The Centers for Disease Control and Prevention (CDC) reportedly bought access to people’s location data from a private date company that was banned by Google, according to documents obtained by reporters at Motherboard through a Freedom of Information Act (FOIA) request. The public health agency was planning on using that information to track people’s movement for Covid-19 related purposes such as compliance with curfew, as well as general health purposes.
With the onset of the global pandemic in 2020, data location became a tool to track down the spread of the coronavirus. In April 2020, SafeGraph, a private data company, announced that it would make the location data it collects available for free to the CDC, as well as other organizations and government agencies. A year later, the CDC paid SafeGraph $420,000 for access to one year of data after the company stopped providing the information for free. The location data would include information on the whereabouts of tens of millions of Americans through their phones, being able to tell where they lived, worked and their other movements.
In the documents, the CDC lists 21 uses for the location data that included monitoring curfews, visits between neighbors, visits to schools, pharmacies and places of worship, as well as monitoring people’s mobility patterns. But the CDC also wanted the location data for public health research by tracking “travel to parks and greenspaces, physical activity and mode of travel, and population migration before, during, and after natural disasters,” the documents read. The data collected would be made available across the agency, and “support numerous CDC priorities.”
Although the data is aggregated based on group movements, it has the potential to reveal an individual’s specific whereabouts, as well as track their movement. “SafeGraph offers visitor data at the Census Block Group level that allows for extremely accurate insights related to age, gender, race, citizenship status, income, and more,” one of the CDC documents reads according to the Motherboard report.
Location data is supposed to be anonymous, but it could be quite simple to pinpoint the identity of an individual user through the available information. SafeGraph obtains its data from smartphone apps, as well as other data brokers, and sells the data to just about anyone. That’s what makes companies like SafeGraph potentially dangerous, and the reason why SafeGraph was banned by Google in 2021.
On the other hand, Google and Apple created an Exposure Notification System for iPhones and Android phones to notify users if they have been exposed to someone that tested positive for COVID-19. But that information is collected by the phones interfacing with one another over Bluetooth, exchanging anonymous identifiers that help with contact tracing of the virus. Additionally, using the service is optional, and users have to opt in rather than be volunteered for it without their knowledge.
Despite ongoing ease on restrictions related to the spread of the coronavirus, the CDC continues to try and push for things like mask mandates on planes. However, it’s not clear how this potential invasion of privacy of millions of smartphone users will affect public discourse towards the health agency.