Projects using personal data to combat SARS-CoV-2

From GDPRhub

This page is meant to collect different approaches by government and private projects to use personal data to combat SARS-CoV-2.

It does not include mere information apps on the corona virus.

→ Please feel free to add any missing information in the overview chart, or in further detail on the page below!

Contents

(Mainly) Decentralized contact tracing apps or frameworks[edit | edit source]

The idea of locally installed contract tracing apps, is to alert previously exposed persons once a person is corona positive or has specific symtomps. The exposed person can then self-contain or get tested before spreading the virus further. The spread of the virus is then limited or stopped.

Two approaches seem to exist: (A) Geo-Tracking via GPS, where the system tries to identify if the paths of two people was crossing and (B) peer-to-peer connections (Bluetooth and ultrasound) between two phones to identify each other. While the GPS based system seems to be less accurate (especially indoors) and requires an exchange of more data (. The details of the technical exchanges between the apps and a centralized infrastructure is slightly different in each approach.

We made a list of apps below, but there are also these lists:

Pan-European: Framework for Contact Tracing (PEPP-PT)[edit | edit source]

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) was created to assist national initiatives by supplying ready-to-use, well-tested, and properly assessed mechanisms and standards, as well as support for interoperability, outreach, and operation when needed.

Source: Website

Pan-European: Decentralized Privacy-Preserving Proximity Tracing (DP-3T)[edit | edit source]

"This repository contains a proposal for a secure and privacy-preserving decentralized privacy-preserving proximity tracing system. Its goal is to simplify and accelerate the process of identifying people who have been in contact with an infected person, thus providing a technological foundation to help slow the spread of the SARS-CoV-2 virus. The system aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection."

The team working on the project includes persons from EPFL, ETH Zurich, KU Leuven, TU Delft, University College London, CISPA, University of Oxford and TU Berlin / Fraunhofer HHI.

Source: Github

Pan-European: COCOVID[edit | edit source]

COCOVID is being developed as a common effort of several European companies and institutions. Both the Mobile Application, Big Data technology and Artificial Intelligent of COCOVID will be available to any government. Special synchronization mechanisms ensure the interoperability of the implementations. .The COCOVID app is Open Source. The core of the solution is based on a highly scalable solution that is already used by several of largest financial institutions in Europe and worldwide. The solution will allow linage of data, data governance and all data usage will be auditable. COCOVID can be deployed in any data center that the government decides to assign, as long as it meets the required security levels. COCOVID will support the coordination of tests at the medical institutions, allowing users with a high infection risk to book a test slot directly from the app. This will reduce the effort and increase the efficiency of the medical test processes. COCOVID will use both location and Bluetooth contact data allowing the highest level of effectiveness a digital solution can offer. Bluetooth-only proximity apps do not use location data but are only technically able to trace less than 75% of all mobile devices. Furthermore, users often switch off Bluetooth on their devices and these apps do not allow the tracing of indirect contact with surfaces in the immediate environment or with objects used on the infected person, both relevant modes of transmissions reported by the WHO. In addition, the solution was designed in full compliance of the EU data privacy recommendations:

- No personal data will be processed. Only anonymous identifiers generated by the device will be used.

- The data will be decentralized stored on the mobile devices.

- The data is stored only for 30 days and only be used for this purpose with the explicit consent of the user.

- COCOVID will offer each user the choice between a Bluetooth-only risk assessment (COCOVID blue) and a more effective combined location and Bluetooth (COCOVID white)

assessment.

- The solution will always use the minimal amount of data required to obtain the best possible result. Detail location data from individuals will only be requested for risk

cases and will not be stored.

- Personal data will not be shared with any third party. In particular, the list of IDs of infected users will be handled with extreme care and will not be communicated to any user. Thanks to the fully auditable matching component, the matching of IDs of infected persons with the app requests is performed independently from any centralised government data. The matching component answers app requests without storing them, thus avoiding centralised storage of user data, as well as publishing patient data.

- Cybersecurity tests by independent test authorities will certify the security standards.

The team working on the project includes persons from Orange, Ericsson, Proventa AG, Stratio, TH Köln and Charta digitale Vernetzung.

Source: Website

Pan-European: EIT Digital initiative on Anonymous COVID-19 contact tracing using physical tokens[edit | edit source]

European open innovation organisation EIT Digital suggest investigating the option of contact tracing with the use of physical tokens as alternative to smartphone apps and their potential drawbacks. Such system could avoid several of the key obstacles that smartphone apps face regarding security, privacy and technology. A system using physical tokens is easy to use, secure, anonymous, and can use standard technology avoiding lock-in. Therefore, researchers, innovators, entrepreneurs, industry players and policymakers are invited to contribute to the option of an anonymous COVID-19 contact tracing system using physical tokens.

Source: Website

Global: TCN Coalition[edit | edit source]

"Over the course of the past few weeks, the global community of technologists, privacy experts, and epidemiologists has worked tirelessly towards a secure, privacy-first, GDPR-compliant, and open-source approach to enable globally compatible digital contact tracing. Our first and foremost goal is to get secure tracing apps running on billions of users’ devices globally — fast. The TCN Coalition’s easy-to-implement privacy-first protocol, agreed upon and reviewed by dozens of experts, is open-source, extensible, free of charge, and available for implementation immediately. TCN — the core of the protocol — stands for temporary contact number."

Source: Website Github TCN Protocol

Global: Joint Apple & Google effort for Privacy-Preserving Contact Tracing[edit | edit source]

"Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design." "First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores. [...] Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms." The companies state that privacy, transparency, and consent will be carefully respected and information will be openly published for others to analyze.

Source: Website Press Release


Netherlands: PrivateTracer[edit | edit source]

"Privacy by design has to be a core principle in contact tracing, putting citizens in control of the data that is generated as society comes together to slow the spread of the virus. The project is fully open source, to enable a wide range of contributions and to rapidly grow the supporting ecosystem. The system design has as its goal that even if the server is fully compromised that the privacy of citizens is protected i.e. privacy by design, not relying on trust in a secure server."

The team working on the project includes persons from Milvum, YES!Delft, Odyssey & The Hague city.

Source: Gitlab, Website

Austria: "Stopp Corona" app (Red Cross)[edit | edit source]

The Austrian Red Cross (Österreichisches Rotes Kreuz) published a mobile phone app, which allows users to track each other after performing a "digital handshake". If an app-user is confirmed to be infected with the Corona-Virus, other app users that have been in contact with the afflicted app user are informed via the app.

