Contact tracing solutions for COVID-19: applications, data privacy and security

Abstract


 
 
 Since the beginning of 2020, COVID-19 has had a strong impact on the health of the world population. The mostly used approach to stop the epidemic is the application of controls of a classic epidemic such as case isolation, contact monitoring, and quarantine, as well as physical distancing and hygienic measures. Tracing the contacts of infected people is one of the main strategies for controlling the pandemic. Manual contact tracing is a slow, error-prone (by omission or forgotten) process, and vulnerable in terms of security and privacy. Furthermore, it needs to be carried out by specially trained personnel and it is not effective in identifying contacts with strangers (for example in public transport, supermarkets, etc). Given the high rates of contagion, which makes difficult an effective manual contact tracing, multiple initiatives arose for developing digital proximity tracing technologies. In this paper, we discuss in depth the security and personal data protection requirements that these technologies must satisfy, and we present an exhaustive and detailed list of the various applications that have been deployed globally, as well as the underlying infrastructure models and technologies they used. In particular, we identify potential threats that could undermine the satisfaction of the analyzed requirements, violating hegemonic personal data protection regulations.