With COVID-19 infections climbing in the U.S., officials are desperate for ways to track and control the spread, especially with limited testing available.

Google and Apple announced a joint effort last Friday to create a voluntary anonymous contact tracing network enabled by Android and iOS that would monitor the spread of infections by keeping track of people who are infected and those with whom they come into contact. People would download mobile apps from public health officials that would notify them if they had come into close proximity with infected people who also are using the network. The system would use Bluetooth Low Energy (BLE) transmissions, rather than GPS, so the location would not be tracked, and the tracking data would be stored on the phone and not in a centralized database — all of which will help maintain the privacy of participants.

However, there are numerous other COVID-19 mitigation efforts that are not as privacy-friendly because they employ location tracking and, most likely, central data storage.

Google announced it will release “Community Mobility Reports” that show trends over time by geography based on anonymized aggregated data from phones of people who have turned on the Location History setting. Facebook and other companies are providing to epidemiologists from around the world anonymized, aggregated data from mobile phones as part of the COVID-19 Mobility Data Network.

And the Centers for Disease Control (CDC) is tracking the anonymized movements of American citizens based on location data from mobile advertising companies. While privacy advocates consider these sort of tracking mechanisms to be invasive and unsettling, this data does help to reveal the public spaces still drawing crowds and guide subsequent policy decisions, but it raises concerns.

While I applaud government efforts to more effectively stop the spread of infections, there needs to be specific conditions and limitations on how this data is used, or we as a nation will face serious consequences. The government must mobilize to combat this invisible enemy, but we must also have parameters for how data is protected and used. Specifically, we need five guarantees.

Temporality

The PATRIOT Act, passed just six weeks after 9/11, gave the government unprecedented power to spy on American citizens. This may have made sense at the time, but the government continues to vacuum up millions of phone calls and text messages to this day. If companies like Google and Facebook are willing to share data with the government, there needs to be a clear and defined period as to the time span of the sharing and the retention period of that shared data.

Civil liberties

Following the September 11th attacks, law enforcement departments like the NYPD conducted illegal surveillance activities of the local Muslim population. That program has been compared to the Japanese-American internment camps of World War II and the FBI’s surveillance of African Americans who opposed segregation in the civil rights movement.

We must not allow this current pandemic to become another example of civil liberties falling by the wayside. The data being shared to protect us now cannot be used for surveillance or discrimination tactics, now or in the future.

Transparency

Any company that shares sensitive data with the government, such as location data, must be required to provide timely and fulsome transparency reports that are easy for the public to interpret.

Limited use and purpose specification

The OECD’s Fair Information Practice Principles (FIPPs) state that personal data should not be used for any purpose beyond the specified purpose of the data processing activity. We’ve witnessed numerous media exposés and regulatory actions against companies sharing location data for secondary purposes. In this case, location data collected and used to limit the spread of the virus should only be used for that specific purpose.

Data security

The government’s well-meaning intentions to protect citizens does not automatically mean it will secure their sensitive data. If anything, there will likely be an uptick in cybercrime during the pandemic. The government owes it to its citizens to ensure the appropriate administrative, technical and physical safeguards are in place.

As U.S. officials explore their options, it’s unclear what lessons from history or types of data protections, if any, are actually being discussed. We can only go on what we’ve heard from news reports: Palantir, the data mining company that uses War on Terror tools to track Americans, is in talks with the CDC to do data collection related to disease tracking.

Facial recognition company Clearview AI, which has been harshly criticized for selling its software to law enforcement, private companies and authoritarian regimes, is talking to state agencies about using its data-driven insights to track infections. Unacast has been giving local counties social-distancing grades based on citizens’ location data.

Let freedom ring

The U.S. does need to find a practical path forward. There are actually several different types of location data collected, used and shared by a variety of different commercial entities — so it would be best to first determine which data is most valuable and who are the key partners. Doctors, researchers, academics, ethicists and legal experts should be actively included in conversations with these tech companies.

In addition, privacy preserving techniques must be used when sharing location data. The Apple-Google joint effort is the latest; others include Private Kit: Safe Paths and MIT’s SafeTrace platform, which also allow users to voluntarily share data through means that are anonymized, decentralized and encrypted.

The challenge here is that it’s difficult to actually guarantee that anonymized data (data that has no chance of identifying a person) is truly anonymous, without being subject to additional contractual, technical and administrative controls. And platforms that rely on users voluntarily submitting their location and health status could end up with a low adoption rate, leading to skewed and inaccurate results.

Should it then be left up to our government to mandate all American citizens with a smartphone share their location data in the name of public health? Whatever happens, now, more than ever, it’s imperative that our local, state and federal authorities take into account the various data sharing proposals in a manner that puts the American citizen first.