Approach for GDPR Compliant Detection of COVID-19 Infection Chains
This addresses privacy concerns in contact tracing for public health, offering a specific solution for European compliance, though it appears incremental as it builds on existing Bloom filter techniques.
The paper tackles the problem of tracking COVID-19 infection chains while preserving user privacy, proposing a Bloom filter-based method that allows government agencies to identify possible infected users without revealing location data, thereby meeting GDPR requirements.
While prospect of tracking mobile devices' users is widely discussed all over European countries to counteract COVID-19 propagation, we propose a Bloom filter based construction providing users' location privacy and preventing mass surveillance. We apply a solution based on Bloom filters data structure that allows a third party, a government agency, to perform some privacy-preserving set relations on a mobile telco's access logfile. By computing set relations, the government agency, given the knowledge of two identified persons, has an instrument that provides a (possible) infection chain from the initial to the final infected user no matter at which location on a worldwide scale they are. The benefit of our approach is that intermediate possible infected users can be identified and subsequently contacted by the agency. With such approach, we state that solely identities of possible infected users will be revealed and location privacy of others will be preserved. To this extent, it meets General Data Protection Regulation (GDPR)requirements in this area.