Sage Journals: Discover world-class research

Abstract

The COVID-19 pandemic brings the topic of citizen data management (CDAMA) into the public eye. This study is one of the first attempts to analyze the national approaches for CDAMA applied by governments of different countries and continents in public sectors. The study first conducts a systematic overview of the representative contact tracing apps in 21 countries of four continents, collecting information of the four aspects of the CDAMA system. It then summarizes and analyzes the various governments’ approaches to the CDAMA system applied by different countries and continents based on the app overview. We found that governments’ priority between national safety (i.e., public health in this study) and citizen privacy is different in terms of their national approaches for CDAMA. For example, governments of Asian countries are more intrusive and hold a stricter attitude in their national CDAMA approach than countries elsewhere. Our study has contributions both theoretically and practically. Theoretically, it fills the literature gap about data management by discussing the data management in governments; practically, the study provides the background information as well as implications for future debates and discussions on governments’ data management system and citizen data use.

Keywords

COVID-19 citizen data management contact tracing app pandemic technology

1. Introduction

The COVID-19 crisis has urged governments worldwide to apply various technological solutions to manage their citizens more effectively and fight against the pandemic (Mora et al., 2021; Nasseef et al., 2021). The contact tracing app is one of the technological solutions applied by governments (Das & Zhang, 2021; Meijer & Webster, 2020; Urbaczewski & Lee, 2020). In particular, with the help of contact tracing apps, citizen data, including close contacts, location, time, and date, is collected, stored, and shared with the government if this individual was tested positive. In this way, governments are able to minimize the negative impact of the virus, conduct quarantine on a limited number of people, and curb the transmission chain of the virus (Mora et al., 2021). Along with the release of these apps, governments’ different national approaches for citizen data management (CDAMA) are reflected in the process.

However, since COVID-19 and contact tracing apps are recent developments, it is not well-studied how different countries develop and use citizen data to handle the pandemic, let alone a systematic overview. It is vital to examine the divergent national approaches of CDAMA as it fills the gaps of the literature about data management. Firstly, previous literature discussed data management from the perspective of private sectors and in industrial environments rather than public sectors (DAMA International, 2010; Lucas-Estan et al., 2018; Raptis et al., 2019). In addition, although there are some attempts to study data management in governments, such as the foresight report The Future of Citizen Data Systems (Government Office for Science, Government of U.K., 2020), these are discussed in a generic way – they did not analyze the pattern of each government in data management with specific case analysis, and their data did not allow researchers to conduct detailed comparison among various countries and continents.

To fill the literature gap mentioned above, this study uses the specific cases of governments’ contact tracing apps as a niche to analyze the various styles of CDAMA systems taken by different countries and continents. More specifically, it first systematically overviews typical cases of contact tracing apps in 21 countries from 4 continents during COVID-19, and then synthesizes the implications of CDAMA systems of governments in various countries and continents based on the case summary. The study aims to answer the following three research questions: 1) What contact tracing apps have been developed by different countries? 2) How do governments in different countries manage (i.e., collect and store) citizen data? and 3) What are the characteristics of the national approaches for CDAMA of each government and whether there are any patterns across different countries and continents?

By answering the three research questions above, this study aims to make three major contributions: First, it aims to provide a comprehensive and systematic overview of the representative contact tracing apps worldwide, which can be served as background information for future debates and discussions on governments’ data management systems and citizen data use. Second, the study summarizes and discusses different national approaches for CDAMA systems for future practical and academic use. Lastly, it fills the research gap on data management by adding governments as the unit of analysis.

The rest of the article is organized as follows. The following section (Section 2) explains the definition of the citizen data management (CDAMA) system and provides rationales about why our study focuses on the processes and technologies involved in the data collection and data storage in the CDAMA system. Section 3 introduces contact tracing apps, which is the case of this study, and explains the specifications of the CDAMA system in the case of contact tracing apps. Section 4 elaborates the methodology of our study, especially our rationales of the case and data selection and collection. Section 5 provides detailed case descriptions of contact tracing apps in 21 countries from four continents, answering the first and second research questions. Section 6 explains findings and offers implications about the national approaches for CDAMA in response to COVID-19 based on the case summary of contact tracing apps, which answers the third research question. Finally, the last section – Section 7 – provides discussion points along with future research directions and conclusions. A unique contribution of this study is that it focuses on data management in governments, and more specifically, the national approaches of CDAMA decided by the governments of different countries during the COVID-19 pandemic.

2. Citizen data management

Citizen data management (CDAMA) has become a critical topic during COVID-19 (Government Office for Science, Government of U.K., 2020) because on one hand, citizen data enables governments to manage the disease more effectively, while on the other hand, sharing citizen data with governments easily arouse citizens’ privacy concerns. Despite its increasing importance, the concept of data management is still discussed massively from the perspective of private sectors, such as business enterprises. For example, the Data Management Body of Knowledge (DAMA-DMBOK), as the world’s well-known data management industry guide, defines and guides data management in private sector organizations. Lucas-Estañ et al. (2018) proposed data management architecture along with the trend of Industry 4.0 where factories’ different production parts need to contain some digitalized and intelligent elements; Raptis et al. (2019) summarized data management in an industrial environment as well as the data properties, design, and philosophy.

Among the few researches and government reports that discussed CDAMA in governments, U.K. Government’s foresight report The Future of Citizen Data Systems (Government Office for Science, Government of U.K., 2020) defined both citizen data and CDAMA system. In the report, citizen data was defined as “any data that could originate from or relate to any individuals or groups of people from any country, now or in future” (p. 13), which includes DNA, fingerprint, passport number, identity card number, name, home address, date of birth, I.P. address, tracking cookies, location, etc. The national CDAMA system is defined as “the people, processes, and technologies involved in collecting, discovering, storing, analyzing, linking, and sharing citizen data” (p. 13).

Based on the definition of the CDAMA system mentioned above, this study focuses mainly on the processes and technologies of citizen data collection and storage. We select the elements of processes and technologies in the CDAMA system is because process and technology can explicitly reflect the national approaches for CDAMA of different countries. We select the procedures of data collection and data storage in the CDAMA system is because – firstly, data collection and storage are the most basic and initial steps for CDAMA, and lay an essential foundation for the following steps in the system, such as data analysis and data sharing. Secondly, data collection and storage are the two procedures where the government-citizen interaction happen most frequently, among all six data procedures (see CDAMA’s definition mentioned above) in the CDAMA. Given the essentiality and the attention aroused among the public and researchers, this study focuses on four variables altogether, which are 1) the process of data collection, 2) the technology of data collection, 3) the process of data storage, and 4) the technology of data collection (see Fig. 1). The focus on the four variables also gives our study the structure when collecting information for the overview of contact tracing apps.

Figure 1.

The focus of this study: four aspects in the CDAMA system.

3. Contact tracing apps and their measurement

This study uses contact tracing apps1

¹
Based on WHO (2020), digital tools for contact tracing are classified into three categories, which are 1) outbreak response tool, 2) proximity tracing tool, and 3) symptom tracking tool. This study mainly discusses the second tool – proximity tracing, which refers to the tools using technologies such as GPS or Bluetooth to record the contact history of the individual. It is used the most commonly during this COVID-19, of which the representatives include different check-in and scanning apps in the smartphone and the wearable tokens.

as a niche to investigate and have a better understanding of the national CDAMA systems of different countries. We selected the contact tracing app as our case of analysis because contact tracing app is a technological tool developed and promoted by the governments to apply to their citizens during COVID-19. The app enables governments to manage the pandemic more effectively and efficiently by collecting, storing, and sharing citizen data with the government for analysis (Mora et al., 2021). Therefore, by overviewing contact tracing apps, governments’ approaches for CDAMA can be reflected explicitly.

We specify the four aspects (as mentioned in Section 2) in the CDAMA system in contact tracing apps. The process of data collection is specified as the compliance policy of the app; the technology of data collection is specified as the sensor technology of the app; the process of data storage is specified as the app framework; and the technology of data storage is specified as the app protocol. Figure 2 demonstrates it.

Figure 2.

Specifications of the four aspects in the case of contact tracing apps.

We then select the most suitable measurements for the four aspects of the apps based on prior research. Figure 3 visualize the four aspects and their measurements, and the following section will explain in detail the four measurements, including the compliance policy of the app (Section 3.1), the sensor technology of the app (Section 3.2), the app framework (Section 3.3), and the app protocol (Section 3.4).

Figure 3.

Measurements of the specifications in contact tracing apps.

3.1 Data collection process: Compliance policy of the app

In our study, we measure the compliance policy by whether it is mandatory or voluntary. In the case of contact tracing apps, the compliance policy refers to the policies that the governments used to encourage or push the citizens to download and use the app, and thus governments could collect the data. Among governments’ various policies to motivate their citizens, such as the prize or penalty of using or not using the app, the most effective policy is that some governments make it mandatory for the citizens to download and use the app, while the others remain it voluntary.

3.2 Data collection technology: Sensor technology of the app

We measure the sensor technology by whether the app uses Bluetooth alone or other technologies, such as GPS and the combination of sensor technologies. GPS and Bluetooth are the two most popular sensor technologies used in digital contact tracing to collect citizens’ location information (Li & Guo, 2020). According to Chowdhury et al. (2020), GPS uses GPS satellites to capture GPS signals and identifies one’s location via coordinated longitude and altitude, but its drawback is the lack of accuracy when the person is indoor. Apps using GPS technology include India’s Aarogya Setu and South Korea’s Corona100. Bluetooth uses the Received Signal Strength Indicator (RSSI) to measure the proximity between two individuals, but it can work only when they turn on their Bluetooth (Chowdhury et al. 2020). Apps using Bluetooth technology include Australia’s COVIDSafe, Singapore’s TraceTogether, and U.K.’s NHS COVID-19 app. Besides GPS and Bluetooth, other sensor technologies include Q.R. code scanning, telecommunication technology, and the combination of different sensor technologies.

Among all the technologies, Bluetooth is the least invasive in citizen data collection. It is because with Bluetooth, citizens have options on whether or not, when, and where their data is collected – they can just turn off Bluetooth when they do not want their data to be collected. On the contrary, other technologies, especially telecommunication technology, is more invasive in data collection that citizen data will be collected regardless of their unwillingness to do so. Therefore, this article measures sensor technology by checking whether it uses Bluetooth only or other sensor technologies.

3.3 Data storage process: App framework

We measure the app framework by whether it is centralized or decentralized. Based on the data storage process, researchers categorized the digital contact tracing apps into two app frameworks, which are centralized and decentralized. Centralized apps store citizen data in a central server that is managed by the government, and so the government will have more control over citizen data. Decentralized apps store citizen data on their own mobile phones rather than a central server (which is usually managed by the government), and so citizens have more control over their own data (Akinbi et al., 2020; Cellan-Jones & Kelion, 2020).

