We are facing a global crisis never before seen by our generation. While societies around the world battle the pandemic, we are lucky to be in a position where technological resources and data can support our fight – something not possible in the past.

Governments across the globe are rushing through legislation to support the roll-out of essential technologies to gather data, track, test, and detect the virus. Such actions and societal changes have been propelled forward at an unprecedented rate, often with short-term objectives in sight. The decisions our leaders take in this crisis will shape our future, determine how technology will be deployed, and dictate how much the power of data will be harnessed. But once this is in place, it is difficult to reverse. While we urgently need to find solutions, how concerned should we be by the prospect of the government having access to this much personal data? And how can we ensure it will it be protected?

Deploying Tracking Apps: Centralised or Decentralised?

As the crisis unfolded, Europe initially looked to Singapore, which successfully developed and quickly deployed a centralised tracking app to identify and alert people who had interacted with COVID-19 carriers. Using Bluetooth, the app tracks interactions between different smart devices. Initially, the 27 EU nations planned to come together to build a similarly centralised data-backed tracking app. The proximity data would be anonymised and stored and processed on a server controlled by a national authority, for example, the NHS. However, in recent weeks a number of notable member states such as Germany have backtracked on this decision, choosing instead to focus on a decentralised solution; something also supported by the European Commission and many data privacy experts. This approach would see data stored on devices themselves and only uploaded after a COVID-19 diagnosis, with the user’s permission. Discussions continue at a country- and EU-level, taking into account a variety of considerations. Unfortunately, there is no easy answer – further delaying roll-out.

The benefits of a solution, either centralised or decentralised, are massive. They would effectively allow people to know if they were in close proximity to someone with reported symptoms, as well as warning people retrospectively if they have been in contact with someone who has contracted COVID-19. Using an app-based tracking system to its full potential would accelerate the tracking process and, subsequently, the alerting process. It would provide more information to the public about their contact with others and, as a result, ensure the correct people are self-isolating at the correct time while helping hospitals across the UK manage patient numbers.

Trust and the Surveillance State

While today’s technologies provide us with a more efficient tracking system, we also now live in a society where data is one of the most valuable commodities. There have been concerns around the world about not only governments having access to this personal data, but also big tech companies and other institutions. In the wrong hands, tracking apps could provide a fully developed surveillance system covering all individuals in a nation. If coupled with a country’s CCTV tracking system, other smart sensors, and facial recognition, it would provide the means to monitor citizens at all times. We are increasingly seeing the ways these tools can be used to create a surveillance state in certain countries around the world. Combined with rushed legislation, this could be a defining moment in the history of government surveillance across the globe.

Public trust (or lack of it) will be a defining feature of this process for governments. For an app to be successful, at least 65% of the population would need to use it. In Singapore, where government trust is high, only around 20% of the population make use of the app. Success in the UK could be limited; even though there was a recent spike in government trust, it nonetheless remains historically low. As an opt-in system, individuals would need complete faith that what they are handing over is not only safe and secure but that it will remain so in the future and would not be used for any undisclosed purposes. Data privacy legislation will have to move quickly in order to keep pace with the ever-evolving environment, with adequate rules in place regarding data-sharing and use to protect individuals from any overstepping.

Ingraining Privacy and Security into Law

For any government to successfully launch an app tracking system, they will also have to be more vigilant than ever in protecting personal data from hackers or cybercriminals; even more so for the UK government, which is currently looking at a centralised model. With all data stored in one place, this would be extremely desirable for hackers. The government will need to invest in the right protective means to ensure data yielded is absolutely safe from unauthorised access – relying on citizens to opt-in without the promise of absolute data security means that users are unlikely to hand information over willingly.

The UK government’s centralised approach will be met with numerous legal hurdles and intense scrutiny thanks to concerns over privacy and security. Operating through a decentralised solution controlled by an independent national authority could minimise some of these concerns, help build citizen trust, and see more people support the technology.

We are at a tipping point in the age of surveillance. It is a very real possibility that soon governments will have large scale access to a massive amount of information on their citizens. How they strive to treat this data will define the future of the countries they govern. Legislation to protect citizens’ rights and data needs to keep pace with developments. Without sufficient protection, we run the risk of creating the conditions for a surveillance state. Combine this with a data storage system that could be vulnerable to hackers and you’ve got a perfect storm which could severely erode consumer privacy in the long term.