24th August 2020
Applying privacy by design to contact tracing apps helps protect users in uncertain times.
From big data to social media, the value of information has grown exponentially in the last two decades. It follows that the need to manage this information responsibly has become more important than ever, giving rise to a number of new challenges.
As a design framework, Privacy By Design aims to address those challenges as well as legacy concerns with a set of human-centric principles that ensure privacy is not an afterthought. Rather, it becomes a central consideration that actually guides effective design.
Building in privacy protection
The need to protect personal information is intensified by a range of factors, from a growing commercial focus on innovation and competition in global markets to the changing face of national politics and the increasing complexity of technology systems.
In fact, the concept of privacy itself has evolved over recent years. Once seen as a legal compliance requirement, privacy is now recognised as a key market factor. But more than that, it is a critical enabler of trust in societies that are hungry for the conveniences that modern technology provides.
Initially developed by Dr. Ann Cavoukian, the former Information and Privacy Commissioner for Ontario, Canada, the privacy by design framework offers an approach to software engineering that requires privacy be considered throughout the whole development process.
We’ve spoken before about how the role of design in guiding the future of business has never been more relevant. Privacy has become just as, if not more, important and must be approached from a similar perspective. In fact, it must become a central player in each of an organisation’s priorities, objectives, processes and operations.
Prioritising privacy in contact tracing
Now the gold standard in application development and systems engineering, privacy by design is guided by seven foundational principles:
- Proactive not reactive; preventive, not remedial
- Privacy as the default
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency — keep it open
- Respect for user privacy — keep it user-centric
While these principles and the privacy by design approach play into every project we do at NearForm, never were they so essential on such a massive scale as when we designed and built our first contact tracing app, COVID Tracker Ireland.
Led by the Irish Health Service Executive (HSE) and Department of Health, the contact tracing app project was unique in that the goal was to get as many people as possible across every demographic to use the app. To that end, the broader project team also included the Office of the Government Chief Information Officer (OGCIO), the Behavioural Research Unit within ESRI, the Central Statistics Office, data protection officials, An Garda Síochána, the Irish Army, Science Foundation Ireland and more.
From the moment the extensive, diverse team of organisations involved in the tracker app came together, the issue of privacy was front and centre. Not only did the app have to guarantee users’ privacy to the highest degree possible, but it also had to win the trust of a nation in order to ensure people would use it.
Following privacy by design principles, the team ensured each step of the user journey was clear, transparent, unintrusive and easy to understand. People who download the app first see a transparent summary of the intention of the app, they are asked for their consent to proceed.
At each step, users select whether they want to give consent to store or to share data. And critically, we made it possible to use the basic functionality of the app without sharing any personal data at all.
Throughout the user journey, people have a clear and fair way to opt-in or out of the service at any time. If they choose to opt-out, they are given the ability to erase all app data from the device.
Testing and testing again
Intensive, repetitive testing is crucial when it comes to privacy, and was a core element of the entire development process for this app. Because of the close collaboration among everyone involved, we were able to test the contact tracing app continually across multiple cohorts throughout both the design stage and app development.
Initial testing done in-house involved an InVision prototype and 30 colleagues. The broader contact tracing app team partnered with quality assurance firm Expleo to take the testing to the next level, allowing us to successfully catch and solve any outstanding issues. Working with the HSE and Economic and Social Research Institute (ESRI) for user research data, we were able to widen the design testing pool to more than 800 participants. The team also worked closely with An Garda Síochána across multiple rounds of app testing, particularly in the final stages before launch.
This testing directly informed the messaging used throughout the app and, crucially, helped answer some key questions:
- How should the purpose of the app be framed to increase uptake and use?
- Does the level of detail provided on privacy and data use affect comprehension, trust or willingness to give consent?
- Can changing the feedback provided on the “Updates” tab promote app use?
Repetitive testing and professional collaboration allowed us to ensure that every possibility, every angle and every concern around privacy was addressed in the final app. We were confident that we had left no stone unturned and no question unanswered.
Continuing to build success
Putting privacy at the heart of the process from day one set up the COVID Tracker project to be a success. And the outstanding adoption rates and download figures are a testament to that process, including extensive testing and deep collaboration with every organisation involved.
All that work, learning and testing is still having a positive impact on the global fight against the spread of COVID-19, as the same basic solution is being adopted by multiple governments around the world. In July, the Irish government open-sourced the app and donated it, as COVID Green, to the Linux Foundation in the hope that even more people will have access to this important tool — without needing to worry about their privacy.