Fourth Industrial Revolution

Digital contact tracing apps help slow COVID-19. Here's how to increase trust.

A staff member holds a QR code for the "LeaveHomeSafe" COVID-19 contact-tracing app to consumers at a restaurant, following the coronavirus disease (COVID-19) outbreak, in Hong Kong, China February 18, 2021. REUTERS/Tyrone Siu - RC2TUL9H0U2N

China is working with tech companies to enforce DCTs, which are operational in the country from restaurants to shopping malls. Image: REUTERS/Tyrone Siu

Danbee Back
Researcher, KAIST-Korea Policy Center for the Fourth Industrial Revolution
Cornelius Kalenzi
Postdoctoral Researcher, KAIST-Korea Policy Center for the Fourth Industrial Revolution
Moonjung Yim
Postdoctoral Researcher, KAIST-Korea Policy Center for the Fourth Industrial Revolution
Our Impact
What's the World Economic Forum doing to accelerate action on Fourth Industrial Revolution?
The Big Picture
Explore and monitor how COVID-19 is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


  • Apps to isolate individuals from infected parties are highly effective at slowing the transmission of COVID-19.
  • The apps require governments to collect data and pinpoint your location, leading to privacy concerns.
  • Existing regulatory guidelines could be used effectively, taking a per country approach and bolstering where needed.

In response to COVID-19, many countries have turned to digital contact tracing technologies (DCTs) to fight against the deadly pandemic. Broadly, these are apps used to detect, trace and grant access permission to isolate infected persons from the uninfected.

Emerging research in countries where DCTs have been implemented, such as in the UK and Spain, suggests that they are better than manual contact tracing to slow the transmissions of COVID-19 and save lives.

When coupled with digital infrastructure, testing, social distancing and vaccines, DCTs promise to revolutionise the battle against pandemics and will be vital to returning our lives to normal.

However, users must part with some degree of privacy, with most contact tracing services requiring users to report their location data at the least. It follows that the public is wary of letting governments snoop into their private lives.

DCTs: various uses, actors and data types Image: Authors' compilation

Contact tracing has its perils

The successful implementation of DCTs requires a "marriage of convenience" between tech companies and governments, which has resulted in the unprecedented accumulation of private data.

In China, the government is reportedly working with Alibaba and Tencent to enforce DCTs, whilst in South Korea the government works closely with Naver and Kakao to achieve the same goals.

Similarly, in the US and Europe, some states and countries are working with Apple, Google and other developers to implement DCTs.

Some view the situation with caution, saying that governments' regulatory power over tech firms could weaken in time, causing privacy concerns. Such worries have become magnified in light of the recent instances of Apple, Google and Facebook using their powers to gain increased leverage over political leadership and processes in different countries.

Worse still, such technologies have links to police and state control in some countries. In Canada and Japan, revealing contact tracing data has resulted in the widespread stigmatisation of infected citizens. Moreover, there was a recent controversy about how only half of the QR code data was destroyed in South Korea.

Big Tech and governments have a massive influence on private data with limited oversight beyond legal patches and diversified guidelines.

Danbee Back, Cornelius Kalenzi and Moonjung Yim

All this raises the question: Is the state of technology governance ready for, and indeed capable of, implementing DCTs and addressing the public's privacy concerns? Then, how can governments build public trust in DCTs to enable the healthcare system to use it beyond COVID-19?

New territories: governing digital contact tracing

Due to myriad concerns over data privacy, contact tracing requires governance in the form of regulations to establish public trust in DCTs and to guarantee their continued use after COVID-19.

DCTs need to be designed to work within the confines of laws and systems that respect the human right of privacy and democracy. Several forward-looking proposals on achieving DCT governance are currently being discussed, including the Authorized Public Purpose Access Data governance model framework by the Forum, alongside more comprehensive regulatory regimes.

The reality is that across the board, Big Tech and governments have a massive influence on private data with limited oversight beyond legal patches and diversified guidelines. What is underexplored in this evolving debate is whether existing institutions and regulatory systems can be benchmarked to build guardrails and ensure public trust in DCTs.

The regulatory status of contact tracing worldwide
The regulatory status of contact tracing worldwide Image: Author's compilation

For now, it appears that countries are primarily relying on three types of governance approaches:

Some countries — among them South Korea, Singapore, Taiwan and Israel — rely on regulatory updates.

Countries such as the US are using self-regulation—placing less emphasis on privacy and on governmental overreach.

In Europe, governments are trying to work with companies to ensure that DCTs comply with existing regulatory frameworks such as the GDPR.

Staying with the latter, there is a series of existing regulations that would allow countries to be flexible and benchmark what could work in their political and social contexts.

Ways to approach existing guidelines

First, there is an urgent need to address issues related to social stigma, and to ensure that private contact tracing data remains secure. Therefore, public education programs and campaigns should be designed to limit COVID-19 shaming. Within the regulatory frameworks, the right to be forgotten in Europe can help. However, laws need to be updated to penalise culprits who leak private data or use the internet to cyberbully others.

Through such initiatives, governments may prove able to separate technologies from social stigma and build enduring trust in DCTs beyond COVID-19.

Another option is for countries to follow the example set by South Korea, Taiwan and Singapore, whose success in implementing DCTs came from supporting existing privacy and data governance laws with acts to cover DCTs. Other countries could consider fast-tracking reviews of existing laws in the context of DCTs, especially because DCTs have been found to operate in countries with outdated legal systems, such as in the US.

With the speed of technology adoption worldwide as giddying as it currently is, agile governance models that seek to revise and adopt legal and institutional frameworks quickly are needed to ensure DCTs' success.

In those cases in which regulations are subject to a complex governmental process, guardrails could be established, or strengthened, through existing approval bodies and regulations such as the FDA's Pre-Cert for Digital Health Software in the US. DCTs could benefit from a similar method of verifying safety and effectiveness through continuous monitoring from the pre-market development process to additional post-market performance verification.

South Korea and Australia are proposing deleting data after a given period, and this should be implemented through an independent and trustworthy watchdog.

Cornelius Kalenzi

If the public deems such bodies trustworthy, then DCTs may find some level of trust among users.

That said, given the scale of adoption and the amount of privacy data involved, those approval bodies and processes that are trusted at present may not prove sufficient to ensure privacy. And that means that additional enforceable guidelines may be required.

One area of interest is ensuring that contact tracing data can only trace exposure and is never shared. Some governments, including South Korea and Australia, are proposing deleting data after a given period, and this should be implemented through an independent and trustworthy watchdog.

Other guardrails could follow the steps of the Norwegian Data Protection Authority and the UK's Centre for Data Ethics and Innovation to identify how the public can enjoy the full potential benefits of DCTs within the ethical and social constraints of liberal democracy. Through trusted review processes, penalties could be enforced without having to push for "innovation stifling" regulations, and at the same time trust could be built in technology.

Given the privacy risks and citizens' lack of trust in how DCTs are overseen (or not) worldwide, governments must focus on erecting guardrails to build confidence in this technology, starting with strengthening existing systems.

If they manage to garner user confidence, governments could create a situation in which DCTs are trusted and become an integral part of global healthcare systems in the post-COVID-19 world.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
Fourth Industrial RevolutionHealth and Healthcare Systems
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How the Internet of Things (IoT) became a dark web target – and what to do about it

Antoinette Hodes

May 17, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum