Abstract
Purpose
During the COVID-19 pandemic, the NZ COVID Tracer App (NZCTA) was released as a digital intervention to support contact tracing processes in Aotearoa New Zealand. This paper examines whether NZCTA met the data governance requirements of the Indigenous Māori people. Māori are an interesting case study as they have unique Treaty and data sovereignty rights, and a higher risk of COVID-related mortality.
Methods
The NZCTA was assessed against 24 criteria drawn from the Māori Data Governance Model. The assessment drew on documentary sources and the authors’ knowledge of NZCTA and contact tracing process. Each criteria was assessed as ‘met’, ‘partially met’ or ‘not met’.
Results
Our retrospective assessment showed a mixed performance against the Māori Data Governance Model, with NZCTA only fulfilling seven of the 24 model criteria and failing to meet nine.
Conclusion
There is significant room for improvement in future digital health interventions for Māori. Much work remains to be done in the Aotearoa public sector to uphold Māori data sovereignty and address systemic barriers to genuine partnership with Māori.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
During the COVID-19 pandemic, the NZ COVID Tracer App (NZCTA) was released as a digital intervention to support contact tracing processes in Aotearoa New Zealand (Aotearoa hereafter). Contact tracing is the process of identifying individuals who may have been infected by active cases of COVID-19, based on the time spent in proximity to the infectious person, which can include persons who are known or unknown to the case. By isolating potentially infected persons from the community, forward transmission of the disease can be reduced. Manatū Hauora / The Ministry of Health (MoH) developed several unique elements of digital contact tracing that were later reproduced overseas, such as the use of QR codes to create a digital diary of visited locations [1]. The promise of digital contact tracing to make a material impact on the spread of disease relied on high participation rates so that a high proportion of contacts could be notified of potential transmission and isolate [2].
The urgency of the COVID-19 public emergency meant that contact tracing technology had to be implemented at speed, and public engagement around its development and deployment was limited [3]. While justifiable in a public health emergency, digital contact tracing is nevertheless one manifestation of state surveillance and marginalised populations with a history of distrust of government cannot be assumed to willingly participate [4, 5]. In Aotearoa, the Indigenous Māori people have a long history of governments using their data and information against them [6]. Māori consistently report the lowest level of trust in government institutions in surveys such as the General Social Survey [7]. Māori disadvantage is structural and systemic and includes, among other things, comparatively higher rates of poverty [8], lower life expectancy [9], higher incarceration [10] and poorer health outcomes [11]. The impacts of the pandemic were heightened for Māori [12] who had more than twice the risk of death compared with European and Other groups [13].
The founding document of Aotearoa, Te Tiriti o Waitangi, forms the basis of partnership between Māori and the British Crown (represented by the New Zealand government), and is highly relevant in public policy as one of the Constitutional source documents [14,15,16]. In times of public health emergency, such as during COVID-19, Māori expect that te Tiriti is still a relevant point of reference for decision-making [17]. As McLean argues, “In order for the state to be properly informed about Māori rights and interests, Māori need to be fully involved and explicitly engaged in the planning for emergencies” [18]. Article 2 of te Tiriti guarantees Māori tino rangatiratanga [sovereignty] over their lands and taonga [treasures] which, in a modern context, includes data [19,20,21]. The Māori Data Sovereignty Network, Te Mana Raraunga, advocates for Māori sovereignty over Māori data [22], and the Data Iwi Leaders Group (Data ILG) has the mandate from 80-plus tribes to progress tribal data sovereignty [23]. Unfortunately, NZCTA was designed and deployed with minimal Māori input.
In 2023, the Māori Data Governance Model was published as part of a Tiriti-based ‘Mana Ōrite’ [equal status] relationship agreement between Data ILG and the National Statistics Office Stats NZ [24, 25]. The agreement recognises the need for Māori to “have improved access to iwi-Māori data and enhanced opportunities to co-create and co-develop future systems and data design across the public data ecosystem” [24]. The Model was developed to assist agencies to undertake Māori data governance in a way that is culturally grounded, values-led, and centred on Māori needs and priorities [26]. It focuses on key priorities and actions, against which agencies can assess their level of Māori Data Governance maturity. The release of the Model provides an ideal opportunity to retrospectively assess NZCTA against collective Māori expectations for good data governance. This paper describes the development of a Māori data governance tool to assess NZCTA, along with the method of assessment, and the results. First, a brief background of NZCTA and how it works is provided below.
2 The NZ COVID Tracer app
NZCTA was released by Manatū Hauora / the Ministry of Health in May 2020 for iOS and Android platforms, which cover 99% of the smartphones in Aotearoa. Use of the app was voluntary, although in various phases of the pandemic there were legal requirements for individuals to “sign-in” at venues/locations, which could be performed using NZCTA. Along with further improvements over time, the key functions of NZCTA were:
-
An opportunity for users to provide up-to-date contact details to the Ministry of Health
-
A digital diary recording the places that a user had been to, based on QR code scans or manual entries
-
Bluetooth tracing based on the Apple/Google Exposure Notification Framework, which automatically built a log of physically proximate devices that were also participating in the system
-
Exposure notifications based on either the digital diary or Bluetooth logs, allowing users to be informed of overlaps with known cases of COVID-19 and to take appropriate action (e.g. self-isolation or RAT testing)
NZCTA was designed to augment, not replace, human-led (or “manual”) contact tracing. Humans were required at key steps in the process, such as contact tracers giving users tokens (or “passcodes”) in order to upload data to the Ministry of Health servers, and analysing contact locations to designate risk levels. In some ways this was positive, as it reduced the likelihood of a person being incorrectly notified as a close contact and bias by retaining human decision making, but also introduced challenges around scaling up as the number of cases rose.
As we identify in our other work [27, 28], the overall effectiveness of NZCTA was low, primarily because human contact tracers did not utilise the technology to its full potential, and therefore many people who could have been notified of possible exposure to COVID-19 were not. However, this was not known at the time, and the general public achieved a high participation rate of approximately 60%, one of the highest rates of any jurisdiction with voluntary participation. This demonstrated relatively high levels of trust for the tool amongst the public, both in terms of privacy data protection and the technical efficacy of the tool [1, 29].
It is also important to recognise the broader pandemic context in Aotearoa. While there were a few small outbreaks, there were few or no community cases of COVID-19 in Aotearoa for most of 2020–2021. As other parts of the world saw high rates of transmission and illness, many people in Aotearoa continued their normal lives (albeit with reduced international travel), which contributed to a sense of complacency, as evidenced by declining QR code scans (and therefore decreasing active participation) shown in Fig. 1.
Daily case counts (logarithmic) and NZ COVID Tracer Usage (daily QR code scans in orange, and the number of devices with Bluetooth Tracing turned on in blue) across different phases of the pandemic in Aotearoa. The two white vertical lines indicate the arrival of the delta and omicron variants to Aotearoa
3 Methods
The first part of this section describes the tool we developed to assess NZCTA against the Māori Data Governance Model. The second part describes how the assessment was carried out, using a range of documentary sources and the authors’ insights.
3.1 Developing the Māori data governance model assessment tool
The assessment tool (Appendix 1) follows the logic of the Māori Data Governance Model which is structured around eight data Pou or Pillars. Each Pou has a set of criteria that reflect priority areas of concern—the Model has 24 criteria in total. We assess each criterion as being ‘met’, ‘partially met’, or ‘not met’, with space for qualitative commentary to provide further context. The goal of our assessment is to identify specific areas of Māori data governance strengths and weaknesses, in order to provide a basis for improvement. Given this objective, we do not attach a quantitative scoring system to the assessment criteria. Doing so would imply a level of precision that cannot be justified by the underlying data, given that the degree of subjective judgement involved. Aggregating scores could also lead to misleading conclusions or misinterpretations of the data.
The tool is sufficiently high-level that it could be readily applied across a range of public sector data contexts, and its simple approach allows for extension where needed in specific applications. This could be potentially useful in the future given the implementation gap that may arise with regard to adoption of the Model and its outcomes.
3.2 Assessing NZCTA’s compliance with māori data governance
To assess NZCTA against the tool we analysed a number of key information sources, including:
-
Privacy Impact Assessments (PIAs) of NZCTA publicly released by the Ministry of Health [30]. PIAs are a requirement for government agencies when establishing new programmes or systems. It identifies and assesses the privacy risks in the collection, use or disclosure of personal information.
-
Standard Operating Procedures (SOPs) for contact tracers relating to NZCTA that were provided to the researchers [31]. The SOPs were the processes and procedures that contract tracers used when contacting and working with consumer information.
