations, in that only the data of positive patients need be handled at a central level. Our recommendation is two-fold. First to extend existing decentralized architectures with a light touch, in order to manage the collection of location data locally on the device, and allow the user to share spatio-temporal aggregates-if and when they want and for specific aims-with health authorities, for instance. Second, we favour a longer-term pursuit of realizing a Personal Data Store vision, giving users the opportunity to contribute to collective good in the measure they want, enhancing self-awareness, and cultivating collective efforts for rebuilding society.