Each app user is assigned an ID and feeds the app with the IDs of persons he or she has been in contact with, which is done via an ultrasound audio transmission between the devices and Bluetooth. The app-user is notified later, if one of his recent contacts has been infected, without disclosing the ID of the infected person. These IDs are retained for a period of only 48 hours.

However, this set-up still gives rise to doubts that the data are truly anonymised for all parties involved:

  • The privacy policy clarifies that the app uses pseudonyms for tracking purposes.
  • In cases where the app user has only been in contact with a small amount of people, it might be very easy for him or her to identify the infected person by taking notes on whom he/she has entered into the app. As the data are stored for only 48 hours it is also possible for the app users to simply remember their encounters. Thus, the data might me anonymised for the Red Cross, but not for the app users themselves (the app is said to collect no data of the mobile phone user).

Source: Austrian Red Cross English Information Page

Austria: NOVID20 (Private)[edit | edit source]

While the app was presented on Austrian TV as a "contract tracing" app, based on Bluetooth, the webpage of the project explains the app as follows:

"NOVID20 is a non-profit association of over 80 digital-experts, software developers and data-protection lawyers. Several renowned software companies, universities, dataprotection firms and cyber security companies are actively involved in NOVID20.

Our solution is based on a smartphone app that can determine social interactions and their duration. Interactions that have a certain intensity in terms of time and proximity are stored locally by both apps in an encrypted form. If someone tests positive for a contagious disease like COVID-19, people who may have had contact with the infected person within the last few days will receive a warning with instructions to move into quarantine and contact the local governmental authority."

Source: https://novid20.org/

Finland: Ketju project (Private & Public)[edit | edit source]

Ketju (Finnish for "Chain") is a private & public collaboration project which is evaluating the German/European contact tracing protocol as well as the Singapore model. The project has a well resourced team from company consortium involving Reaktor and Futurice among others and Business Finland is in supporting role. The National Cyber Security Center is involved in assessing the security of the German code base. At the moment (April 5th) there is no official decision to roll out contact tracing app.

FSFE member Timo Lindfors and others have been interviewed by YLE on the feasibility of a decentralised contact tracing system to respect privacy.

Sources: YLE 2020-04-10 (Finnish); Newspaper Helsingin Sanomat reported on April 5th 2020 about the project called "Ketju" and the minister of transport and communications Timo Harakka also blogged about the topic on the ministry site.

Finland: Location data and other[edit | edit source]

The government of Finland gained unspecified access to location data from network operators; "private individuals have filed a number of complaints with the Chancellor of Justice and the Parliamentary Ombudsman over the government's use of location data".

Sources: YLE 2020-04-11 (English).

Germany: "Corona-Datenspende" (Robert Koch Institut)[edit | edit source]

The German public health institute (Robert Koch Institut, RKI) collects data from fitness-tracker and smartwatches with its “data donation” app, so-called “Corona-Datenspende”.

According to the RKI, fitness wristbands and smartwatches provide a large amount of data that enable the detection of potential COVID-19 symptoms. A key parameter is the measured pulse. In addition to the information provided by the tracking devices, the gender, age, weight, size and postcode are collected. By means of this information, the RKI expects to be able to understand the virus better since the collected data may relate to the perception of the virus.

After the data analysis, the data will be visualized in form of a thermal image map with potentially infected persons and the zip codes.

The use of the app is based on an individual user ID that is assigned to the data subject, the pseudonym. No anonymisation occurs.

Source: https://corona-datenspende.de

Iceland: Government app project[edit | edit source]

The app is a joint project of the Department of Civil Protection and Emergency Management and the Directorate of Health and is panned to go live beginning of April.

Source: Icelandic Review (with further references)

India: Aarogya Setu mobile app[edit | edit source]

Aarogya Setu is a mobile application developed by the Government of India to connect essential health services with the people of India in our combined fight against COVID-19. The App is aimed at augmenting the initiatives of the Government of India, particularly the Department of Health, in proactively reaching out to and informing the users of the app regarding risks, best practices and relevant advisories pertaining to the containment of COVID-19.

Atogya Setu tracks through a Bluetooth & GPS generate social graph, yor interaction with someone who could have tested COVID-19 positive. You will be alerted if someone, you have come in close proximity of, even unknowingly, tests COVID-19 positive. The app alerts are accompanied by instructions on how to self-isolate and what to do in case you develop symptoms that may need help and support.

Source: https://www.mygov.in/aarogya-setu-app/

Ireland: HSE App (Government)[edit | edit source]

The Irish Health Service Executive (HSE) is planning to release a contract tracing app for Ireland within the next weeks, according the Irish Times.

Source: Irish Times

Israel: "Hamagen" app (Government)[edit | edit source]

The "Hamagen" (The Shield") app is tracking the users location history. If a person is infected the location histories of the users and the infected person are linked to see if there was a potential exposure.

"After a user installs the app, it keeps track of their movements and compares the information with Health Ministry data on where those who are positively diagnosed have been. If the app finds a match — that the user was in the same area at the same time — it links the smartphone’s owner to the Health Ministry website for information on what to do next, and how to register as going into self-quarantine. The ministry stressed that all the information on the user’s movements is only stored on the smartphone, which is kept updated by the ministry with the epidemiological data of known COVID-19 cases."[1]

The app was developed using open source code.

Source: The Times of Israel

Italy: Immuni app[edit | edit source]

This is the project selected by the group of experts in the Department of Innovation, proposed to the Prime Minister by Minister Paola Pisano on 10 April and now submitted to the scrutiny of the team Colao. The Immuni app, which will not be mandatory, but downloadable only voluntarily, consists of two parts. The first is a contact tracking system that uses Bluetooth technology.

If someone tests positive for the coronavirus, the app could send an alert to users who have been in contact with the infected individual, recommending actions such as self-quarantine and virus testing while preserving anonymity. A second function of Immuniis a clinical diary containing all the most relevant information about the individual user (sex, age, previous illnesses, medication intake) and which should be updated daily with any symptoms and changes in health status.

Source: New York Times, Republicca, Ansa

Norway: App by the Institute of Public Health[edit | edit source]

The Norwegian Institute of Public Health confirmed that an app for tracking location data and to inform users if they have been in contact with anyone infected.