-
A Cabinet Briefing Paper on Contact Tracing (11 April 2022) released under the Official Information Act [32]. The paper is a report to the ministers in Cabinet on the lessons learnt from contact tracing.
-
Qualitative interviews with contact tracers and researchers involved in the development and promotion of NZCTA, which are described in a companion paper published by the researchers [33].
Taken together, the sources provided the information we needed to assess how well NZCTA met the Māori data governance criteria. The assessment was performed by the authors through an online workshop, who assessed each criteria using the sources noted above, and their own knowledge of NZCTA and contact tracing as relevant experts. The analysis covers the period between May 2020 and August 2022. Secondary sources were used to supplement the official sources when there were gaps in the assessment, or there was a need to validate an assumption from the official documents. These secondary sources are referenced in the assessment results.
The completed assessment matrix is included in Appendix 1. While some Pou and criterion can be narrowly answered (e.g. where data is held from a data sovereignty perspective), many criteria require a holistic view of NZCTA and its associated processes, policies, and outcomes.
4 Results
4.1 Pou 1—data capacities and workforce development
Both of the capacity and workforce development criteria centre on the investment of Māori expertise and capacity building in the data system, not only in data analytics but also in wider technical expertise and data leadership led by Māori values [26]. The organisational culture should nurture and leverages community expertise and support diverse kinds of data capabilities [26].
The first criterion in Pou 1 was whether the development and/or implementation supported anti-racist data practice. The criterion was evaluated as partially met, as ethnicity was not a discriminatory factor in the deployment of NZCTA. Moreover, there were generally positive health system efforts to address Māori outcomes. However, there was an insufficient effort to overcome existing inequities, such as not addressing the lack of access/ability to use smartphones in certain communities, and not providing a te reo Māori translation of the app.
The second criterion was whether the development and/or implementation supported Māori data and digital expertise and leadership. The overall development and implementation were assessed as not met as there was no intentional investment in or support drawn from Māori data and digital expertise. The researchers recognise that a CovidCard trial [34, 35] was undertaken in conjunction with Te Arawa, Ngongotahā to test the viability of Bluetooth-enabled smart cards for contact tracing, but that partnership was ultimately not continued in the context of NZCTA.
4.2 Pou 2—data infrastructure
The data infrastructure in the public sector needs to be flexible, scalable and interoperable, and offer technology options that power choices close to where decisions are made, including outside of government [26]. As demonstrated through the COVID-19 pandemic, having such infrastructure is critical in times of crisis [26].
The first criterion of this Pou asks whether Māori are involved in shared decision-making, particularly in the decisions that affect Māori data. This was evaluated as not met, as most of the documents related to NZCTA (particularly the Privacy Impact Assessment) do not mention or list any engagement with Māori groups. There may have been some less formal or adjacent discussions, but it does not appear to have directly influenced the system design or implementation of NZCTA.
The second criterion considers whether the infrastructure supports decentralised or distributed data systems. This was assessed as partially met, because the app was designed with a decentralised data architecture, with most data collected staying on the devices and not automatically provided to the Ministry of Health. Data provision to health officials only occurred upon the request of a contact tracer interviewing a case. However, once the data was provided by a case, it was then held centrally by the Ministry of Health, with wide visibility amongst contact tracers, and retained for a relatively long period of time, hence a “fully met” assessment could not be given.
The third criterion puts a sustainability focus on infrastructure that can meet the evolving needs of Māori. This was assessed as met, with the caveat that the decision was based on a short-term timeframe given the expected length of the pandemic. NZCTA was designed well and technical upgrades were relatively seamless. Although the initial deployment of the app included some bugs, the uninterrupted nature of upgrades meant that these were easily fixed without impacting on user experience, with the public perceiving a stable platform.
4.3 Pou 3—data collection
This Pou focuses on how and why data is being collected. Government agencies often collect data in ways that are extractive, narrowly focused on agency agendas, and/or result in inadequate benefits for those providing the data [26]. The Model requires government agencies to adopt a Te Tiriti-led approach to data collection in order to maintain and strengthen relationships.
The first criterion is that data collected meets Māori priorities and the potential risks and harms have been identified and addressed. This was partially met as a general analysis was conducted through the Privacy Impact Assessment, albeit not for Māori specifically. Moreover, the documentation did not indicate that Māori priorities were taken into account when developing and implementing NZCTA.
The second criterion asks whether only necessary data was collected. This was assessed as met, as NZCTA was designed to only collect minimally necessary data, and unnecessary data was not exposed to central collection.
The third criterion relates to the dignity of the people through informed consent. This was evaluated as partially met, as it was voluntary to download NZCTA, and a person could choose to make their own contact tracing records (e.g. pen and paper) if they had issues with NZCTA or did not have a suitable device. More education could have been provided assuring how data was stored on the personal device, and how and when data would be taken and used. Moreover, there were significant issues for people with disabilities (not specific to Māori) and their ability to consent and use NZCTA.
4.4 Pou 4—data protection
Data protection focuses on ensuring that private, confidential or sensitive information is safe and secure from external threats and security breaches [26]. Protection is important for building trust and social licence.
The first criterion, privacy, is divided into two parts: personal and collective. Personal privacy ensures that information has been handled according to the regulations and active consideration of re-identification has been addressed. This part was deemed met as NZCTA complied with privacy regulations and mitigations were considered and deployed through the Privacy Impact Assessment. However, there were some edge cases that were not well considered, such as domestic violence scenarios and police overreach which were not strictly against the privacy legislation but carried ethical concerns nonetheless. The use of NZCTA data outside of a public health context was eventually prohibited under law in a 2021 legislative amendment [36].
Collective privacy is less well-known as personal privacy dominates the concept of privacy in Western cultures. Collective privacy refers to both protection from risks of discrimination and negative outcomes for groups of people, as well as groups of people having the right to use their own data in a self-determinative way to achieve positive outcomes for themselves. In an Aotearoa context, this refers primarily to Māori groups such as iwi and hapū [tribes and clans] being able to access and use data about themselves, even if it is collected or held by someone else.
We assessed the collective privacy sub-criterion as only partially met. While most data within the app itself was unlikely to be used in a collective context, when data was entered into the health system by contract tracers through the National Contract Tracing Solution (NCTS), issues of collective privacy did arise. For example, the possibility of a collective privacy approach to allow Māori groups to conduct their own contact tracing within their communities, rather than relying on a government-backed public health system, was not discussed in the available documentation. The Whānau Ora Commissioning Agency (WOCA) cases provide good lessons for the public health system in this regard [37]. In our companion qualitative study, there was evidence that this was an area that public health officials were still uncertain about, and it is clear that it is challenging for some of them to think about data in terms of collective privacy [33].
The second criterion under this Pou is the storage of data in Aotearoa. This was evaluated as not met, as while data collected by individuals stayed on their personal devices, the Ministry of Health held any data brought into the health system on Amazon Web Services (AWS) servers in Sydney. This introduces risks on data sovereignty, and makes the processing and storage of Māori data more opaque to Māori.
4.5 Pou 5—data access, sharing, and repatriation
Data access, sharing, and repatriation concerns the creating, maintaining, and fostering relationships based in reciprocity and trust [26]. These relationships are (or ought to be) built on rules for what data can be shared, by whom, and under what conditions [26]. When data has been taken inappropriately, systems should be in place to repatriate the data. Māori data held by agencies should be repatriated acknowledging the tino rangatiratanga [sovereignty] of iwi and hapū.
The first criterion covers data access by Māori. This has been broken into three sub-areas. Firstly, the criterion asks if Māori can access their own data in appropriate and useful formats. This sub-criterion was met as people could access their personal data on their phone, but with a caveat that the system was not set up to consider collective data such as of iwi or hapū. The next sub-criterion asks if Māori data that is made open access is done so with free and informed consent. This was not deemed relevant as Māori-specific data was not made open access, although there were aggregated usage statistics published. The third sub-criterion asks whether there was potential for Māori to benefit, directly or indirectly, from this data. This was deemed met as users were able to benefit directly (and indirectly) from better contact tracing during COVID-19, both individually and collectively.
The second criterion of this Pou considers whether Māori data is linked, integrated, and/or shared with consent with appropriate protocols in place. This was deemed as met, as the data was only shared when a person was identified as a case, and only with the voluntary consent of the case. For example, some cases did not consent to providing data for contact tracing purposes, which led to alternative policy responses such as localised lockdowns [38]. Additionally, the Ministry of Health did not link NZCTA data with other health data other than the National Health Index, despite some internal pressure to do so early in the pandemic.
The third criterion focuses on the repatriation of data and that it adheres to the appropriate tikanga [protocols] and is supported with appropriate resources. Under the current system, including the way the contact tracing data infrastructure was set up, it was not possible for individual users or iwi/hapu to repatriate data, and therefore this criterion was not met.
4.6 Pou 6—data use and reuse
When done appropriately and ethically, data use and reuse have the potential to be positively transformative, through improved decision-making and improved services for iwi, hapū, and whānau flourishing [26]. This requires consent, engaging with the community to ask the questions that will lead to transformational change, and ensuring algorithms are deployed with utmost care.
The first criterion focuses on consent that must be free, prior and informed (FPIC). This was assessed as met, as consent was built into NZCTA and data could only be used for the agreed purpose. No person could be compelled to collect data through NZCTA, and no person with data could be compelled to provide it to health officials. The criterion also assesses the use of bundled data, which was not relevant to NZCTA.
The second criterion centres on data analysis and whether the right questions are asked to meet Māori priorities and enable devolution to Māori through iwi, hapū, and whānau to enhance mana motuhake. This was evaluated as not met, as there were no Māori priorities taken into account in the design and use of NZCTA, although Māori were considered in the monitoring of contact tracing performance metrics generally (including the manual system).
The third criterion of this Pou looks at algorithms and whether developers have been accountable to Māori for how Māori data has been used. This was assessed as not met as there was no evidence available to us that this had occurred (also related to the third criterion of Pou 7 below).
4.7 Pou 7—data quality and systems integrity
Data quality and systems integrity are key to making accurate, informed decisions [26]. While data quality has often been seen as synonymous with accuracy, the focus now tends to be on fitness for use in terms of user perspectives.
The first criterion asks whether Māori data standards have been applied to the collection, management, and use of Māori data as a common approach across the public service. The was assessed as not met, as there was no evidence found in the documentation relating to specific Māori data standards.
The second criterion assesses whether monitoring is/was in place to ensure the quality and relevance of Māori data. This was assessed as partially met, in that there was monitoring of data quality generally, but not necessarily ethnically identified to ensure Māori data specifically was of high quality.
The third criterion of this Pou asks whether measures have been put in place that are technically and culturally safe, and accountable for data harms. This criterion was considered as partly met as there was no systematised approach for accountability beyond normal democratic processes. While there was some internal governance at the Ministry of Health, and some external actors applying pressure (such as science communicators and community groups), the systems were set up too quickly to ensure appropriate governance mechanisms. This is understandable given the emergency context, but could have been improved over the course of the pandemic.
4.8 Pou 8—data classification
Any classification of Māori data must recognise that this data has been acquired and transmitted across millennia and that these knowledge codes convey detailed information about creation, time, whakapapa, knowledge and the connections between all things [26].
The first criterion of this Pou concerns classifying Māori data and the need for the data classification to make sense to Māori. This criterion was evaluated as not met, as data was mostly held locally on the device, and there was no indication of ethnicity or other information that indicated that a particular case was Māori. It was not until contract tracers conducted their interviews that any ethnicity was connected to the data, in particular through the National Health Index number. Whether that was the most useful for iwi and Māori support organisations is not known as there appeared to be no engagement with those groups based on the documents available.
The second criterion is that relevant Māori metadata has been recorded, such as Traditional Knowledge Notices and Labels. This was also assessed as not met as data was not identified as being Māori when it was collected, and no other relevant metadata was collected.
5 Conclusions
In this paper, we have comprehensively evaluated the NZ COVID Tracer app, a digital contact tracing intervention deployed during the COVID-19 pandemic in Aotearoa, against the Māori Data Governance Model using a new assessment tool. Overall, performance against the assessment tool was mixed, with significant room for improvement for future digital public health interventions.
The items that were not met in this assessment loosely fall into three categories: technical, standards, and systemic. In terms of technical improvements, the key one is where Māori data is physically being stored (4.2)—in many public sector contexts, cloud computing is used with data hosted on servers physically outside of Aotearoa. This criterion cannot be met until the public sector makes a more concerted effort to support/require that Māori data is stored onshore, under the control and governance of local entities [39]. Repatriation of data was also not considered in the NZCTA context, which may arguably be not necessary where the data is being deleted instead (data stored by the app on the device had an automatic expiry time, but centrally held data may have a much longer lifespan).
In terms of standards, there are a number of emerging frameworks, tools, and models to help people practically incorporate Māori data governance into their system design (7.1, 8.1, 8.2). Examples include TK Labels [40] and the FAIR and CARE principles [41, 42]. These need to be considered early in the development process of future digital public health interventions so that these systems can be classified appropriately with risks communicated clearly.
Lastly, systemic issues in the public health sector create challenges for fully incorporating Māori data governance into intervention design processes, especially when operating with significant constraints (e.g. time). Partnership with Māori is often not considered or considered too late (1.2, 2.1), which can then have significant impacts on how the system is designed and whether or not they are built with Māori in mind (6.2, 6.3). While there is now better recognition of the importance of Te Tiriti and partnership with Māori in the public sector, there are still significant systemic barriers to overcome and correct, where outcomes are just as important as intent. The design choice to have a largely decentralised system with data stored on the device addressed several Māori data governance principles, although as a technology consultant participant in our companion qualitative study stated, “I would probably charitably say we accidentally focused on providing agency over your own information… we certainly didn’t sit down and say how would we deliver this in terms of Māori data sovereignty” [33].
One challenge of evaluating a system that was not designed with Māori data governance in mind is that some of the criteria could be argued to be “not applicable” rather than “not met”. For example, criterion 5.1b asks if Māori data has been made open source, collective consent should be given, but this was not relevant in a NZCTA context as the data was not made open source. It may be tempting for those conducting the assessment to ignore criteria if they do not deem it relevant. More broadly, it may be that for some applications it is not desirable to meet all of the specified criteria depending on the design and intended purpose. Thus, we recommend the full assessment tool is used even when not all of the criteria may be deemed relevant, because it forces a reflection on the applicability. Any design decisions that lead to criteria being evaluated as “not applicable” or “not important” should be well considered and justified.
Looking ahead, a practical recommendation is to conduct a Māori data governance model assessment at the same time as other best practice assessments, such as the Privacy Impact Assessment or the Algorithm Charter Assessment, which would reveal shortcomings and ask system designers to consider mitigations and responses to improve the governance of Māori data. There is still a lot of work to be done in the Aotearoa public sector to uphold Māori data sovereignty including physically onshoring data and managing data repatriation processes, as well as addressing systemic barriers to genuine partnership with Māori.
Data availability
The data sources used for this research are available from the authors upon reasonable request, with permission sought from Manatū Hauora/New Zealand Ministry of Health.
References
Chen AT, Thio KW. Exploring the drivers and barriers to uptake for digital contact tracing. Soc Sci Humanit Open. 2021;4(1): 100212. https://doi.org/10.1016/j.ssaho.2021.100212.
Ferretti L, Wymant C, Kendall M, Zhao L, Nurtay A, Abeler-Dörner L, Parker M, Bonsall D, Fraser C. Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing. Science. 2020. https://doi.org/10.1126/science.abb6936.
Vaithianathan, R., Ryan, M., Anchugina, N., Selvey, L., Dare, T., & Brown, A. (2020). Digital Contact Tracing for COVID-19: A Primer for Policymakers.
Hermesh B, Rosenthal A, Davidovitch N. The cycle of distrust in health policy and behavior: Lessons learned from the Negev Bedouin. PLoS ONE. 2020;15(8): e0237734. https://doi.org/10.1371/journal.pone.0237734.
Wild C, Rawiri N, Willing E, Hofman P, Anderson Y. What affects programme engagement for Māori families? A qualitative study of a family-based, multidisciplinary healthy lifestyle programme for children and adolescents. J Paediatr Child Health. 2020;57(5):670–6. https://doi.org/10.1111/jpc.15309.
Cormack D, Kukutai T. Indigenous peoples, data and the coloniality of surveillance. In: Hepp A, Jarke J, Kramp L, editors. The ambivalences of data power: new perspectives in critical data studies. London: Palgrave Macmillan; 2022. p. 121–41.
Stats NZ. Wellbeing statistics: 2014–2018 (time series). 2019. https://www.stats.govt.nz/information-releases/wellbeing-statistics-2018/
Stats NZ. Child poverty statistics show no annual change in the year ended June 2022. 2023. https://www.stats.govt.nz/news/child-poverty-statistics-show-no-annual-change-in-the-year-ended-june-2022/
Stats NZ. National and subnational period life tables: 2017–2019. 2021. https://www.stats.govt.nz/information-releases/national-and-subnational-period-life-tables-2017-2019
Te Uepū Hāpai i te Ora. He waka roimata. Transforming our criminal justice system. Ministry of Justice. 2019. https://www.justice.govt.nz/assets/Documents/Publications/He-Waka-Roimata-Report.pdf
Gurney J, Stanley J, Sarfati D. The inequity of morbidity: Disparities in the prevalence of morbidity between ethnic groups in New Zealand. J Comorb. 2020. https://doi.org/10.1177/2235042X20971168.
King, P., Cormack, D., McLeod, M., Harris, R., & Gurney, J. (2020). COVID-19 and Māori health—when equity is more than a word. Public Health Expert Briefing. https://www.phcc.org.nz/briefing/covid-19-and-maori-health-when-equity-more-word
Ministry of Health. COVID-19 mortality in Aotearoa New Zealand: Inequities in risk. 2022a. https://www.health.govt.nz/publication/covid-19-mortality-aotearoa-new-zealand-inequities-risk
Keith, K. (2023, April 19). On the Constitution of New Zealand: An Introduction to the Foundations of the Current Form of Government. Department of the Prime Minister and Cabinet (DPMC). 2023. https://www.dpmc.govt.nz/our-business-units/cabinet-office/supporting-work-cabinet/cabinet-manual/introduction
Cabinet Office. CO(19)5: Te Tiriti o Waitangi/Treaty of Waitangi guidance. 2019. https://www.dpmc.govt.nz/publications/co-19-5-te-tiriti-o-waitangi-treaty-waitangi-guidance
Office of the Governor-General. (2023). New Zealand’s Constitution. The Governor-General. Retrieved 28 October 2023. https://gg.govt.nz/office-governor-general/roles-and-functions-governor-general/constitutional-role/constitution/constitution
Te One A, Clifford C. Tino rangatiratanga and well-being: māori self determination in the face of Covid-19. Front Sociol. 2021. https://doi.org/10.3389/fsoc.2021.613340.
McLean, J. (2022). The Legal Framework for Emergencies in Aotearoa New Zealand (NZLC SP23). Te Aka Matua o te Ture | Law Commission.
Ruckstuhl K. Data Is a Taonga: Aotearoa New Zealand, Māori data sovereignty and implications for protection of treasures. Journal of Intellectual Property Entertain Law. 2023;12:391–412.
Taiuru K. Māori Data as Taonga. In: Sumida Huaman E, Martin ND, editors. Indigenous research design transnational perspectives in practice. Toronto: Canadian Scholars; 2023.
Waitangi Tribunal. Ko Aotearoa tēnei: A report into claims concerning New Zealand law and policy affecting Māori culture and identity. (WAI 262). 2011.
Te Mana Raraunga. Māori data sovereignty principles. 2018.
Te Kāhui Raraunga. Tāwhiti nuku. Māori data governance co-design outcomes report. 2021.
Data ILG & Stats NZ. Mana Ōrite relationship agreement. 2021. https://www.stats.govt.nz/about-us/what-we-do/mana-orite-relationship-agreement/
Te Kāhui Raraunga. Iwi Data Needs. Te Kāhui Raraunga. 2020
Kukutai, T., Campbell-Kamariera, K., Mead, A., Mikaere, K., Moses, C., Whitehead, J., & Cormack, D. Māori Data Governance Model. Te Kāhui Raraunga. 2023. https://www.kahuiraraunga.io/_files/ugd/b8e45c_803c03ffe532414183afcd8b9ced10dc.pdf
Chambers T, Anglemyer A, Chen AT, Atkinson J, Elers P, Baker M. An evaluation of the population uptake and contact tracer utilisation of the Covid-19 bluetooth exposure notification framework in New Zealand. Under Rev. 2023;144:105073.
Chambers T, Anglemyer A, Chen AT, Atkinson J, Baker M. Population and contact tracer uptake of New Zealand’s QR code-based digital contact tracing app for Covid-19. Under Rev. 2023;152:e66.
