Skip to main content
SearchLoginLogin or Signup

COVID-19 Contact Tracing Privacy Principles

This document represents our model privacy principles for digital contact tracing applications and services that leverage personal individual location and proximity data to combat COVID-19. We invite feedback and contributions to this ongoing effort.

Published onApr 06, 2020
COVID-19 Contact Tracing Privacy Principles

Use this Google Form to offer additions and corrections to this working draft contact tracing privacy principles or to offer other contributions to the upcoming Special Release on COVID-19 Legal Frameworks.

This working draft document is for rapid input in support of an upcoming Special Release on COVID-19 Legal Frameworks to be published as part of the MIT Computational Law Report at An editorial and research tiger team are actively collecting and curating privacy principles for COVID-19 contact tracing applications and services that leverage personal individual location and proximity data.

Please note, we have also included materials from other groups on contact tracing privacy principles, potentially to synthesize into an overall set of principles. Working Draft: Contact Tracing Privacy Principles

Version 0.2 - April 30, 2020


Contact tracing apps must comply with all applicable laws, rules and regulations. Any data collection and use must have a lawful basis.

A user must provide informed consent as a prerequisite for installation and use of a contact tracing app. A user should be able to give their consent to each functionality of an app separately, such as collection of proximity data, location data, sharing data or other key separate functions.

Identity Control

Users make the determination to release redacted, disconnected, and/or aggregated space-time points from location data, or obfuscated identifiers from e.g.,Bluetooth.

Space-time points should be deleted after they are no longer actively needed, estimated at between 21 and 28 days.

No information about an at-risk user should be required other than that which is essential, based on epidemiological standards, for alerting others to potential exposure.

Aggregate data may be maintained for public research purposes. Precautions should be taken to ensure that shared aggregate data may not be re-identified downstream.

Users must be able to view and have a copy of the data collected about them and also to verify and contest its accuracy. This access must be inexpensive and timely in order to be useful to the user.


Users should be given notice of an organization’s information practices before any personal information is collected from them. Organizations should explicitly describe the following:

  • identification of the entity collecting the data;

  • identification of the uses to which the data will be put;

  • identification of any potential recipients of the data;

  • the nature of the data collected and the means by which it is collected;

  • whether the provision of the requested data is voluntary or required;

  • the steps taken by the data collector to ensure the confidentiality, integrity, and quality of the data.

Contact tracing apps should use open source code and publicly vetted cryptographic algorithms. Contact tracing apps should use an openly published protocol to ensure that their solution is verifiable and interoperable. For example, DP^3TPACTthe TCN Protocol, and Apple/Google COVID-19 contact tracing technology.


In order to ensure that organizations adhere to contact tracing privacy principles, there must be enforcement measures, such as: Self-regulation by the information collectors or an appointed regulatory body; Private remedies that give civil causes of action for individuals whose information has been misused to sue violators; and Government enforcement that can include civil and criminal penalties levied by the government.

Relevant stakeholders should be fully involved and consulted in the development and deployment of a contact tracing app, including data protection authorities, the privacy and security community, human rights and civil liberties organizations, government agencies, technology community, and public health professionals, including epidemiologists.


The potential risk that private information may be exposed or misused as a result of a contact tracing system must be proportional to the public health benefits of that system for combating the epidemic.

The analysis of proportionality should take into account the efficacy of the contact tracing app at reducing the incidence of new cases and factors including but not limited to scope and purpose of the contact tracing app, type(s) of data collected, collection processes, sharing, retention, and deletion of data.

Other Pillars

This document addresses privacy principles as a key pillar supporting successful contact tracing systems, however this is not the only pillar. The following are other pillars that are related to privacy but discernible from and beyond the scope of privacy principles.


Use of contact tracing apps should be voluntary and not mandatory or compelled.

Trustworthy Criteria of Aggregate Data Holders

Data may be aggregated so that it may not allow for the identification of individuals. Aggregate data should be processed with privacy-protecting techniques such as differential privacy. The methodologies and techniques should be available for public review. Aggregate data may be maintained for public research purposes. Precautions should be taken to ensure that shared aggregate data may not be re-identified downstream.

In a system that includes an aggregate data holder, the capabilities, duties and motivations of such entity must be appropriate to its responsibility to safeguard the rights of people whose data it holds. Ideally, such entity would hold fiduciary obligations to the people whose data it holds, but other combinations of requirements, constraints, incentives and counter-incentives can perform the same function.


Information collectors should ensure that the data they collect is accurate and secure. They can improve the integrity of data by cross-referencing it with only reputable databases and by providing access for the consumer to verify it. Information collectors can keep their data secure by protecting against both internal and external security threats. They can limit access within their company to only necessary employees to protect against internal threats, and they can use encryption and other computer-based security systems to stop outside threats.


The basic prerequisite is that “contact tracing” can realistically help to significantly and demonstrably reduce the number of infections. The validation of this assessment is the responsibility of epidemiology. If it turns out that “contact tracing” via app is not useful or does not fulfill the purpose, the experiment must be terminated. The application and any data collected must be used exclusively to combat SARS-CoV-2 infection chains. Any other use must be technically prevented as far as possible and legally prohibited.

The effectiveness at combating the SARS-CoV-2 infection should be established based on objective, measurable criteria and professional assessment or evaluation practices, such as auditing and testing regimes.


Contact Tracing apps must be fully accessible and based on the latest W3C/WAI standards.


Contact Tracing apps shall be developed in collaboration with the privacy and security community, human rights and civil liberties organizations, government agencies, technology community, and public health professionals, including epidemiologists.


[Drafting commentary for each principle is currently in progress and will be released as part of Version 0.3 of these Privacy Principles]

Privacy Adherence Assessment

[The Privacy Adherence Assessment is currently in progress and will be released as Version 0.4 of these Privacy Principles]


Contact Tracing Privacy Principles: Clause-level Overview

Background Materials

Co-Epi: Contact Tracing Bill of Rights

Evaluating COVID-19 contact tracing apps? Here are 8 privacy questions we think you should ask

10 requirements for the evaluation of “Contact Tracing” apps

Data Rights for Digital Contact Tracing and Alerting · Overview

Data Rights for Exposure Notification - Overview

EU Guidance for Contact Tracing Apps

ACLU White Paper: The Limits of Location Tracking in an Epidemic

EFF: The Challenge of Proximity Apps For COVID-19 Contact Tracing

Data Protection in Telemedicine

Use this Google Form to offer additions and corrections to this page or other contributions to the upcoming Special Release.

Tarun Nagar:

Developing mobile applications for COVID-19 contact tracing involves adhering to key privacy principles to ensure users' trust and compliance with data protection laws. Firstly, transparency is crucial; users should be fully informed about how their data will be collected, used, and shared. This includes clear communication about the purpose of data collection and the entities involved in processing the data. Secondly, data minimization should be practiced, meaning only the necessary data for effective contact tracing should be collected.

AI solutions are revolutionizing healthcare by enhancing the accuracy, efficiency, and accessibility of medical services. One of the key benefits is in diagnostic accuracy. AI algorithms, particularly those involving machine learning, can analyze vast amounts of medical data, such as imaging scans and patient histories, to identify patterns and diagnose conditions with a high degree of accuracy.

Isabella Borjas:

Looking to bolster your web development team? Look no further. Hire ASP.Net developers bring unparalleled expertise to your projects. From dynamic web applications to robust e-commerce platforms, their proficiency ensures seamless integration and top-notch performance. Elevate your digital presence today with our skilled ASP.Net developers at the helm.

JPLoft Solutions:

This Blog explains so amazing, If You are looking for an AI-Blockchain Driven Web & App Development Company, then visit us

Addweb Solution:

Software & Hi-Tech are reshaping our world at an unprecedented pace. From AI to blockchain, innovation knows no bounds. Embracing these advancements ensures we stay competitive and adaptable. Let's keep pushing boundaries and driving progress in this dynamic realm of technology.

Addweb Solution:

The COVID-19 contact tracing privacy principles provide essential guidance for healthcare software development teams tasked with creating contact tracing solutions. By prioritizing transparency, voluntary participation, data minimization, and security safeguards, developers can ensure that their applications adhere to ethical and privacy standards. Upholding these principles is crucial for building public trust in healthcare software and encouraging widespread adoption, ultimately maximizing the effectiveness of contact tracing efforts in combating the pandemic while safeguarding individuals' privacy rights.

Rohan Singh:

Thanks for sharing this informative post. If you're seeking healthcare app development company visit us now.

Christian Telar:

I personally cannot stop myself from admiring this post. BTW, incase you are looking for a site to read blogs, check out mine.

Sanjay Singh:

Thank you for the information! Great post. If you are in search of Sports Betting Software Providers.

Naveen Khanna:

Thank you for sharing this information!. If you are looking for Custom Healthcare Software Development, consider visiting us.

Daniel Smith:

Thank you for sharing this amazing post. If you are looking to hire entertainment app developers, consider vising us.

shruti singh:

It was a nice post, Get one of the best AWS classes in Pune from SevenMentor.

Andersen Lab:

Great post. Thanks for sharing it! Besides, Andersen media is a game development studio that creates innovative and exciting new entertainment software. Andersen media work hard to push the boundaries of what is possible in games, and our goal is to create experiences that are both entertaining and thought-provoking. Andersen media’s team is dedicated to crafting unique and memorable gaming experiences for all players.

shruti singh:

Nice post, if anyone interested in learning CCNA then get in touch with SevenMentor, it is one of the best training provider in India taking the level of education one step ahead. They have marked their monopoly in the region and considered as the best training provider in Pune.
It also provides CCNA course in Pimpri Chinchwad, teaching students all the modern concepts related to it, from beginners level to advanced level.

Mahima Mantri:

Great post. Thanks for sharing. Attend The Best Tableau Course in Pune From Sevenmentor. Practical Tableau Training Sessions With Assured Placement Support From Experienced Faculty.