Tunisian government efforts to contain Covid-19 raises privacy concerns

Governments are relying on data-driven technology to help contain the Covid-19 spread. The Tunisian government has been using SIM cards for tracking purposes. Cell site location information is one of the various methods used to trace individuals. Smartphones send signals to cell towers operated by telecommunications operators. This process generates information about a citizen’s precise location. The measures implemented by the Tunisian government opens a new debate about privacy. In fact, international human rights frameworks apply to measures implemented to track and manage Covid-19 using mobile location data.

On May 18, 2020, following measures to slow down the spread, the Tunisian health minister announced a plan to utilize an application to track those infected with COVID-19. The new adopted application is called “Ihmi” or Protect was developed by a Tunisian startup company. The ministry said that this App does not invade personal data in ways that undermine the law. However, Akil Nagati, head of the Wizz Labs start-up behind the app, avowed that personal data would be archived for 14 days under the control of the National Personal Data Protection Authority and will only be used by “L’Observatoire des maladies émergentes” (ONME) for contacting people about the pandemic, according to the New Arab.

On June 14, 2020, during an interview with Altessia TV, Tunisian PM Elyes Fakhfakh indicated that monitoring citizens through their SIM card enabled the government to detect overcrowded places and the extent of commitment to the procedures. Fakhfakh confirmed the existence of an operating room working around the clock to follow the movements through mobile phone chipsets.

Fakhfakh confirmed that the authority has already approved a procedure to monitor the whereabouts of Tunisians via mobile phone SIM card during the period of comprehensive quarantine. “We do not monitor citizens and their personal data, and all monitoring activities were done in cooperation with the Personal Data Protection Authority”.

According to Mozaique Fm, Minister of Telecommunications Technologies and Digital transformation Mohamed Fadhel Kraiem said that the application used to track the extent of commitment to the quarantine “Manara” was used in conjunction with other applications. The process was done in full coordination with the Personal Data Protection Authority. Chawki Kaddas, Head of the Authority already denied knowledge of such application. “We are completely unaware of this project, despite our advice on the rest of the projects that concern personal data”, Kaddas told Mozaique Fm.

Minister of Telecommunications and Digital Transformation Mohamed Fadhel Kraiem avowed that there is an email on the subject dated April 4, 2020. This email includes a list of all the applications launched to counter Covid-19. “I suspect that there is a misunderstanding from the Personal Data Protection Authority Chairman,” said Kraiem.

The National Authority for the protection of Personal Data (INPDP) issued a notice regarding the issue on June 15, 2020. “The head of INPDP was consulted by the ministry in charge by email regarding the usage of a number of applications (Wikaya, StopCorona) including “Manara” that turns out to be the application explicitly mentioned by PM Fakhfakh” states the notice. The document issued by INPDP referred to an email sent by Kaddas on April 4, 2020, through which he evaluated the “Manara” application. Back then, Kaddas pointed out that if this procedure was used without identifying phone number owners, then it doesn’t violate the provisions related to the protection of personal data”. Kaddas emphasized that every observation of individuals while revealing their identities requires legal permission.

On June 15, 2020, the Ministry Of Communication And Digital Transformation Technologies published a notice on Facebook saying that this application relies on general data on the mobility of mobile phone use in a given area without relying on the personal data of citizens. “The Ministry confirms that is it is keen to respect the legal framework regarding the protection of personal data, in consultation with the National Authority for the Protection of Personal Data”.

The Ministry’s statement seems ironic as tracking the mobility of mobile phone usage means knowing the number’s movement. Thus, the ministry tracks a citizen’s movement, which violates their rights to privacy. In fact, Tunisia introduced mandatory SIM card registration in 2014.  Since then, mobile phone customers in Tunisia are required to present documentary evidence to prove their identity upon purchase of a SIM card.

“Governments must be transparent about the measures they are taking. Any claims that data is anonymous must be based on evidence and supported with sufficient information regarding how it has been anonymized” said Amnesty International in a joint civil society statement about State use of digital surveillance technology released on April 2, 2020.

The Tunisian constitution adopted in January 2014 contains explicit protection of the right to privacy. On March 9, 2018, the Minister of Justice Ghazi Jeribi announced that Tunisia would become the first country outside of the European Union to have a law on personal data protection. This law was approved in March 2018 and came into force on March 25, 2018.  However, there is a risk that many of these technology capabilities may become the norm of every Tunisian life in the future, as well as other countries in the world today.

Tracking applications are used as part of emergency measures but governments may retain the power of these tools for future use- tracking protestors for example. Samuel Woodhams, Top10VPN’s Digital Rights Lead, has commented on tracking tools used by the government saying that these measures will become the norm around the world. “Although some applications may appear entirely legitimate, many pose risk to citizens’ right to privacy and freedom of expression,” he told Business Insider.