It is worth mentioning that while the app framework (measured by centralized/ decentralized) contains elements of both technology and process, this study regards the app framework as the process rather than the technology of the data storage because the core of the framework is about how and where the citizen data is stored. While this process contains technologies inside, it is more about the processes of data storage. Additionally, the two elements (technologies and processes) regarding the data framework are not necessarily mutually exclusive with each other.

3.4 Data storage technology: App protocol

We measure the app protocol used by whether it is Apple-Google API exposure or other protocols. Apps with different app frameworks have their app protocols accordingly – centralized apps use various protocols, such as the BlueTrace protocol,2

²
For the protocols used for centralized framework apps, the BlueTrace protocol is a typical protocol, and it is self-developed by the Singapore government. Ahmed et al. (2020) specified the process of how the BlueTrace protocol works, from app registration, encounter information registration, encounter data uploading, and the processing of encounter data. Upon registration for the centralized apps, individuals are required to hand in their personal information such as name, age, phone number, etc., and the individuals need to verify their phone number. The central tracing app server generates a temporary ID for that individual every 15 minutes, which is linked to that phone number. Once the individual meets with other individuals who turn on that tracing app, their encounter information is exchanged via Bluetooth, and this encounter information is stored in the app server. After the individual is diagnosed with the pandemic and agrees to upload the data to health officials, the server will share this stored encounter data of that individual with the government. The health officials will notify the close contacts who are potentially exposed to the pandemic accordingly. In this case, the central app server has too much power and authority over too much personal data, and once they collaborate with the government, individuals’ privacy will be transparent to the government.

and decentralized apps mainly use protocol of the Apple-Google Exposure Notification API (Apple-Google API). Our study uses Apple-Google API/other protocols as the measurement for the protocol because while the protocols for centralized apps are various, almost all the decentralized apps use Apple-Google API for their protocol.

4. Methodology

Our paper uses the case of contact tracing apps to analyze the CDAMA systems of countries worldwide. More specifically, it first systematically overviews the typical contact tracing apps, and then synthesizes and discusses insights regarding CDAMA of each country, the country that developed and implemented these apps. Hence, this section explains in detail what countries’ contact tracing apps are selected, why they are selected, what information of the selected apps we collect, and how the information is collected.

First, regarding what contact tracing apps are selected, this study selects 21 contact tracing apps worldwide. Among the 21 apps, around half (10/21) is from Asia, and one-third is from Europe (7/21). Among the documented 49 contact tracing apps worldwide in MIT Technology Review Covid Contact Tracing Tracker (MIT Tracker) which is last updated in Jan 2021, the study selects 21 representative contact tracing apps.

Second, regarding the rationale and criteria for app selection, the study selects 21 contact tracing apps, which are 1) released already, 2) being implemented currently, and 3) frequently mentioned by journal articles and news articles for the sake of data collection and analysis. With the theoretical sampling method, we regard our sample representative because we can observe patterns in the national approaches of CDAMA in response to COVID-19. Additionally, our sample of the country cases covers almost half of all the apps around the world (21/49). In addition, it covers almost all the critical and representative apps worldwide. Finally, it summarizes more than one app for each continent and more than seven apps for Asia and European countries. This helps offer a comparatively comprehensive picture of the approaches of data management continent-wise.

Third, regarding the information on the selected apps, as mentioned in Section 3, this study mainly focuses on the processes and technologies involved in data collection and data storage. We collect information of the selected apps accordingly, including its compliance policy (i.e., data collection process), sensor technology (data collection technology), app framework (data storage process), and app protocol (data storage technology). Besides, we also collect basic information of contact tracing apps, including the tool name, launch date, developer, and adoption rate. Table 1 provides the summary of all the information collected in our study about contact tracing apps.

Table 1
Summary table: Data collected for each contact tracing app

Basic information	Citizen data management (CDAMA) system
	Four aspects	Specification in contact tracing app	Measurement
Continent, country, and tool name	Data collection process	Compliance policy	Mandatory/Voluntary
Developer	Data collection technology	Sensor technology	Bluetooth alone/Other technologies
Launch date	Data storage process	App framework	Centralized/Decentralized
Adoption rate	Data storage technology	App protocol	Apple-Google API/Other protocols

Finally, regarding how the information is collected, information about the apps is mainly from three sources: 1) news articles, 2) government documents, and 3) journal articles. For the news articles, this study purposefully selects mainstream tech newspapers and websites (such as techcrunch.com and the Financial Times) to increase the trustworthiness of the information, with the search keywords of the “app name,” such as “TraceTogether” and “app name $+$ country,” such as “TraceTogether $+$ Singapore”. For the government documents, which include government news and reports, this study goes to the official government webpages and searches the key words using the app names. For the journal articles, the study searches journal articles in the Web of Science (WoS), Scopus, and Google Scholar, and focuses on essays published after the year 2020, during which all the apps were launched.

All three sources have advantages and limitations. For example, the main advantage of the news articles is their timeliness (e.g., the response time is usually shorter than three days), but meanwhile its major limitation is that some information might not be accurate. Although the main advantage of journal articles is that they are typically precise and trustworthy, a major limitation is their time delay due to peer review or the accountability process (Bryman, 2016). While government documents cover policies in detail, they may not be objective because they tend to emphasize the app’s benefits and prevent the costs. In this case, journal articles tend to be more objective, and the peer review or editorial review process may further improve the quality of the articles (Bryman, 2016). Hence, the combination of these information sources can double-check and supplement each other.

5. Case description and main findings

This section systematically overviews the cases of contact tracing apps in 21 countries of four continents. The cases are categorized based on continents, from Asia, Europe, North America, to Oceania, and within each category of the continent, the cases are sequenced in alphabetical order. The appendix provides a brief summary of the 21 cases. It is noteworthy that given the extra attention of apps gained worldwide – both from media (such as news articles) and academia (such as journal articles), the apps of countries such as China (Case #1), India (Case #2), Singapore (Case #7), France (Case #13), and U.K. (Case #17) occupies more space than others such as Malaysia (Case #5), Vietnam (Case #10), and Austria (Case #11).

5.1 Continent 1: Asia

5.1.1 Case #1 – China: Health Code mini-program

First released on Feb 9 ${}^{\text{th}}$ 2020, China’s Health Code is a mandatory digital contact tracing tool that uses telecommunication technology and Q.R. code scanning as its sensor technology to collect citizens’ personal information, including their name, I.D. number, phone number, home address, and their travel history (Akinbi et al., 2020; Chowdhury et al., 2020; Utz et al., 2020). While the official did not reveal the protocol of the mini-program, we know that the mini-program uses a centralized framework that stored the data in a central server managed by the government (i.e., the State Information Center and the National Health Commission of China) and technology companies (i.e., Alibaba and Tencent) (Zhu & Wu, 2020). Specifically, it is integrated as a mini-program into Alibaba’s Alipay app and Tencent’s Wechat app, the two most-used apps in China, to guarantee the widespread and coverage of the Health Code – by Feb 2021, the contact tracing mini-program has reached around 65% coverage of the whole population in China and complete coverage of travelers (China Internet Network Information Center 2021; Li & Guo, 2020; Yang et al., 2021; Zhu & Wu, 2020). Based on the data, the app evaluates the health status of the individual and generates a health color: green refers to healthy (unrestricted movement), yellow refers to observation required (suggestion of self-isolation), and red refers to dangerous (mandatory self-quarantine) (Chowdhury et al., 2020; Yang et al., 2021). As the first mandatory digital contact tracing tool worldwide, China used the Health Code efficiently and effectively to prevent the further expansion of the pandemic. However, it meets some critics and doubts on the privacy issue – researchers argue that the central government and the Communist Party overly collected personal information from citizens, and this information might be used for surveillance by the government post-COVID-19 (Chowdhury et al., 2020; Kluth, 2020).

5.1.2 Case #2 – India: Aarogya setu app

Developed by the National Informatics Centre (NIC) under the Indian government, the Aarogya Setu app was launched in April 2020 and in more than 12 Indian languages (Gupta et al., 2020). The app is designed to include four sections, which are 1) health status, 2) self-assessment, 3) COVID-19 news update, and 4) E-Pass. Among these four sections, the “health status” section plays the most part for contact tracing, in which the app uses both Bluetooth and GPS as sensor technology to track and collect citizens’ contact and location data (Ahmed et al., 2020; Basu, 2021). The app uses GPS and Bluetooth because it can use the GPS data to identify and predict hotspots for the possible virus infection areas. The app uses a centralized framework – after individual’s contact and location data is collected, his/her data will be stored both in his/her mobile phone and the central server. Once the individual is infected, the app will receive real-time infection information from the Indian Council of Medical Research database, and the app will then request the infected individual to share contact data. After getting approval from the infected, the app will upload the data stored in the central server to the government (Basu, 2021; Gupta et al., 2020). Interestingly, the Indian government initially refused to open their code for this app for the sake of national security issues. But their lack of transparency met critics, and later the government agreed to openly share their code. The app is mandatory by the Indian government for people who work in public and private sectors and those who live in the containment zones (Ahmed et al., 2020; Chowdhury et al., 2020). By Jan 2021, the app’s adoption rate has reached 12.05% nationwide (MIT Tracker, 2021).

5.1.3 Case #3 – Indonesia: PeduiLindungi app

Developed by the Indonesian government (i.e., the Communications and Information Ministry and the State-Owned Enterprises Ministry) and launched on Apr 10 ${}^{\text{th}}$ 2020, the PeduiLindungi app uses both Bluetooth and GPS as sensor technologies to notify citizens of the high-risk zone and track their contact and travel history (Amann et al., 2021; Fachriansyah & Syakriah, 2020). The app requests permission to access to users’ location and camera, as well as users’ complete names during the app registration (Shepherdson & Boxall, 2020). By knowing users’ location and real names, the app is able to notify users when they are close to the red zone, the area where infected cases are reported (Lin et al., 2020; Indrapati et al., 2020). In addition to the notification function, new features “digital diary” and face recognition were added to the app to record the citizens’ locations (by scanning Q.R. code) and check if the citizen has worn a mask before entering public areas (Lin et al., 2020). According to Communication and Information Technology Minister Johnny G. Plate, “the data will be archived and converted into Q.R. codes that will be sent to the Health Ministry,” and the app uses a centralized framework in data storage (Marchelin, 2020).

