Skip to content
Naked Security Naked Security

Should governments track your location to fight COVID-19?

Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.

Anyone viewing their Google Maps Timeline for the first time gets one of two feelings: Dread at the thought of how much information the company collects about their every move, or elation as they realise they can go back and see what they were doing not just on any given day, but during any given minute.
Governments struggling to control the spread of COVID-19 have been quick to catch on to these possibilities. This data could help them track other patients that a newly diagnosed sufferer had been in contact with. In aggregate, it could help identify high-risk areas where people are gathering. It could also have other, more invasive uses.
This weekend, the Wall Street Journal reported that US government officials are using location data from millions of cellphones to understand citizens’ movements and how they’re affecting the spread of the disease. That data, which sources have said is stripped of personally identifying information, shows how community hubs like shops and parks are still drawing crowds. The data can also show how well the population at large is following requests to stay indoors. A lot of this data comes from advertising companies that gather it as a matter of course, the paper said.
Other countries are taking a soft approach to using location data for the public good. Singapore’s voluntary TraceTogether app uses Bluetooth for proximity tracking. When two users’ phones come near each other, they send each other a message containing a timestamp, their Bluetooth signal strength, their phone’s model, and a temporary identifier. The phones store that information. Should a user test positive for the virus, they can upload their data to the Ministry of Health, which will decode it and use it to identify others that they may have infected.
In Israel, the Health Ministry has reportedly released an app that uses voluntary data to shield citizens from exposure while protecting their privacy. It notifies people when they have come into contact with infected citizens, but it keeps all this data on the users’ devices. The government makes this work by sending anonymous data on infected citizens’ movements to users’ phones.
Ireland’s government revealed plans for a voluntary tracking app that seems to work on the same basis as Singapore’s software. Expect to see that within ten days, said officials at the country’s Health Service Executive over the weekend.
While many such efforts are voluntary, some countries have sourced the data without users’ explicit consent. For example, Israel’s voluntary initiative only happened after the government there passed regulations allowing the Israeli police to track the cellphones of COVID-19-positive individuals using its anti-terrorism Shin Bet cellphone location tracking system.

The UK is said to have joined Germany, Austria, Spain, Belgium, and others in Europe to source anonymised location data directly from telcos. Following China, Europe was the hardest hit by the spread of the virus in early March. Governments are using the data to determine how much people are moving around and congregating, according to reports.
Is this legal? The European Data Protection Board (EDPB), established under GDPR, has issued a statement about the processing of data during the health crisis. It says:

Emergency is a legal condition which may legitimise restrictions of freedoms provided these restrictions are proportionate and limited to the emergency period.

Adding that these conditions apply when processing is necessary for reasons of substantial public interest in the area of public health:

Under those circumstances, there is no need to rely on consent of individuals.

That doesn’t mean it can play fast and free with personal data though. Authorities must rely on data protection techniques, it adds. GDPR includes anonymization among those techniques, although as researchers and activists have demonstrated in the past, you can still reconstruct peoples’ identities from anonymous data sets.
Other countries make people an offer they can’t refuse. Poland has launched a phone app for people under mandatory 14-day quarantines after returning from travel abroad. They must take photographs of themselves several times each day to prove they’re not outside, spokespeople said. If they fail to install the app, the police may show up at their door for a random check. The app reportedly uses both location tracking and facial recognition tech.
This all raises an important question: How much should civil rights, especially privacy, be eroded when dealing with a threat as pernicious as COVID-19? In an open letter, a group of technology and medical professionals led by EFF distinguished technology fellow Dr Peter Eckersley stops short of recommending direct governmental data-gathering but calls for help from mobile operating system vendors. Singling out Apple and Google, it says that they should build it directly into the mobile operating system on an opt-in basis:

Users who opt in could be notified in a non-identifiable way if they had been in the same spaces as subsequently identified cases, in order to enable self-quarantine, monitoring, early detection and prevention of tertiary cases. If such a feature could be built before SARS-CoV-2 is ubiquitous, it could prevent many people from being exposed.

What do you think about the use of location tracking data to help combat the spread of COVID-19, and to monitor self-isolation practices during the outbreak? Should this be mandatory? If it saves just one life, isn’t it worthwhile?

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.


Stripping away millions of peoples rights to save “just one life” is not ok. The data is showing that more people are dying each day by other threats such as the Flu, or Suicide. Certain measures governments are taking (at least in the USA) are costing people jobs and the ability to care for their families. This is leading to more abuse, suicide, and many other negative effects that will cost more lives than what Covid 19 is projected to kill.
Just something to think about. There are threats all around us every day. Should precautions be taken? Sure. But we need to be mindful of extremes that strip away our humanity.


This system is only relevent in countries like Singapour, South Korea, Japan…
Countries where a massive testing policy is in place.
In all other countries, it’s abuse of power and liberticide.
Worse, because the goal is to designate another culprit than governments, an alibi


If it saves just one life, isn’t it worthwhile?
If we took all cars of the road, it would save a lot more than one life, so is that worthwhile?
If we banned alcohol and tobacco, it would save a lot more than one life, so is that worthwhile?
If we castrated all men at 15 (after they had give a “sample” to enable the prolongation of the species), it would stop a lot of sexual assaults, so is that worthwhile?
If we were all put under some form of pharmaceutical cosh, we might eliminate a heck of a lot of violence, so is that worthwhile?
Unfortunately as many philosophers have found trying to equate anything to “a life” is fraught with difficulties and we should not encourage this type of argument (particularly with the sort of governments that we seem to be getting – incompetent or authoritarian or stupidly populist)?


Yeah, yeah, of course “data…stripped of its personal identification information” – we all know how secure that is, don’t we?
We all have to watch carefully how all our governments enact emergency legislation, especially to see that it has an inbuilt time period and isn’t infinitely extendable. Orbain and his shower of a party have just passed an emergency law that allows government by decree, so bypassing parliament permanently. Of course he claims that he’ll reinstate democracy as soon as possible, but no reasonable person would believe him.


The constitution was written to ensure the rights of the citizens after considering historical treatment of citizens by past governments over time. I am sure our founding fathers had freedom in mind for all. I know they did their best and I do not agree with any attempts by any entity to act outside the words/laws stated therein or by statements concerning what the wording actually means or that the document is outdated and should be revised. I say to the government GET OF OUR BACKS and govern FOR THE PEOPLE for a change…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!