According to the developer Simula, location and bluetooth data is collected once the app is installed, encrypted and stored on a secure cloud server. If a user is confirmed to be infected, it will be possible to track the phones of other individuals that the person has been in contact with the last 14-days. The tracking/calculation of other user's will be done "server-side" (by the government). A message can then be sent to other app users so that they can take the necessary precautions.

The use of the app and the data will be regulated by a regulation (forskrift). The Supervisory Authority stated that they have been giving guidance, and will keep a close eye on how the app is used.

Sources: NRK.no, NRK,no (Update)

Singapore: "TraceTogether" app (Government)[edit | edit source]

"TraceTogether supports Singapore’s efforts to mitigate the spread of COVID-19 through community-driven contact tracing. TraceTogether uses Bluetooth signals to determine if you are near another TraceTogether user. Your Bluetooth proximity data is encrypted and stored only on your phone. The Ministry of Health (MOH) will seek your consent to upload the data, if it’s needed for contact tracing. If you had close contact with a COVID-19 case, TraceTogether allows the MOH call you more quickly, to provide guidance and care. TraceTogether helps us protect our loved ones and families so that we do not spread the virus to them unknowingly. It also helps us support the work of contact tracers and healthcare workers by combating the spread of COVID-19 together. TraceTogether's functionality will be suspended after the epidemic subsides."[2]

The government of Singapore has announced that it will make the app open source to allow other countries to use it.

Source: https://www.tracetogether.gov.sg/, https://tracetogether.zendesk.com/

Switzerland: "WeTrace" app (Private)[edit | edit source]

This project is ready to be deployed. It is open source. All data remains locally on the devices. Packaged information encrypted asymmetrically. The sole information a potential malfeasor on the central server would see is the fact _that_ an infected person has actually pushed a status update, but on the core server it is not visible "what" the person has broadcasted. The broadcasting user can determine the details of what should be broadcasted aside from status (location of contact, time of contact, etc.). Packages will be sent not to everyone but only to those that need to know.

Sources: https://devpost.com/software/wetrace-g9ocyi, https://www.wetrace.ch

United Kingdom: NHSX/University of Oxford tracking app (Government)[edit | edit source]

The British National Health Service (NHSX) and a research team at the University of Oxford is working on a mobile app to track possible interactions between users to inform users about a possible exposure. No technical details are known so far.

Source: https://045.medsci.ox.ac.uk/mobile-app / TheGuardian

United States: Covid Watch (Stanford University)[edit | edit source]

The project focuses on developing a SDK or app that "performs automatic decentralized contact tracing using Bluetooth proximity networks". It is an open source project, but not live yet. It should also include a "heat map" and user information.

Source: https://covid-watch.org/#

Unites States: CoEpi[edit | edit source]

"CoEpi is building mobile apps (for both iOS and Android) with a privacy-first approach to anonymous Bluetooth-based contact tracing, exposure matching, and symptom alerting to address the spread of COVID-19 and other transmissible illnesses (like colds and flu) in our communities." According to their Twitter account, the project it run by Dana M. Lewis and Scott Leibrand, both from Seattle.

Source: https://www.coepi.org/ / https://github.com/Co-Epi

Spain: "Open Coronavirus" app (Private)[edit | edit source]

The Spanish medical investigator Aurelia Bustos has released Open Coronavirus, an open-source app with the aim to copy the advantages of the South-Korean app: in the end, serving as an individual-validation-method in order to allow free movement of the citizens. This tool can be used by any public institution as a basis for its own apps on tracking citizens due to the coronavirus emergency, and it offers a modular design: three levels of management (mobile phone, central management of data by the competent authority and checking of the control points by the competent authority too) with different options of geolocation (GPS, bluetooth, positioning by mobile operators cells) that could be implemented or not by the corresponding institution. Its use would be voluntary for the citizen (although, in words of the medical investigator, "it would be probably very advantageous for the user, as it would allow him/her to have the possibility to finish an eventually longer quarantine"), and it would necessarily depend on the realization of any kind of coronavirus detection tests.

As this is an open-source app, it informs that it will not be officially published in its current status, and any use of the same by any institutons must be always in line with GDPR.

Source: Link to the source code at GitHub

Centralized contact tracing systems[edit | edit source]

Czechia: Multi-Source Contact Tracing[edit | edit source]

To be added

Source: National Law

Slovakia: Multi-Source Contact Tracing[edit | edit source]

To be added

Source: Missing

Israel: Use of Mobile Network Data[edit | edit source]

The Israeli secret service Shin Bet is authorised to collect mobile phone data in order to identify persons who have been in contact with infected persons. An Israeli security company known for its spy software has developed a tracking tool for this purpose. On the first day of mass surveillance, about 400 people were sent into quarantine.

Source: TheGuardian

Italy: Rilevatore terremoto[edit | edit source]

The app "Rilevatore terremoto", which had over 5 million downloads since 2012 and whose alleged function was to send people notifications about earthquakes, was repurposed to collect location data from its users. The location data was then processed to produce statistics about the users' movements.

The app was developed with EU funds from Horizon 2020 projects earthquake-turnkey and RISE.

Source: Francesco Finazzi and Alessandro Fassò interviewed by key4biz; sismo.app.

Italy: various other apps[edit | edit source]

Various regions have asks citizens to install mobile apps to provide some information. Approaches vary.

  • Ferrari "back on tracks" initiative: each employee is offered the opportunity to use an App, in order to have medical and health support in monitoring the symptomatology of the virus.
  • Lombardia: 500k citizens have filled a questionnaire with information on their activities through the app AllertaLOM, used for public service warnings.
  • Ministry: some ministries have put out a call for contact tracing technologies (closed on 2020-03-26).
  • Webtek: "StopCovid19" app with planned access for authorities, status unclear.
  • SoftMining (University of Salerno): SM-covid-19, collects unique IDs of all nearby devices via BlueTooth, WiFi, GPS, NFC, Google Nearby, ultrasound and others, then transmits them to a central database. Planned access for authorities, status unclear.
  • Jakala/Santagostino: Geo-Crowd-Vid-19, voluntary questionnaires about medical status.
  • CovidApp: checks bluetooth IDs of nearby devices.
  • Digit/University of Urbino: diAry, collects location data locally, ostensibly for the purpose to send some aggregated data to a central database. Plans to distribute prizes (WOM tokens) to participants.