Ali ZS, Dang H. Factors impacting the use of the NZ COVID Tracer application in New Zealand. Smart Health. 2022;24: 100278.
Ministry of Health. Privacy Impact Assessment—COVID-19 contact tracing application release 5.1. New Zealand Government. 2022b.
Ministry of Health. Completing a case investigation, SOP-267, case and contact management New Zealand Government; April, 2021. New Zealand Government. 2021.
Ministry of Health. Briefing paper: Contact tracing: lessons learnt and future model. Wellington (NZL): Ministry of Health; 2022a. Accessed via Official Information Act request. 2022c.
Elers, T., Derrett, S., Emery, T., Chambers, T. Barely keeping the wheels on the trolley’: A qualitative study of perspectives of the NZ COVID Tracer App. Under Review. 2023.
Chambers, T., Anglemyer, A., Egan, R., Derrett, S., Maclennan, K., Emery, T., Patel, A., Millen, J. Research Report—Te Whatu trial of the Bluetooth-enabled contact tracing card. Ministry of Health Report. 2020.
Admiraal R, Millen J, Patel A, Chambers T. A case study of bluetooth technology as a supplemental tool in contact tracing. J Healthcare Inform Res. 2022;6:208–77. https://doi.org/10.1007/s41666-021-00112-9.
Parliamentary Counsel Office. COVID-19 Public Health Response Amendment Act 2021, s26. Retrieved 15 October 2023 from. 2021. https://www.legislation.govt.nz/act/public/2021/0048/latest/LMS577632.html#LMS577633.
Office of the Privacy Commissioner. Case note [2022] NZPrivCmr 1: Te Pou Matakana Limited v Attorney-General judicial review: Privacy Commissioner’s intervention (No 1) [2021] NZHC 2942 and (No 2) [2021] NZHC 3319. 2022. Retrieved 15 October 2023 from https://www.privacy.org.nz/publications/case-notes-and-court-decisions/case-note-high-court-decisions-te-pou-matakana-limited-v-attorney-general-no-1-2021-nzhc-2942-and-no-2-2021-nzhc-3319/
Sachdeva, S. Northland moving to Level 3 after ‘uncooperative’ Whangārei Covid case. Newsroom. 2021. Retrieved on 15 October 2023 from https://www.newsroom.co.nz/northland-moving-to-level-3-after-whangrei-covid-case
Kukutai, T., Clark, V., Culnane, C., & Teague, V. Māori data sovereignty and offshoring Māori data. Te Kāhui Raraunga. 2022. https://www.kahuiraraunga.io/_files/ugd/b8e45c_c035c550c8244c70a1025cd90a97298e.pdf
Montenegro M. Subverting the universality of metadata standards: the TK labels as a tool to promote Indigenous data sovereignty. J Document. 2019;75(4):731–49. https://doi.org/10.1108/JD-08-2018-0124.
Carroll SR, Herczog E, Hudson M, Russell K, Stall S. Operationalizing the CARE and FAIR Principles for Indigenous data futures. Sci Data. 2021. https://doi.org/10.1038/s41597-021-00892-0.
Research Data Alliance International Indigenous Data Sovereignty Interest Group. CARE principles for Indigenous data governance. 2019.
Acknowledgements
The authors would like to thank the wider research team on this project, including Phoebe Elers, Andy Anglemyer, Tepora Emery, and Sarah Derrett. The authors also acknowledge Manatū Hauora—Ministry of Health for the release of documents that enabled our analysis, as well as discussions with health officials throughout the project.
Funding
This project was funded by Manatū Hauora—Ministry of Health through the COVID-19 and National Immunisation Programme.
Author information
Authors and Affiliations
Contributions
All authors conceptualised the work and reviewed the manuscript. The methodology was developed by R.S. and T.K.; the formal analysis and original paper drafting was prepared by R.S. and A.T-Y.C.; funding acquisition was completed by T.C.
Corresponding authors
Ethics declarations
Competing interests
The authors declared no potential competing interests with respect to the research, authorship, and/or publication of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix 1: Māori data governance assessment tool
Appendix 1: Māori data governance assessment tool
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Sterling, R., Kukutai, T., Chambers, T. et al. A Māori data governance assessment of the NZ COVID Tracer app. Discov Soc Sci Health 4, 32 (2024). https://doi.org/10.1007/s44155-024-00092-2
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s44155-024-00092-2