5.1.4 Case #4 – Israel: HaMagen app

First launched in Mar 2020, Israel’s HaMagen app, which used GPS for data collection, was criticized for the inaccuracy of false positive. After that, the Health Ministry of Israel revamped the HaMagen app by using both Bluetooth and GPS to guarantee the accuracy and efficiency of the contact tracing app, and it is re-launched on Jul 27 ${}^{\text{th}}$ 2020 (Sokol & Staff, 2020). The app collects location-based personal data, which is identifiable information for the infected. Therefore, even if the app uses a decentralized framework for data collection (which means that the data will only be stored on the individual’s mobile device rather than any central server and will be shared with the government only after the individual is confirmed infection and agrees to share), citizen privacy is still at risk when compared to other decentralized apps (Sönmez & Celik, 2020; Sun et al., 2021). Despite the privacy concerns, the app enjoys an adoption rate of around 25% (MIT Tracker, 2021) due to its mandatory compliance policy. It is noteworthy that the contact tracing app is developed by Shin Bet, Israel’s internal security service. The successful development of the HaMagen app means that Shin Bet gains more power over people’s individual data (Sönmez & Celik, 2020).

5.1.5 Case #5 – Malaysia: MyTrace app

Malaysian government developed three main applications to manage COVID-19 at the state level, which are 1) MyTrace for contact tracing, 2) Gerak Malaysia for monitoring interstate travel, and 3) MySejahtera for self-assessment of health status and latest information about the pandemic (Bunyan, 2020; Yatid, 2020). To supplement the MySejahtera app, MyTrace app tracks and records citizens’ contact history via Bluetooth and is released after the release of MySejahtera (“COVID-19: ‘MyTrace’ app”, 2020). According to Shepherdson and Boxall (2020), little information has been revealed on how citizens’ data is processed within the app. According to MIT Tracker (2021), the voluntary MyTrace app uses Bluetooth as sensor technology, and decentralized data storage as framework.

5.1.6 Case #6 – Philippines: StaySafe.ph app

Released on Sep 3 ${}^{\text{rd}}$ 2021, the Philippines’ national contact tracing app StaySafe.ph is developed by a Manila-based private company Multisys Technologies Corp and is funded by the central government (Department of the Interior and Local Government (DILG), Republican of The Philippines, 2021). Upon its launch, the app received support from big private companies in the Philippines, such as S.M. Supermalls, McDonald’s, and Jollibee Foods Corporation (Moaje, 2020). Despite its financial support towards the app development, the Philippines government still tried to develop its own national contact tracing app in Oct 2020, one month after the launch of StaySafe.ph, because the government has security concerns over this private-company-developed app (Salaverria, 2020). But soon, in November 2020, the national government announced that 1) the use of StaySafe.ph app is mandatory for staffs in national and local government agencies, and 2) the respective contact tracing apps used by local governments need to integrate into the national contact tracing app StaySafe.ph (Salaverria, 2020; Aguilar, 2021). It is because the national government already set safeguards to guarantee data protection from the private developer company, and the app uses a centralized framework that individuals’ data is stored in a central server that is managed by the government. Philippine’s StaySafe app uses Bluetooth as its sensor technology for data collection and is voluntary for citizens (Shahroz et al., 2021).

5.1.7 Case #7 – Singapore: TraceTogether app

Launched by the government on Mar 20 ${}^{\text{th}}$ 2020, Singapore’s TraceTogether app is one of the pioneers of the contact tracing apps worldwide. It uses Bluetooth and Q.R. code scanning as its sensor technology to collect citizen data, and uses the app protocol of BlueTrace – it gives citizens random time-varying tokens as their TempID to protect the infected’s personal information from snoopers; once the citizen is confirmed infection, the notification will be given to the close contacts of that individual from the government without sharing identifiable information of the infected to protect them from the contacts (Ahmed et al., 2020; Cho et al., 2020; Chowdhury et al., 2020). Despite the protection of the infected from other citizens, TraceTogether app did not protect the personal information of the infected from the government because the app uses a centralized framework and all citizens’ information (including the identifiable personal data and their close contacts’ phone number data) is stored in a central server managed by the government, and will be uploaded to the government once the infected are confirmed and agree to share their data with the government (Cho et al., 2020). Originally when the app was first launched, citizens’ adoption of the TraceTogether app was voluntary, leading to a low download rate of 25% two months after its release (Bahaudin & Wong, 2020). The government merged the TraceTogether app with the SafeEntry system, a digital check-in system for public areas to boost its download rate. By doing so, the so-called “voluntary” TraceTogether app is de facto mandatory in terms of public adoption. The Singapore government announced officially on Oct 20 ${}^{\text{th}}$ 2020 that the TraceTogether will become mandatory by December 2020 and did the pilot in cinemas from Oct 19th (Wong, 2020). With this de facto mandatory policy, TraceTogether app and its token enjoy a public adoption rate of 80% by Jan 2021, which is the highest among all countries worldwide (Tham, 2021).

5.1.8 Case #8 – South Korea: Corona 100m app

While it is the government who developed the digital contact tracing tool in most countries, South Korea’s Corona 100m app is developed by the private sector, of which the representative developer is Bae Won-Seok (Kluth, 2020; Watson & Jeong, 2020). Launched as early as Feb 11 ${}^{\text{th}}$ , 2020 (only two days later than China’s launch of the Health Code mini-program), the Corona 100m app is one of the first contact tracing apps worldwide and is famous for its discounted privacy issue and trade-off with collective safety (Cho et al., 2020; Chowdhury et al., 2020; Kluth, 2020). More specifically, the app not only uses GPS to track individuals’ locations but also uses the data released in the public database of the government, such as footage from Closed Circuit Television (CCTV) cameras and credit card transaction records, to track individuals’ travel histories (Chowdhury et al., 2020; Kluth, 2020; Law & Choon, 2020; Mora et al., 2021). The app gains its name of “Corona 100m” because it will alert people with the possible infection if the app finds that they are passing by a place once visited by the infected within 100 meters (Wray, 2020). With the GPS and public databased as data collection method and the centralized data storage, the app can easily identify the personal information such as name, gender, and close contacts of the infected, but the download of the app is voluntary (Cho et al., 2020; Kim, 2020). While the biggest concern for this app is the privacy issue, Korean citizens seem to be fine with this invasion of personal information, for the sake of collective good. Kluth (2020) explained it in the cultural perspective and stated that this way of contact tracing would not fly in western countries; Akinbi et al. (2020) analyzed in the perspective of law and argued that laws that approve the government to collect and publish citizens’ personal data of the infected passes after the breakout of MERS in 2015.