The privacy authority has expressed some opinions on the matter.

Source: Mi-Lorenteggio, Il Post, Wired.

South Korea: Multi-Source Contact Tracing[edit | edit source]

According to the New York Times South Korean "Health officials would retrace patients’ movements using security camera footage, credit card records, even GPS data from their cars and cellphones."[3] In the article the approach is described by an expert as as an "epidemiological investigations like police detectives".

But this was not feasible during the Corona crisis, "as the coronavirus outbreak grew too big to track patients so intensively, officials relied more on mass messaging."

Source: Business Insider, New York Times

Assorted surveillance[edit | edit source]

Various telecoms and other cyberspying providers have offered their services to governmetns.

Source: Reuters.

Enforcement of lock-down[edit | edit source]

Bulgaria: Forms to enforce travel restrictions[edit | edit source]

With para. 41 of the Law on Measure and Actions during the state of emergency, the Electronic Communications Act is amended giving the power to the law enforcement authorities to track citizens' mobile phone and identify their location only if the citizen is put under mandatory quarantine and does not follow the instructions given or refuse to follow them. The telecommunication companies shall provide the law enforcement authorities with the location data upon their request, i.e. no approval by the court is necessary.

Source: Missing

Greece: Text message system to enforce lock-down restrictions[edit | edit source]

Instead of filling out and carrying a hard-copy form, people can send a text message to the General Secretariat of Civil Protection when an individual leaves their places.

Personal data (name, surname, home address, reason for going out, work address when work is the reason for going out and telephone number) is included in an SMS which is sent to the General Secretariat of Civil Protection once an individual leaves their places (time). This is one of the two options an individual may have; the second one is filling out and carrying a hard-copy form with the mentioned data plus some more. This form has to be only demonstrated to the police or other enforcement authorities and is not stored.

The General Secretariat of Civil Protection published a Privacy Policy, according to which the data collected via the mentioned SMS will be processed only by the Secretariat and only for the purpose of supervising the compliance of individuals with the imposed measures against the spread of Corona-Virus. According to the privacy policy, once the data subjects receive a confirmation SMS, the mentioned data is either deleted or anonymised and kept for statistical purposes only. The privacy policy mentions that all necessary safeguards have been implemented and all data subjects' rights according to the GDPR shall be respected.

However, the privacy policy is very vague and contradictory.

Source: https://forma.gov.gr/

Enforcement of individual quarantine[edit | edit source]

Poland: "Home quarantine" app[edit | edit source]

On 7 March 2020, the Minister of Health adopted a Regulation on the list of diseases giving rise to obligatory quarantine or epidemiological surveillance and the period of obligatory quarantine or epidemiological surveillance (Dz. U., 2020, item 376). Since the entry into force of this Regulation, persons infected or suspected of being infected with coronavirus shall be administered to surveillance measures if the health services so decide.

The Polish police conducts regular checks of the persons who are subject of the 14-day quarantine obligation. Officers call the person's phone and ask them to look out the window or have a short conversation over the intercom or videophone.

An alternative method to monitor persons under the quarantine were adopted by the Polish Ministry of Digital Affairs who developed a mobile app "Home Quarantine" (Aplikacja Kwarantanna domowa). The mobile app allows to confirm the location of a person covered by the quarantine restrictions and to conduct basic health assessment. In addition, the app allows for a quick access to the necessary quarantine information, and to contact the local social welfare centers, which can provide medicine or food in justified situations. The app has access to the GPS and camera on the user's mobile phone. The use of the application is voluntary.

Source: Polish Government

Self-assessment apps[edit | edit source]

Spain: "Asistencia Covid-19" app (Government)[edit | edit source]

The Spanish Government has released this digital app to contribute to the management of the health emergency, with focus on the self-assesment of the disease by the user and the possible follow up of the symptoms by health professionals.

Privacy Policy

Personal data processed

Apart from basic personal data (name, surname, phone number, national ID number, birth date, address, gender-optional) this app can process health data related to COVID-19 symptoms (lack of oxygen sensation, fever up to 37.5 degrees, dry cough, contact with patients positive on COVID-19, mucus, muscle pain and general malaise) and optional geolocation data (only with previous consent of the user, and in order to be able to offer him/her the best preventive and evaluation measures at all times, when registering and carrying out self-evaluations, as well as in order to know in which Autonomous Community is located and to be able to connect him/her with the corresponding health care system) that will never be used for geofencing purposes in order to know it the user is at his/her domicile.

Data controller

The Spanish Ministry of Health.

Data processor

The Spanish General Secretariat for Digital Administration.

Purposes

(i) Offering information on COVID-19, including notices related to prevention measures; (ii) Self-assessment with basis on the health symptoms communicated by the user; (iii) Providing practical advice and recommendations; (iv) If possible, making a medical appointment for a possible test, after professional diagnosis; (v) Reception of the results of the proof and recommendations on quarantine, auto-quarantine or medical appointment; (vi) Continuous daily self-assessment, tracking body temperature and basic parameters every 12 hours once the app is started, including a reminder so the user can introduce such data; (vii) Gathering the GPS location exclusively when doing the self-assessment in order to determine in which Autonomous Community the user is located and, if necessary, connecting him with the corresponding health services, with the possibility to use the address provided by the user when he/she made the registration in order to provide medical services, but never for geofencing purposes; (viii) Other purposes: Statistical purposes, biomedical, scientific and historical research, and storage in public interest.

Lawful basis

Public interest [6(1)(e) and 9(2)(i) GDPR] and the need to protect the vital interests of the data subject or of another natural person [6(1)(d) and 9(2)(c) GDPR]

Period

As long as the health emergency lasts (with the exception of the “Other purposes” period, that will be two years). Once the period is finished, personal data will be anonymized and/or blocked.

Who else will access the data

Health professionals, health competent authorities and other national and/or international authorities.

Rights

The user can use this form to request the execution of his/her data protection rights.

Security Measures

Personal data will be kept in the European Union and will be processed under the security measures specified at Annex II of the National Security Scheme as per specified in the Spanish Royal Decree 3/2010.

Other information

(i) The minimum age to register is 16; (ii) the user must provide real and up-to-date information; (iii) the account can be deleted voluntarily or if the user infringes the terms and conditions.

Cookies

The app only uses technical cookies that allow the user to navigate and use the different options or services offered in the Application, such as, for example, identifying the session and identifying himself/herself as a registered user each time he/she access the Application, access parts of restricted access or use security elements while browsing.

Source: Google Play Store

Spain: "CoronaMadrid" app (Autonomous Community of Madrid)[edit | edit source]

The Spanish Autonomous Community of Madrid recently released “CORONAMADRID”, a mobile app which helps citizens self-assess the probability of suffering from the infectious disease COVID-19, caused by the coronavirus. The main purpose of this app, according to the regional conservative government is to decongest the 900 health emergency phone line, that deals with doubts about the infectious disease COVID-19. The idea is to reassure the population, to allow an initial triage of possible cases and a subsequent follow-up, which includes a treatment of the geolocalisation information in accordance with the purposes set out in the Privacy Policy, and exclusively during the time and for the purposes set out in that Privacy Policy.

User registration

Regarding the user registration, the terms and conditions specify that the use of the Application is free of charge and voluntary, but remembers that only users that are at least sixteen or have obtained the consent of their parents or legal guardians can use this app. It is also forbidden to provide fake data when registering.

Privacy Policy

The “Viceconsejería de Asistencia Sanitaria de la Consejería de Sanidad de la Comunidad de Madrid (CSCM)” is the data controler. According to the privacy policy, through the application, the CSCM processes personal data, including health data derived from the results of self-assessments following health care protocols together with the GPS location of the users, in case it is activated at the time of registration and/or when doing the self-assessment.

User data

In particular, the information the CSCM will have about the user includes the following data:

  • First and last name
  • Mobile phone number to which the CSCM will send you a first verification SMS at the time of registration.
  • DNI / NIE insofar as it is essential for the Health Authorities to be able to integrate and compare the information of patients with possible symptoms with the existing public health management systems and to provide follow-up and personalised attention.
  • Date of birth, allows to determine the population group in which you are, the age range can determine if it is a risk group.
  • Full address, postal code and autonomous community where you are.
  • Gender
  • Geolocation (Optional), that is, the location via GPS of your mobile phone. It will only be used when you register and perform your self-assessment, and only if you give your permission.
  • Health data related to your self-assessment based on the symptoms you are experiencing. In particular, when using the Application we may collect information about you relating to shortness of breath, fever of +37.5ºC, dry cough, whether you have visited any risk areas in the last 14 days, whether you have been in contact with any confirmed positive patients, whether you have a runny nose, muscle pain and/or general malaise.

All the information will be collected by the Community of Madrid for purposes strictly of public interest in the field of public health and in view of the situation decreed by the Public Authorities, in order to protect and safeguard an essential interest in people's lives.

The data the CSCM gets from the user is mainly retrieved from the user and his/her device: e.g. through the online forms of the app or the data the operating system of the device or GPS location when registering and performing the self-assessment. The privacy policy reminds that the user can review and manage the granted permissions to CORONAMADRID to obtain data from the device through the options available on the terminal, as well as through the consent manager for cookie management available on the website.

Purpose

The information and data collected by the CSCM through the Application will be processed for purposes that are strictly in the public interest in the field of public health, in view of the current health emergency decreed by the Public Authorities as a result of the COVID-19 pandemic and the need to control and propagate it, as well as to protect and safeguard an essential interest in people's lives, in accordance with the data protection regulations in force.

In line with the above, it is reported that the main objective of the Application is to reduce the volume of calls to the health emergency number that deals with doubts about the infectious disease COVID-19 (of the Coronavirus family of infections), to reassure the population, to allow an initial triage or self-assessment of possible cases and a subsequent follow-up.

To this end, the app uses data to provide the user with the service of CORONAMADRID and to enable the user to make use of its functions in accordance with its terms of use. This implies providing the user with information on COVID-19, the self-assessment, provision of practical advice, receiving test results and recommendations for action for quarantine or self quarantine or appointment with medical center, continuous daily self-assessment with the monitoring of temperature and basic parameters every 12 hours since the application was started, including a reminder in the form of an alarm to be entered.

Furthermore, when the user registers and performs the self-assessment, the user’s GPS location will be saved, always with his/her express authorization, in order to know where the user is and to be able to offer the user the best preventive and assessment measures at all times, as well as to guarantee the quality of the data and its epidemiological analysis. Basically this information is collected to understand where the outbreaks are, for statistical purposes. That is, each assessment is located to understand the distribution of symptoms with data as reliable as possible. This location is always optional and alternatively, the home address provided in the register may be used for the purpose of providing health services if necessary. In any case, the application does not perform geofencing to determine if the USER is at home.

In addition, the CSCM clearly informs the user that the personal data will be subject to a process of anonymization, aimed at preventing the user’s direct reidentification, as well as indirectly, to treat them in an anonymized form for the following purposes not directly related to the functions of CORONAMADRID

  • For statistical purposes
  • For biomedical, scientific or historical research; and
  • For archiving in the public interest

According to the privacy policy, these purposes will allow both a descriptive anonymized analysis of the situation, which will make it possible to know what and why it is happening (e.g. the current dynamics of the symptomatology in the population), and a predictive anonymized analysis of the evolution of this (e.g. how these dynamics could evolve in the future).

Moreover, these purposes are especially relevant, not only to know and predict the situation of the companies, but also to know how they will behave in the future.

Duration

The app only keeps and processes the data for as long as it is necessary for the purposes just indicated (Purpose), and for as long as the health emergency lasts, all in accordance with the principles of data minimisation and limitation of the storage period established by the applicable regulations. At the end of the storage period of the data, they will be anonymized and/or blocked in accordance with the requirements established in the applicable regulations.

Who accesses the data

In addition to the CSCM, the health professionals and authorities with whom the CSCM collaborates and interacts for the fulfillment of the above-mentioned purposes have access to the user’s personal data. Access to this data, which the CSCM provides to these third parties, is “always for lawful purposes and only for the period of time strictly necessary for this purpose

The privacy policy also mentions the data subject’s rights (e.g. rights of access, rectification, deletion, limitation, opposition and portability)

Cookies

Finally, regarding cookies the CSCM indicates that they use technical cookies that allow the user to navigate and use the different options or services offered in the Application, such as identifying the session and identifying you as a registered user each time you access the Application, accessing restricted areas or using security elements during navigation.

However, it also says that analytical cookies (Google Analytics) that allow the CSCM to quantify the number of users and to measure and statistically analyse user usage and activity are also used.

Source: https://www.coronamadrid.com/

Spain: "STOP COVID19 CAT" app (Autonomous Community of Catalonia)[edit | edit source]

The app by the Catalan government has two functions: (1) To provide information, including a questionnaire to self-asses if a person may be infected and (2) to generate a "heat map" of areas where such people are located. The Privacy Policy provided on the website is not fully available, but it indicates that any section of the app requesting personal data will have its own data protection information notice.

Source: Google Play Store

Spain: "COVID-19.eus" app (Autonomous Community of Basque Country)[edit | edit source]

Privacy Policy

Personal data processed

Apart from basic personal data (name, surname-optional, phone number, birth date, post code, gender, email) this app can process health data related to COVID-19 symptoms (temperature, dry cough, throat pain and lack of oxygen sensation), other health data (if the user is risk population, diabetes, blood pressure and heart diseases-no need to specify which one) and geolocation data (GPS).

Data controller

Public Health and Addictions Directorate (Basque Health Department).

Data processor

The Spanish company MAM Objects, S.L.

Purposes

(i) Offering information on COVID-19, including notices related to prevention measures; (ii) Self-assessment with basis on the health symptoms communicated by the user; (iii) Providing practical advice and recommendations; (iv) If possible, making a medical appointment for a possible test, after professional diagnosis; (v) Reception of the results of the proof and recommendations on quarantine, auto-quarantine or medical appointment; (vi) Continuous daily self-assessment, tracking body temperature and basic parameters, including a reminder so the user can introduce such data; (vii) Gathering the GPS location in order to determine in which Autonomous Community the user is located and, if necessary, offering him/her prevention and assessment measures; (viii) Other purposes: Statistical purposes, biomedical, scientific and historical research, and storage in public interest.

Lawful basis

Public interest [6(1)(e) and 9(2)(i) GDPR] and the need to protect the vital interests of the data subject or of another natural person [6(1)(d) and 9(2)(c) GDPR]

Period

A maximum period of one (1) year. Once the period is finished, personal data will be deleted, anonymized and/or blocked; this will also happen if the user deregisters from the app.

Who else will access the data

The Basque Health Department (Osakidetza), health competent authorities and other national and/or international authorities, and the company MAM Objects, S.L.

Rights

The user can use this website to request the execution of his/her data protection rights.

Other information

(i) The minimum age to register is 16; (ii) the user must provide real and up-to-date information; (iii) the account can be deleted voluntarily or if the user infringes the terms and conditions.

Cookies

The app only uses technical cookies that allow the user to navigate and use the different options or services offered in the Application, such as, for example, identifying the session and identifying himself/herself as a registered user each time he/she access the Application, access parts of restricted access or use security elements while browsing.

Source: Google Play Store

Spain: "CoronaTest Navarra" app (Autonomous Community of Navarra)[edit | edit source]

Privacy Policy

Personal data processed

Apart from basic personal data (name, surname, phone number, national ID number, Navarra social security number, birth date, email, address, gender) this app can process health data related to COVID-19 symptoms (lack of oxygen sensation, fever up to 37.5 degrees and dry cough).

Data controller

Navarra Health Department

Purposes

This app does not clearly specify the purposes for the processing activities. The description of the app says that “it has the objective to decrease the amount of phone calls to the health department regarding medical doubts, calm the population, allow an initial medical triage and the subsequent following-up”. Moreover, it says that it will be used as “a tool for knowledge dissemination, symptomatology and prevention measures, as well as official information on the current situation and Navarra news”.

Lawful basis

This app does not specify the lawful basis for the processing activities.

Period

This app does not specify the period according to which the personal data will be processed.

Who else will access the data

Health professionals, health competent authorities and other national and/or international authorities, and providers/collaborators (as well as their subcontractors)

Source: Google Play Store

Spain: "Salud Responde" app (Autonomous Community of Andalucía)[edit | edit source]

The Autonomous Community of Andalucía has updated "Salud Responde", its regional health app (commonly used for answering FAQ and managing medical appointments), in order to include a service on self-assesment for coronavirus. The privacy policy is not available at the website; once the user clicks at the link, it redirects to another information page also redirecting to the main app stores.

Spain: "Test COVID-19" self-assessment tool (Autonomous Community of Castilla y León)[edit | edit source]

The Autonomous Community of Castilla y León has released this self-assesment test on coronavirus symptoms. According to the website, it does not process any kind of personal data throughout the process, and any results will be strictly confidential.

Spain: "Autotest Coronavirus" self-assessment tool (Autonomous Community of Galicia)[edit | edit source]

The Autonomous Community of Galicia has released this self-assessment test on coronavirus symptoms. The website does not specify if the test makes any kind of data processing, but it does not seem so: if the user clicks on every different option, he/she inmediately receives an automatic answer (e.g. "if you are coughing and you have travelled to any risk areas, then you should call to X phone number"), so it looks like a simple "options-tree structure" without the need of processing personal data.

Spain: "Open COVID-19 test" app (Private)[edit | edit source]

Celia Velasco has released this open-source version of the CoronaMadrid self-assesment app; according to the author, the results are exactly the same, but without processing any kind of personal data.

Spain: "Yometesteoencasa" self-assesment tool (Private)[edit | edit source]

Pablo Serna, Ibán Ríos and María Ortuño have released this open-source self-assesment test that, according to its privacy policy, does not process any kind of personal data from the users.

Source: Link to the open-source at GitHub

Location mapping projects[edit | edit source]

South Korea: Risk Maps & Alerts[edit | edit source]

"The South Korean government is publishing the movements of people before they were diagnosed with the virus - retracing their steps using tools such as GPS phone tracking, credit card records, surveillance video and old-fashioned personal interviews with patients."[4]

"South Koreans’ cellphones vibrate with emergency alerts whenever new cases are discovered in their districts. Websites and smartphone apps detail hour-by-hour, sometimes minute-by-minute, timelines of infected people’s travel — which buses they took, when and where they got on and off, even whether they were wearing masks."[5] And anyone that has crossed the paths of an infected person is asked to get tested.

Source: New York Times

Statistical analysis[edit | edit source]

Austria: A1 Telecom Movement Data[edit | edit source]

Telecommunication network provider A1 transmits - anonymised - location data of mobile phone users to the Austrian government.

The purpose of this processing activity is to track the decrease of the presence of citizens in public areas. The technology was used for other purposed before the Corona crisis.

According to A1, the location data are being anonymised by assigning randomly generated numbers to each mobile phone user. These numbers are changed every 24 hours. A1 also stated on its home page, that movement of persons is only analysed and visualised in "groups of 20 or more people", since the technology has originally been developed to track streams of tourists in the proximity of tourist attractions.

Concerns have been voiced that there is no legal basis for the processing of historical location data. In addition, it is unclear whether the assignment of random temporary numbers qualifies as anonymisation or is a measure of mere pseudonymisation. If the latter is true, the GDPR fully applies.

Source: A1 Telecom

Belgium: Network operator movement data[edit | edit source]

In Belgium Network Operators have provided aggregated mobile phone network data to the authorities.

Source: Les Echos

Germany: Network operator movement data[edit | edit source]

Telecom operators like Telefonica/O2 conduct a data anonymization platform. Individuals have the option to opt-out.[6] The German Telecom transferred anonymised location data of mobile phone users to the public health institute ("Robert Koch Institut").[7]

The Federal Commissioner for Data Protection and Freedom of Information stated on Twitter that the transfer is justifiable in the chosen form.[8] According to his statement, the transferred information do not allow the identification of individuals.

Source: missing

Italy: Network operator movement data[edit | edit source]

In Lombardy, the Region has received unspecified amounts of data from network operators, ostensibly to count how many residents kept moving despite the lockdowns. (Note: such data in Italy has a data retention of 6 years.)

Source: Fanpage and others; original source is a press conference with governor Fontana.

Denmark: Request for Mobile Network Data[edit | edit source]

The public Danish research institute ("Statens Serum Institut") requested data from the telecommunication industry. The Ministry of Health ("Sundhed-sministeriet") did not comment on the request.

According to the Danish Health Authority ("Sundhedsstyrelsen") the SSI further asked the police to assist in obtaining information related to transport and shopping habits.

Source: DR.dk/

Switzerland: Network operator movement data[edit | edit source]

Anonymised, retrospectively aggregated location data of the network operator (Swisscom) to assess the effectiveness of regulations on the prohibition of crowding.

Source: SRF News Website Swisscom press release Statement of the Federal Data Protection and Information Commissioner Order of the Federal Office of Public Health concerning access to the Mobility Insights platform of Swisscom

Worldwide: Apple Maps Mobility Trends Reports[edit | edit source]

Aggregated statistics on the user's requests for directions in Apple Maps, broken down by country/region/city and means of transport. Updated daily.

Source: Website with Search, Graph and Data Download

Other Projects[edit | edit source]

Country Type of Project Status Summary Further Information
Austria Movement statistics Implemented Telecommunication provider A1 transmits - anonymised - location data of mobile phone users to the Austrian government See below
Austria Contract tracing app Implemented The Austrian Red Cross (Österreichisches Rotes Kreuz) has announced the deployment of a mobile phone app, which allows users to track each other after performing a "digital handshake". If an app-user is confirmed to be infected with the Corona-Virus, other app-users are informed via the app. See below
Austria Alert system Implemented In § 98a TKG (Telecommunication Act) a new provision was introduced to allow the government to compel network operators to send text messages to phones, based on different criteria (like location). Link to law
Belgium Movement statistics Implemented In Belgium Network Operators have provided aggregated mobile phone network data to the authorities. See below
Bulgaria Enforcement of lock-down Implemented Bulgarian citizens are allowed to travel between regional cities only when there is an urgent need for that - going to work, health reasons or returning to their permanent or current address. Passing the checkpoints required a filled out declaration. See below
Bulgaria Enforcement of lock-down Implemented Under para. 41 of the Law on Measure and Actions during the state of emergency, the Electronic Communications Act is amended giving the power to the law enforcement authorities to track citizens' mobile phone and identify their location only if the citizen is put under mandatory quarantine and does not follow the instructions given or refuse to follow them. The telecommunication companies shall provide the law enforcement authorities with the location data upon their request, i.e. no approval by the court is necessary. See below
Czechia Quarantine surveillance Proposed The Czech Republic is planning to launch a consensual "smart quarantine system" in April. To identify and isolate people infected with the SARS-CoV-2, data from mobile operators and banks will be disclosed to hygienists. Media Report
Czechia Contact tracing system Proposed The government is planning to use mobile phone data, credit card data and alike to track infected persons; according to a resolution passed by the government, this is supposed to be achieved by establishing the legal framework for the indicative tracing of covid-19 positioning on the basis of the informed consent of data subjects. Link to law
Denmark Movement statistics Proposed The Statens Serum Institut ("SSI") requested location data from the telecommunication industry.

The Ministry of Health ("Sundhed-sministeriet") did not comment on the request.

According to the Danish Health Authority ("Sundhedsstyrelsen") the SSI further asked the police to assist in obtaining information related to transport and shopping habits.

Media Report
Germany Movement statistics Implemented The German Telecom transferred allegedly anonymised location data of mobile phone users to the public health institute ("Robert Koch Institut"). See below
Germany Movement statistics Proposed Expanded cell phone tracking was part of a legislative proposal designed to give the federal government more competencies in the fight against epidemics.

The Federal Commissioner for Data Protection and Freedom of Information published a statement on the legislative proposal. He raised doubts regarding the necessity and proportionality.

Media Report
Germany Contract tracing app Proposed A proposed app, called "geoHealthApp" is meant to track the movements of users and allow infected people to "donate" their movements on an antonymous basis. People with overlaps in the movements should then be warned. Webpage
Greece Enforcement of Lock-down Implemented Instead of filling out and carrying a hard-copy form, people can send personal data (name, surname, home address, reason for going out, work address when work is the reason for going out and telephone number) in a text message to the General Secretariat of Civil Protection when an individual leaves their places. See below
Israel Contact tracing system Implemented The Israeli secret service Shin Bet is authorised to collect mobile phone data in order to identify persons who have been in contact with infected persons. An Israeli security company known for its spy software has developed a tracking tool for this purpose. On the first day of mass surveillance, about 400 people were sent into quarantine. See below
Israel Contact tracing app Implemented The "Hamagen" app tracks user’s location and compares them to known movements of others' diagnosed with the corona virus, to check it the users were close to an infected person within previous 14 days. See below
Norway Alert system Implemented Bergen municipality implemented a location based alert and information system. See below
Norway Contract tracing app Proposed The Norwegian Institute of Public Health is working on an app to track people's movement and inform them about the contact with an infected person. See below
Poland Quarantine surveillance Implemented As an alternative method to police cheeks, to monitor persons under the quarantine were adopted by the Polish Ministry of Digital Affairs who developped a mobile app "Home Quarantine" (Aplikacja Kwarantanna domowa). The mobile app allows to confirm the location of a person covered by the quarantine restrictions and to conduct basic health assessment. See below
Russia Contact tracing system Proposed The Ministry of Communications is organising the creation of a system for tracking citizens who were in contact with infected people, based on geolocation data of mobile phones provided by telecommunication providers. Notifications are supposed to be sent to exposed citizens to inform them of the need for self-isolation, and to the competent public authorities.

