- Use humans to interview index cases and do backtracking
- Full identification of index cases and contacts
- Central storage of data gathered
- Possibility to combine with other data sources to corroborate information from index case
- Direct link with test result source
- Invokes the legislation on tracking of infectious diseases, warranting extensive and detection techniques
||Supporting healthcare provisioning
||Informing Policy Making and monitoring effectiveness
||Optimising resource allocation
||All transmission routes
Requirements coverage - effectiveness
|Accuracy of information
- False negatives due to reliance on the index case remembering and knowing the contacts and the specifics of the encounter and the lack of skills of the contact tracer
- False positives can be mitigated by skilled contact tracers and gathering of information about the context and intensity of the contact
|Speed of the process
- Elapsed time of days between confirmed infection and identification of contacts
- Elapsed time might increase with spike in contagion without proportionate scaling of the contact tracing staff
|Adaptability of the solution
Insights in transmission routes
- Person-to-person, environmental
- All transmission routes can be covered (unclear how environmental transmission is detected though)
|Support of isolation and quarantining
- Possible, as the index cases and potentially infected contacts are identified.
- Possible through analysis of the data gathered
Efficient use of resources
- Contact tracers
- Possible on triage and testing
- As a method for contact tracing, this is very resource-intensive
- Direct interoperability with test results
- Regional interoperability: probable
- International interoperability: unclear
- Epidemiological surveillance: probable
- Depending on the privacy preservation approach and possible mitigating measures like healthcare provisioning
|Adoption and population coverage
- Reach is not relevant
- Scale is problematic. With exponential character of contagion if R0>1, staffing up will not be possible
|Feasibility and elapsed time (Experience, Initial TTM, Scaling)
- Experience at this scale does not exist in Belgium
- Staffing and information system provisioning is ongoing.
- Scaling is problematic. With exponential character of contagion if R0>1, staffing up will be challenging
|Technical dependability of the solution
- System depends on the memory of the index cases, on their availability, on their contact availability, on the working hours of contact tracers, on the skills of the contact tracers
- Although this system is ‘tried-and-true’ it has never been applied at the current scale.
Requirements coverage - Privacy and Security
- Although the initial plans were rejected by the Data Protection Authority, it is to be expected that an adapted version will be green-lighted and therefore must be GDPR compliant.
- Assumption is that the processing will be based on the legal ground ‘public interest (art. 6, 1, e GDPR) and shall be laid down in a Belgian legislative framework
- Personal data about index case (identity, whereabouts, contacts, health status) is gathered with collaboration of the data subject
- Personal data about interpersonal contacts (identity, partial whereabouts, partial contacts) is gathered without consent. This raises questions whether this is proportionate to the intended purpose.
- Only data of infected and potentially infected subjects are stored.
- Adhere to the joint civil society statement: “States use of digital surveillance technologies to fight pandemic must respect human rights” (see Joint Civil Society Statement)
- Solution is temporary
- Purposes are limited to responding to the pandemic and phasing out the restrictive measures
- Principle of least privilege
- The way back to normality is known
- Full Transparency (code, data, algorithms)
- Granular user consent, regardless of the legal base
- No mandatory use by citizens
- No access to data except for public health authorities, subject to consent
- Strictly limited retention period
- No support for law and policy enforcement
- No commercial exploitation
Applicability and details unclear.
Due to the cost and low scalability, the risk of repurposing the method is low. Data repurposing is not impossible.
Zero-Trust model specific requirements
- No trust must be expected from any party besides the developer
- The solution must only transfer and centralise truly anonymous data
- The anonymous nature of the data must be transparent and under scrutiny
- The remaining surface attack must be secured
- Transparency and scrutiny on the security measures
Trust-based specific requirements
- Proper governance and oversight on the Trusted Party to strictly limit the processing to the stated purpose
- Vetting of the personnel having access to the data
- Applying the Principle of Least Privilege among the personnel of the data processor
- Code of conduct for the personnel, actively enforced
- Strict application of encryption in transit and at rest until the latest possible moment before processing
- Reducing the attack surface to a minimum and securing it
- Systematically distrusting any party not under direct control of the Trusted Party (like infrastructure providers)
- Transparency and scrutiny on the security measures
- Pseudonymisation without storage of re-personalisation data
- Shortest possible retention period, preferably rolling
- Applying data minimisation, limit the data centralised
The decision to perform manual contact tracing:
- Time-to-market relative to building a consensus on a technology-based solution and implementing it.
- Insights in transmission routes.
- Interoperability with other actors.
- Speed of the process
- Accuracy, as it depends on the index case remembering and knowing their contacts.
The decision to store data centrally:
- Access to data
- Protection against repurposing (although repurposing would come at a probably prohibitory high operational cost)
Discussion and open topics
Discussion, including ethical considerations
- From an effectiveness perspective, this is the only method that has a track record in fighting epidemics.
- It has however never been applied at this scale in Belgium.
- It should have a relatively short time-to-market.
- The speed might not be up-to-par with the speed of the contagion.
- Notwithstanding the lack of clarity surrounding the data capture and protection, this method is regarded as the default option and it can be used as the benefit/harm yardstick for systems trying to improve the balance.
The organisation of oversight is unclear
Lack of transparency on the security aspects, data stored, access to data, combination with other sources, retention periods, …
No open sourcing of the systems involved
The effect of this on the citizens and public (stigmatization, …)