5.1.9 Case #9 – Thailand: Mor Chana app

The Thailand government co-developed with private sectors and released their version of contact tracing app – Mor Chana app (which means “doctors win” in Thai), on April 10 ${}^{\text{th}}$ 2021, using both GPS and Bluetooth as its sensor technologies in the data collection (Shahroz et al., 2021; “Taweesilp clarifies ‘Mor Chana’ confusion”, 2021). Thai government’s attitude toward the compliance policy of citizens’ use of the app experienced a U-turn: despite the initial “recommend” attitude, the Centre for COVID-19 Situation Administration (CCSA) spokesman Dr. Taweesilp announced a few days later that people would get punishment (e.g., an up-to-40,000 baht-fine or 2-year imprisonment) if they do not use the app. He later apologized via his Facebook page that it is not mandatory and there will be no punishment if people do not use it, after receiving public criticism (Bangprapa & Wipatayotin, 2021). The Mor Chana app received critics because it failed in protecting citizen data – it uploads citizens’ individual data automatically to the central server and collects citizens’ location data via GPS (CTN News, 2021; “Taweesilp clarifies ‘Mor Chana’ confusion”, 2021). Despite the voluntary compliance policy, the app reached a download rate of more than 50% by Jan 2021 (MIT Tracker).

5.1.10 Case #10 – Vietnam: BlueZone app

Launched on Apr 18 ${}^{\text{th}}$ 2020, the BlueZone app is developed by the Ministry of Information and Communications in Vietnam (Shahroz et al., 2021). According to Li and Guo (2020), the BlueZone app uses Bluetooth as its sensor technology for data collection and decentralized framework for data storage. It reached 20% adoption rate in 2021 (MIT Tracker 2021). Nevertheless, not much information about Vietnam’s BlueZone app has been exposed on media till now.

5.2 Continent 2: Europe

5.2.1 Case #11 – Austria: Stopp corona

As one of the first countries to launch the contact tracing app, Austria launched its national contact tracing app Stopp Corona on Mar 25 ${}^{\text{th}}$ 2020 (Amann et al., 2021). This voluntary app’s birth signals a perfect partnership between the Austrian government and the Austrian Red Cross (Accenture, 2020). In particular, the Austrian Red Cross was delegated by the government, and asked Accenture, an American-Irish company, to develop the contact tracing app for the country (Li & Guo, 2020). The app adopts a decentralized framework that individuals’ data is stored in a cloud server hosted by the Red Cross rather than the government – the Red Cross as a mediator controls whether the individuals’ data will be uploaded to the government or not (Bock et al., 2020; Fritz & Klimpfinger, 2020).

5.2.2 Case #12 – Finland: Koronavilkku app

Released on Aug 31 ${}^{\text{st}}$ , 2020, the Koronavilkku app was jointly developed by the private companies Solita and SoteDigi, as well as the government agencies Kela (i.e., The Social Insurance Institution), Ministry of Social Affairs and Health, and the Institute for Health and Welfare (THL) (Ministry of Social Affairs and Health, Finnish Government, 2020). While strongly recommended by THL, the download and use of the app are voluntary. In addition, governments’ control over citizen data is minimal – based on the THL official website,3

³
link: https://koronavilkku.fi/en/faq/.

the Finnish government uses the app protocol of Apple-Google API exposure and the decentralized app framework to store citizen data, and uses Bluetooth alone as its sensor technology to collect data. THL announced on Jan 7

{}^{\text{th}}

2021 that Finland’s Koronavilkku app was able to interoperable with national contact tracing apps from other E.U. countries, including Germany, Italy, Ireland, Spain, Denmark, the Netherlands, and Poland.

5.2.3 Case #13 – France: TousAntiCovid app

The TousAntiCovid app, where “Tous Anti Covid” refers to “everyone against COVID-19”, is a relaunched app after the failed launch of StopCovid, the first version of the contact tracing app (Sun et al., 2021). The first version StopCovid is launched on Jun 2nd 2020, while the rebranded TousAntiCovid app is launched on Oct 21st. The government relaunched the app to have more functions besides contact tracing (Dillet, 2020a). France’s contact tracing app is a rebellious one among its European counterparts. For example, firstly, it develops its own app protocol rather than uses the Apple-Google API or other protocols such as BlueTrace (which is used by Singapore and Australia). France’s self-developed protocol ROBust and privacy-presERving proximity Tracing (ROBERT) is developed by research institutes INRIA in France and Fraunhofer in Germany and several private companies (Ahmed et al., 2020; Dillet, 2020b). Secondly, France uses a centralized app framework for their data storage, different from most European countries that use decentralized frameworks. Based on Ministry of Solidarity and Health in France (2020), the government hesitated between the two frameworks and finally chose a centralized one because it could offer more data security than the decentralized one – the centralized framework prevented the list of contact information from leaking because the data will not store on citizens’ individual mobile devices.

5.2.4 Case #14 – Germany: Corona-Warn-App

Launched on Jun 16 ${}^{\text{th}}$ 2020, Germany’s Corona-Warn app is developed by the Robert Koch Institute (RKI) (Ahmed et al., 2020). The Corona-Warn app uses the protocol of the Apple-Google API, and uses Bluetooth as its sensor technology to collect non-identifiable information of the citizens (Utz et al., 2020). Eigen and Gasser (2020a) explained in detail the app’s working mechanism: the mobile devices generate and exchange randomized I.D. with the app users nearby, and once the citizen is diagnosed and agrees to share his data with the government, the unidentifiable information will be shared with the government. Meanwhile, the app will send notifications to the close contacts a warning message, together with their risk level according to the distance and duration between them and the infected citizen. The app uses the decentralized app framework. Due to historical reasons, transparency and decentralized data collection is an important and sensitive topic to Germans (Eigen & Gasser, 2020a; Kluth, 2020). After experiencing the centralized data collection method used by the Nazi Gestapo, Germans select the decentralized app framework and openly share the app’s code on Github (Eigen & Gasser, 2020a; Kluth, 2020). The Corona-Warn app has been downloaded 22.8 million times until Nov 19 ${}^{\text{th}}$ 2020, among the 83.78 million populations in Germany, which means it already covered around 30% of Germany’s whole population (Beierle et al., 2020).

5.2.5 Case #15 – Italy: Immuno app

The Italian Ministry of Health and the Minister of Technological Innovation developed their national contact tracing app Immuni and released it on Jun 1 ${}^{\text{st}}$ 2020 (Italian Government Tourist Board, 2021). According to the Immuno official website,4

⁴
link: https://www.immuni.italia.it/faq.html.

the Italian government emphasizes the citizen data protection of this contact tracing app by using Bluetooth alone as its sensor technology, and guaranteed that the app will not collect location data (no GPS), or any other personal information, such as name, date of birth, or telephone number during registration. The app uses a decentralized framework that the citizen data is stored on citizens’ individual mobile phones rather than a central server, and the download of the app is voluntary. It is noteworthy that Italy is the first country following China that has been in the emergency situation dealing with COVID-19 infection. This partially pushes Italy to become one of the first batches to launch the contact tracing app, especially among European countries.

5.2.6 Case #16 – Switzerland: SwissCovid app

The Switzerland government launched the SwissCovid app on Jun 25 ${}^{\text{th}}$ 2020 with the protocol DP-3T self-developed by the Swiss Federal Institute of Technology Lausanne (EPFL) and Swiss Federal Institute of Technology in Zurich (ETH) (Eigen & Gasser, 2020b). With the similar philosophy of data management, the government fine-tuned the DP-3T protocol after the announcement of the Apple-Google API protocol to make sure the app is compatible with iOS and Android systems (Leprince-Ringuet, 2020). Like most contact tracing apps in Europe, the voluntary SwissCovid app uses Bluetooth alone as its sensor technology in data collection and stores data in the decentralized framework based on Apple-Google API protocol (Ahmed et al., 2020; Eigen & Gasser, 2020b).

5.2.7 Case #17 – U.K.: NHS COVID-19 app

The development and design of the digital contact tracing app in the U.K. experienced a major U-turn: England’s National Health Service (NHS) launched the centralized contact tracing app in May 2020, and changed it into decentralized framework after the failure in trial implementation (Kent, 2020). The second version of NHS COVID-18 app is launched on Sep 24 ${}^{\text{th}}$ 2020 (Burgess, 2020). In particular, the first version app which used the centralized framework confronted failure in its two-week pilot launch trial in Isle of Wight in May 2020 – since the app used its own protocol rather than Apple-Google API protocol, the app could only recognize 4% of the iPhone users via Bluetooth and the app in iPhone would go to sleep when it is not used and could not be activated by Bluetooth, according to experts who experienced the trial launch (Hern & Sabbagh, 2020; Jacob & Lawarée, 2020; Sabbagh & Hern, 2020). After the failure of the trial, the U.K. government launched its second version of the NHS COVID-19 app. This voluntary app uses Bluetooth technology alone to record very few necessary contact information of the citizens and uses the Apple-Google API to store the information in citizens’ own mobile devices without any identifiable information during the registration process, such as name, phone number, address, etc. (Burgess, 2020; Lomas, 2020). After changing into decentralized framework, the public adoption rate increased to almost 30%, even if the download of the app is voluntary (MIT Tracker, 2021).

5.3 Continent 3: North America

5.3.1 Case #18 – Canada: COVID Alert app

The Canadian government released its national contact tracing app – COVID Alert, on Jul 31 ${}^{\text{st}}$ 2020. Like the majority of western countries, Canada’s COVID Alert app is a voluntary, and uses Bluetooth alone for data collection, together with the decentralized framework and the Apple-Google API protocol for data storage. In this way, the Canadian government is able to protect citizen privacy to the greatest extent, according to the government website.5

⁵
link: https://health.canada.ca/en/public-health/services/video/covid-alert.html.

However, both Global News (2021) and CTV News (Anderson, 2021) pointed out that the low download rate of the app makes this app almost “useless.” According to Global News, despite being launched for almost one year and implemented in ten provinces in Canada, about 80% of smartphone users have not downloaded the app, and less than 4% of people used the app to notify others of the potential COVID-19 exposure.

