Many European telecommunications companies are sharing mobile location data with governments to follow people’s movements after coronavirus lockdowns, focusing on compliance with privacy rules by anonymizing the data.
Such agreements have cropped up in Germany, Austria, Spain, Belgium, the U.K. and other countries.
Outside Europe, South Korean health officials use mobile location data to track specific people known to be at risk or infected with coronavirus and publish details about their whereabouts online, without naming them. Israel’s intelligence agency is using cellphone data to locate individuals at risk of infection.
Germany’s Deutsche Telekom AG and Belgium’s Proximus SA are among the carriers that in recent weeks started sharing location data with national governments to help assess whether people are moving around or congregating. Most companies are tracking movements within one country.
Over the past month, Spain, France, Belgium and the U.K., among others, ordered citizens to stay home to slow virus infections. Italy has been under national lockdown since March 9.
The EU’s General Data Protection Regulation and the ePrivacy directive, a law that covers telecoms data, specify that companies need individuals’ permission to collect personal data. The companies and government officials analyzing data for coronavirus research say they comply with the laws because they use only anonymized data.
More From WSJ Pro Cybersecurity
Still, weak anonymization methods might allow data to be traced to an individual, said Bart Willemsen, a vice president analyst at research and advisory firm Gartner Inc. A company might consider encryption a form of anonymization, for example, but some cryptography could later be compromised, he said.
“Once we anonymize data, we do have the responsibility to assess risks of re-identification as long as the data exists,” he said. Companies should make sure data-sharing will be temporary and limited to the coronavirus crisis, he added.
The Robert Koch Institute, Germany’s main disease-control agency, started receiving data from a Deutsche Telekom subsidiary this month showing people’s travel between German counties, said Dirk Brockmann, a project leader in computational epidemiology at the institute.
The data is anonymized, a Deutsche Telekom spokesman said. Deutsche Telekom’s anonymization method doesn’t present threats to privacy, said a spokesman for Germany’s federal data-protection authority.
“It’s not Big Data,” Mr. Brockmann said. “I’m a very opinionated supporter of transparency in science and also of data security,” he said.
An initial assessment showed that mobility across Germany decreased by around 45% between March 3 and 24, Mr. Brockmann said.
Thierry Breton, the commissioner overseeing Europe’s technology policies, this week privately asked telecom operators in France, Italy, Spain, Germany and the Nordic region to share location data to help EU scientists study the virus’s spread, an EU official with knowledge of the discussions said. The companies agreed to provide data in the coming days and the European Commission, the bloc’s executive body, will be responsible for ensuring the process follows privacy laws, the official said.
“One of the biggest issues is to make sure the public is confident their data is used in a way that doesn’t needlessly infringe their rights,” said J. Scott Marcus, a senior fellow at Bruegel, a Brussels-based think tank.
In Belgium, which has been in lockdown since March 18, officials destroy data once they no longer need it, said Philippe De Backer, Belgium’s digital minister. He didn’t specify how long that might be.
The government consulted Belgium’s data-protection regulator and set up an ethics committee with scientific experts who audit how the data is used, he said.
Some countries are using apps to track individual coronavirus patients.
Poland launched a “home quarantine” app on March 19 that now has more than 12,000 users, a spokesman for the country’s digital ministry said. Citizens can use the app if they are required to self-quarantine because of a coronavirus diagnosis or if they recently traveled abroad, he said. App users must upload photos of themselves several times a day to prove they are staying home.
“We believe it guarantees more everyday privacy in contrast to everyday visits from police and direct calls,” the spokesman said.
Under EU privacy laws, companies must obtain consent to use any personal data such as a person’s photo, name or medical details.
Anonymized mobile location data showed that last Sunday, around 6% of Austrians traveled 10 kilometers (6 miles) or more, down from a daily average of around 38% before the virus outbreak, according to Michael Cik, co-founder of Invenium Data Insights GmbH. The company, which assesses mobility patterns, conducted the analysis with data from A1 Telekom Austria AG .
On average, 57% of Austrian residents stayed within a radius of less than one kilometer this week, up from about 27% before the country’s lockdown, Mr. Cik said.
Write to Catherine Stupp at [email protected]
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8