Many countries are using or developing contact-tracing apps to track the COVID 19 virus among their populations. These apps use Bluetooth to identify which phones a user’s phone has come into close contact with and then notifies those phones if the user reports symptoms or is diagnosed. Some apps collect additional data such as home address/area, GPS location or phone number.

A split has formed between countries choosing to adopt a ‘centralised’ versus a ‘decentralised’ approach to contact-tracing apps.

  • Centralised contact-tracing apps store a user’s Bluetooth ID in a central database as well as the Bluetooth IDs of phones they have come into contact with (and any other data being collected) – enabling better visibility of data by health services or governments. Countries using or planning to use this approach include: China, France, India, Norway and the UK.

  • Decentralised contact-tracing apps only store a user’s Bluetooth ID (and any other data being collected) in a central database and contact-tracing is done at the phone level, without sharing the information centrally – enabling stronger data privacy. Countries using or planning to use this approach include: Germany, Switzerland, Austria, Latvia, Estonia, Finland, Ireland and Canada.

Tech giants Apple and Google, who run mobile phone operating systems iOS and Android, openly back a decentralised approach. They have developed their own platform for decentralised contact-tracing apps and Apple has declined to make their iOS system compatible with a centralised approach (resulting is reduced app functionality and drained phone batteries). As a result, Singapore, Colombia, Australia and Poland - who were planning for or already operating a centralised approach - have signalled that they will move to a decentralised one. 

Centralised and decentralised contact-tracing apps are not fully compatible with each other; making it difficult to trace the virus across borders if countries are using different approaches.

So what?

A key trade-off between approaches is whether to maximise data availability to health services or privacy protections to individuals (see signal of change - Data protection rules are being relaxed across the globe in response to the COVID-19 pandemic). Should it be up to individual governments or companies to make this choice - especially where cross-border cooperation is key?

What lessons can we learn from this challenge to help international monitoring and cooperation on other key cross-border issues, such as climate and biodiversity?

Does the role of tech giants in the centralised / decentralised debate indicate a move towards greater respect for data privacy – or more opportunities to hold governments to ransom?

Signal spotter: Joanie Koh


Photo by Macau Photo Agency on Unsplash


Join over 10,000 professionals receiving our monthly summary of latest signals of change and sensemaking analysis!

Sign up to our newsletter