Approach for GDPR Compliant Detection of COVID-19 Infection Chains

TL;DR

This paper presents a privacy-preserving method using Bloom filters to detect COVID-19 infection chains while complying with GDPR, enabling authorities to identify potential infection links without compromising user location privacy.

Contribution

It introduces a novel Bloom filter-based approach that allows privacy-preserving detection of infection chains, aligning with GDPR requirements.

Findings

Enables privacy-preserving infection chain detection

Preserves user location privacy during analysis

Supports GDPR compliance in health data tracking

Abstract

While prospect of tracking mobile devices' users is widely discussed all over European countries to counteract COVID-19 propagation, we propose a Bloom filter based construction providing users' location privacy and preventing mass surveillance. We apply a solution based on Bloom filters data structure that allows a third party, a government agency, to perform some privacy-preserving set relations on a mobile telco's access logfile. By computing set relations, the government agency, given the knowledge of two identified persons, has an instrument that provides a (possible) infection chain from the initial to the final infected user no matter at which location on a worldwide scale they are. The benefit of our approach is that intermediate possible infected users can be identified and subsequently contacted by the agency. With such approach, we state that solely identities of possible infected users will be revealed and location privacy of others will be preserved. To this extent, it meets General Data Protection Regulation (GDPR)requirements in this area.