Cover: Data Privacy During Pandemics

Data Privacy During Pandemics

A Scorecard Approach for Evaluating the Privacy Implications of COVID-19 Mobile Phone Surveillance Programs

Published Jul 30, 2020

by Benjamin Boudreaux, Matthew A. DeNardo, Sarah W. Denton, Ricardo Sanchez, Katie Feistel, Hardika Dayalani


Download eBook for Free

FormatFile SizeNotes
PDF file 2.5 MB Best for desktop computers.

Use Adobe Acrobat Reader version 10 or higher for the best experience.

ePub file 13.3 MB Best for mobile devices.

On desktop computers and some mobile devices, you may need to download an eBook reader to view ePub files. Calibre is an example of a free and open source e-book library management application.

mobi file 32.6 MB Best for Kindle 1-3.

On desktop computers and some mobile devices, you may need to download an eBook reader to view mobi files. Amazon Kindle is the most popular reader for mobi files.


Purchase Print Copy

 Format Price
Add to Cart Paperback164 pages $49.00

Research Questions

  1. How have governments worldwide used mobile phone surveillance programs in response to the COVID-19 pandemic?
  2. What are the potential short-term privacy implications of these programs during the COVID 19 pandemic, and what are the potential long-term changes to health surveillance norms for which the technological infrastructure is being built and exercised?
  3. How can the privacy implications of these programs be evaluated and presented in a concise, standardized, and transparent manner?
  4. How can U.S. federal, state, and local officials use public health mobile phone surveillance programs in ways that protect privacy?

Public health officials around the world are struggling to respond to the coronavirus disease 2019 (COVID-19) pandemic. To contain the highly infectious disease, governments have turned to mobile phone surveillance programs to augment traditional public health interventions. These programs have been designed to track COVID-19 symptoms, map population movement, trace the contacts of infected persons, enforce quarantine orders, and authorize movement through health passes. Although these programs enable more-robust public health interventions, they also raise concerns that the privacy and civil liberties of users will be violated.

In this report, the authors evaluate the short- and long-term privacy harms associated with the use of these programs—including political, economic, and social harms. They consider whether two potentially competing goals can be achieved concurrently: (1) the use of mobile phones as public health surveillance tools to help manage COVID 19 and future public health crises, and (2) the protection of privacy and civil liberties.

To evaluate the privacy implications of COVID-19 mobile surveillance programs, the authors create a concise, transparent, and standardized privacy scorecard. They use this scorecard approach to evaluate 40 mobile phone surveillance programs from around the world. The results indicate that the privacy implications vary considerably across programs, even within programs designed to accomplish similar public health goals. The authors offer recommendations to U.S. federal, state, and local officials to implement COVID-19 surveillance programs that better protect privacy, especially that of vulnerable and marginalized communities.

Key Findings

  • Governments worldwide have leveraged mobile phone surveillance to augment traditional public health interventions in response to COVID-19. These programs track COVID-19 symptoms, map population movement, trace contacts of infected persons, enforce quarantine orders, and authorize movement through health passes.
  • There is concern that, after the current public health crisis subsides, governments will be reluctant to relinquish the mobile phone surveillance programs that were deployed to respond to the COVID-19 pandemic, which could contribute to "surveillance creep."
  • There are privacy-related effects of these programs, including discrimination and abuse by governments, employers, insurance companies, and others; criminal fraud and identity theft; and social and reputational harms.
  • There are risks to vulnerable communities of both under-inclusion in health-enhancing mobile phone public health interventions, and over-inclusion in privacy-infringing programs.
  • The threat to privacy can negatively affect government accountability and public trust.
  • There is a need for a concise, standardized, and transparent privacy scorecard to evaluate and present the privacy implications of mobile surveillance programs.
  • The three privacy criteria with the most "not satisfied" scores across all categories of programs are (1) whether the program is open source, (2) whether the program has a sunset clause, and (3) whether there is a firewall against law enforcement access to the data.
  • Through the use of the scorecard, the research team found that there is considerable variance of the privacy implications across programs, even when those programs are designed to achieve similar goals.


  • The federal government could support state and local agencies' efforts to implement mobile phone surveillance programs by creating a registry of programs that includes scorecard-based information about privacy protections. Agencies could use this repository of information to support the selection of programs for use in their respective jurisdictions and to coordinate approaches.
  • The federal government can play a strong role in coordinating stakeholders across technology, public health, and privacy communities to ensure that the deployed programs serve the stated public health goals and incorporate strong privacy protections, including those identified in the privacy scorecard.
  • To further ensure that mobile phone surveillance programs have a narrow scope focused on public health goals, the federal government should clarify the authority under which federal agencies can use the collected data.
  • To clarify expectations for the tool, its developers, and its end-users, states should implement a scorecard-based approach to evaluating the privacy protections included in mobile phone–based public health surveillance programs. Although some trade-offs between usability and effectiveness might be unavoidable, many of the programs can address the desired public health objectives while still satisfying the privacy criteria.
  • In developing their strategies, state and local governments should consult with community stakeholders to ensure that programs are meeting local needs while also being sensitive to privacy and equity risks. It will be particularly important that those disproportionately affected by COVID-19 and those historically subject to extensive government surveillance have a central seat at the table in these consultations.

Research conducted by

Funding for this research was provided by gifts from RAND supporters and income from operations. The research was conducted by RAND Project AIR FORCE.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.