how Covid-19 tracing will work
- The South African government is setting up a Covid-19 database to track anyone who may be carrying the SARS-CoV-2 virus, or anyone who has had contact with a carrier.
- The health department now has the power to demand location data from cellphone companies, going back to 5 March, for that database.
- People tracked will not be notified, but a judge will get a list of those whose movements are traced, after the fact.
- The database is supposed to be de-identified six weeks after the Covid-19 disaster is declared over.
- For more stories go to www.BusinessInsider.co.za.
As of Thursday the South African government can trace the movements of any South African cellphone user back as far as 5 March, in order to fight Covid-19.
That movement data will go into a special database to identify anyone who may have had physical contact with a person known to be carrying the SARS-Cov-2 virus, for possible testing and quarantine.
Users whose locations are traced need not be notified, but a judge will be given a list of the people affected – after the fact – in order to make recommendations about privacy protections.
The database is due to be de-identified, leaving only general data for future study, six weeks after South Africa’s national state of disaster around Covid-19 is declared over.
The government has made clear its intention to use cellphone tracking since 25 March, when it said cellphone operators had agreed to hand over such data.
But South Africa’s cellphone operators said they had not made any such agreement – because it would have been illegal.
“We cannot provide personal information or information that identifies a specific individual without a Section 205 subpoena. We can assist governments with high-level aggregated data that can be critical during this global health crisis with due regard to the privacy of our customers,” Vodacom told Business Insider South Africa.
MTN did not answer questions, but Cell C also said it had not been asked to track its users.
“The data information request doesn’t include personal data or information that identifies any specific individual,” Cell C told Business Insider.
But under new regulations gazetted on Thursday by the department of cooperative governance and traditional affairs (which is in overall charge of disaster regulations), cellphone companies are required to hand over exactly that kind of individual data.
Under the rules, which are in force immediately, the director-general of the health department can direct any licensed electronic communications company to provide information on “the location or movements of any person known or reasonably suspected to have contracted Covid-19” as well as “any person known or reasonably suspected to have come into contact, during the period 5 March 2020 to the date on which the national state of disaster has lapsed or has been terminated” with someone thought to have the condition.
That data is supposed to be kept in a tightly controlled Covid-19 database.
Six weeks after the state of disaster ends, individual data must be destroyed and the database must be de-identified, the regulations say, thought that de-personalised information can be “retained and used only for research, study and teaching purposes”.
There will be no oversight of the process as the data is requested and collected, but a designated retired judge is supposed to receive weekly reports including the names and details of everyone traced.
That judge may then make recommendations “as he or she deems fit regarding the amendment or enforcement of this regulation in order to safeguard the right to privacy while ensuring the ability of the Department of Health to engage in urgent and effective contact tracing to address, prevent and combat the spread of Covid-19.”
Receive a daily update on your cellphone with all our latest news: click here.
Also from Business Insider South Africa: