Learning from current success stories as well as controversies, various teams of researchers and developers are now proposing a different vision where privacy protection is a must, and solutions are designed to extract useful data without sharing personal sensitive information. In particular, the spatial information associated with the individual citizens (where they stay or move) is considered to be too sensitive, and difficult to protect. An important research direction is the privacy-safe, spatially-oblivious implementation of proximity-tracing, that in this context basically represents the ability to reconstruct the close contacts with other people that an individual had before being tested positive. A strongly decentralized representative of this direction is the DP3T (Decentralized Privacy-Preserving Proximity Tracing 2020) approach. The solution is based on mobile phone apps that continuously collect the list of anonymous, dynamically changing, app-generated IDs of other phones (which, therefore, need to have the app installed, too) that had close and prolonged contacts with the device. With DP3T, the trusted authority simply broadcasts the anonymous app-generated IDs of the positive patient’s phone, and each contact needs to check the list to find themselves. The recent joint effort by Apple and Google to provide Android and iOS system-level support for contact tracing through and hoc APIs (Apple and Google Partner on COVID-19 Contact Tracing Technology 2020) also goes in this direction. A similar view, yet leaning towards a centralized management of the anonymous contact traces, is provided by the PEPP-PT initiative (Pan-European Privacy-Preserving Proximity Tracing 2020), where the broadcasting phase is replaced with a different communication way where positive users provide the list of “contacted” anonymous app-generated IDs to the trusted central authority, who is then able to directly call and warn the phones in the listFootnote 1.
The strong point of these approaches lies in the simplicity of the information used, which allow easy and rapid implementations able to guarantee privacy protection (obviously stronger in the completely decentralized solutions). While we believe that these approaches are on the right track and particularly useful in the short term, we also emphasize that limiting the analysis to simple contact (close-range proximity) data limits the efficacy. One point is that the discoverability of potentially exposed contacts is by design limited to those who have the app installed (both the positive person and the exposed one), making it impactful only after a critical mass of users is reached (some models suggest 60% is the optimal threshold (Digital Contact Tracing Can Slow or Even Stop Coronavirus Transmission
and Ease Us out of Lockdown 2020)). Also, only direct contacts are detected, thus not considering surface-touch contamination, which is a typical phenomenon in large shared spaces, like supermarkets and such, considered to be a potential vector of diffusion (van Doremalen 2020). Another important task would be to quickly detect outbreak hotspots, and for this purpose spatial and temporal information could be a key ingredient. Spatial-temporal information within a privacy preserving architecture (e.g. appropriate granularity levels, clear access rights and aims for data processing, enhanced security, etc.) can provide vital granular aggregate data with a modest or null impact on fundamental rights and freedoms, see for example the MIT Private Kit Safe Path initiative (Raskar et al. 2020).