Official Announcement

Slovakia Quarantine surveillance Proposed Slovakia has approved a law that allow the government to track the phones of quarantined persons. Media Report
Singapore Contact tracing app Implemented The "TraceTogether" app is meant to trace contacts via Bluetooth to facilitate the tracing of any contacts of an infected person. The data is encrypted and the Singapore government claims that all data will be deleted after the end of the Corona outbreak. See below
South Korea Contact tracing system, including tracking of people Implemented The phones of citizens in South Corea are being tracked by governmental authorities, along with credit card records and face-to-face interviews with infected persons. The obtained data is used to create a publicly availabe retroactice map to allow other citizens to check wether thy might have encountered infected people, influding notifications e.g. if someone in their area has been infected. See below (Multi-Source Contact Tracing)

See below (Risk Maps & Alerts)

Spain Hispabot-COVID19 (WhatsApp chatbot) Implemented The Spanish Government released this chatbot to contribute to the management of the health emergency, with focus on answering over 200 FAQ (made in more than 1.000 different ways) by using AI. It works in a very simple way: the user shall add the chatbot phone number to his/her list of contacts and start a conversation; the chatbot will automatically introduce itself and present to the user which kind of information will be available for an answer.

The Government specified (through a ministerial order dated March 28) that the Spanish Ministry of Health will be the data controller and the Spanish State Secretariat for Digitalization and AI will be the data processor, and the full privacy policy can be accessed once the user starts the conversation with the chatbot. As per such privacy policy, the chatbot only processes the conversation anonimously, and will never ask for personal data of the user (even reminding him/her no to send personal data through the chatbot), but the information can be contradictory: at the same time it specifies that the conversation (which can obviously contain direct personal data, as well as be sustained over technical information which could be also considered personal data) will be the only information processed, it also refers to the privacy policies of WhatsApp and Google.

Link to the official press release
Spain DataCOVID (Movement statistics) Proposed The Spanish Government published a ministerial order in the Spanish official gazette (BOE) in which it internally entrusts the urgent development of the analysis of the geographic mobility of the citizens previous to and during the quarantine. This analysis will be based in the model provided by the Spanish National Institute of Statistics (INE) and through the crossing of data obtained from mobile operators, on an aggregate and anonymous way. Link to law
Spain Asistente informativo COVID-19 (Chatbot) Implemented The Autonomous Community of Andalucía has also released a chatbot based on AI with the tecnology of IBM in order to help answering FAQ related to coronavirus. There is no information on this chatbot processing personal data, although it does not seem so (at least, directly). Link to the press release
Spain Duty to inform on coronavirus cases Implemented The Spanish Government published a ministerial order in the Spanish official gazette (BOE) in which it requires all the public and private entities in charge of dealing with the pandemic (i.e. hospitals, clinical laboratories, etc) to communicate new cases of coronavirus to the Spanish Ministry of Health. The data processing purpose will be the epidemiological monitoring of COVID-19 in order to prevent and avoid exceptional serious situations, and the legal basis will be the public interest in the area of public health, as well as the protection of the vital interests of the data subject and other natural persons. The data controller will be the Spanish Ministry of Health, that will guarantee the application of any safety measures coming from the corresponding risk analysis, taking into account that the processing activities affect special categories of personal data, and that those processing activities will be carried out by public institutions obliged to comply with the Spanish National Security Framework (ENS). Link to law
Switzerland Contact tracing app Proposed The "WeTrace" app is meant to trace contacts via Bluetooth to facilitate the tracing of any contacts of an infected person. The data is encrypted. No central data storage. Server used for broadcasts of notices. Content of Notices to proximity contacts can be set by each user switching his or her setting to "infected". Asymmetric encryption. Push to proximity contacts only. Can be integrated into other well-distributed apps. See above
Switzerland Contact tracing app Implemented "Next Step" App. Encounters with other users are saved locally smartphone. Each App has its own dynamic ID that is randomly generated via «HMAC(SHA256)» and changes every 60 seconds. No location tracking. No analytics or advertising. Open architecture, Open source (STAR Open SDK), Interoperability. The app informs all encounters anonymously about an infection and provides information on how to proceed. Vendor is member of Pepp-PT DP-3T. Webpage
Switzerland Public Health tracking Implemented "Corona Science"-App. Users can give periodical reports on their observed symptoms, state of health, experienced stress due to the lockdown and give information on their behaviour regarding contact prevention, home office, childcare and economic situation. The App is developed by the Bern University of Applied Sciences (BFH) and MIDATA Genossenschaft and is supported by Cantons Bern and Neuchâtel, eHealth Suisse, opendata.ch and others. Website Press release
Switzerland Public Health tracking Implemented "COVID-19 Tracking Switzerland"-Website. Website to collect statistical data both over time and geographically. Users are repeatedly asked to fill out a form with information on their current and past symptoms, risk factors and their approx. location (based on postal code). Data of repeating participants is linked together to indicate trends and aggregated results are published Website
United Kingdom Contract tracing app Proposed A research team at the University of Oxford is working on a mobile app to track possible interactions between users to inform users about a possible exposure. No technical details are known so far. See below
United Kingdom Movement statistics Proposed The UK government is in talks with network operators to see if phone location data could be used to asses if the "stay home" efforts in the UK are complied with. Media Report
United States Movement statistics Proposed The US government is discussing with private sector companies, if they can provide location information in an aggregated and anonymous form to map the spread of the infection. Media Report

Footnotes[edit | edit source]