5.3.2 Case #19 – U.S.: Different apps for different states

MIT Tracker (2021) summarized the contact tracing apps across the states in the U.S., and provided information about the app of each state, such as the app names, developers, sensor technologies, and protocols used. Based on the Tracker, more than half of the U.S. states (27/50) have their local contact tracing app developed by different organizations, including LLCs (such as ProudCrowd and NearForm) and NPOs (such as PathCheck). Most of the apps use Bluetooth alone as the sensor technology and a decentralized app framework based on the Apple-Google API protocol. Only a few of them use GPS to track and record citizens’ location information.

5.4 Continent 4: Oceania

5.4.1 Case #20 – Australia: COVIDSafe app

Developed based on Singapore’s open code of the TraceTogether app, Australia launched on Apr 26 ${}^{\text{th}}$ 2020 its own version of the digital contact tracing app – the voluntary COVIDSafe app (Abbas & Michael, 2020). The two apps have many things in common, such as the same protocol of BlueTrace, the same sensor technology of Bluetooth, and the same centralized app framework in data storage. Meanwhile, the two apps have differences, such as compliance policy of the apps – Singapore makes the download and use of the app mandatory, while Australia remains the adoption of the app voluntary. Despite the low download rate of the app in the beginning, the public adoption of the app increased gradually among Australian citizens. Until Jan 8th 2021, the voluntary COVIDSafe app has been downloaded more than 7.3 million times, covering around 30% of the population in Australia (Bonyhady, 2020).

5.4.2 Case #21 – New Zealand: NZ COVID Tracer app

Launched on May 20 ${}^{\text{th}}$ 2020, New Zealand’s COVID Tracer app uses the Q.R. code scanning as their sensor technology to collect citizens’ contact data – every citizen has to scan the Q.R. code to check in before entering into any public venues (Walls, 2020). However, different from other contact tracing apps that use Q.R. code scanning technology (such as China’s Health Code app and Singapore’s TraceTogether app), the COVID Tracer app is voluntary that citizens can still enter the public venues without scanning the Q.R. code (Yang et al., 2021).

Updated on Dec 10 ${}^{\text{th}}$ 2020, the COVID Tracer app added Bluetooth tracing (which is developed based on the Apple-Google API protocol) to its data collection sensor technology to improve the efficiency of contact tracing (Barbaschow, 2020). According to the Ministry of Health in New Zealand, while Q.R. code scanning can record where the citizens have been (which functions as a digital diary), the Bluetooth can record the close contacts of the citizens. However, the primary method for contact tracing is still Q.R. code scanning, and the Bluetooth functions only as an additional tool (Barbaschow, 2020). According to Hon Chris Hipkins, the Minister for COVID-19 Response, the NZ COVID Tracer app uses a decentralized framework for citizen data storage.

6. Discussion and implications

Based on the systemic overview of the contact tracing apps in Section 5, this section summarizes the findings and provides implications accordingly. Table 2 provides a brief summary of the 21 cases described above.

Table 2
Summary table (based on systematic case overview)

Basic information	Citizen data management system
(in terms of continent)	Four aspects	Specification in contact tracing app	Summary
10/21 apps of Asian countries	Data collection process	Compliance policy	• 4/21 apps use mandatory policies; • 17/21 apps use voluntary policies. • All four countries that use the mandatory policy are from Asia.
7/21 apps of European countries	Data collection technology	Sensor technology	• 11/21 app use Bluetooth alone as their sensor technology; • 10/21 apps use other sensor technologies (i.e., other technologies or the combination of Bluetooth and other technologies). • Canada, Australia, most European countries, and most states in the U.S. use Bluetooth alone; • Most Asian countries use others sensor technologies.
2/21 apps of North American countries	Data storage process	App framework	• 7/21 apps use centralized framework; • 13/21 use decentralized framework (Thailand is unknown). • All 7 European countries choose the decentralized framework, except France.
2/21 apps of Oceanian countries	Data storage technology	App protocol	• 9/21 apps use Apple-Google API protocol; • 12/21 apps do not use Apple-Google API protocol. • Most European countries, most U.S. states, Canada, and New Zealand, use the Apple-Google API protocol; • All Asian countries use non-Apple-Google-API protocols.

This study summarizes the basic information of the apps in terms of the continent. Among the apps implemented in 21 countries of 4 continents, almost half of them (10/21) are from Asia, one-third (7/21) are from Europe, and four are from North America (2/21) and Oceania (2/21).

Besides basic information, the study also summarizes in terms of four aspects of CDAMA. For the data collection process, specified by the compliance policy to download and use the app, four countries use mandatory policies, while the other 17 countries use voluntary policies. All four countries are Asian countries. For the data collection technology specified by the sensor technology of the app, 11 out of 21 countries use Bluetooth alone as their sensor technology for data collection. In comparison, the other 10 countries either use other sensor technologies, such as telecommunication technology and Q.R. code scanning (see Case #1 China) and GPS and public database (see Case #8 South Korea), or use the combination of Bluetooth and other technologies, such as the combination of Bluetooth and Q.R. code scanning (see Case #7 Singapore and Case #17 U.K.), the combination of Bluetooth and GPS (see Case #2 India, Case #4 Israel, Case #9 Thailand, Case #6 Philippines, and Case #21 New Zealand), and the combination of Bluetooth and telecommunication technology (see Case #3 Indonesia). Interestingly, among the 11 countries that do not use Bluetooth alone as their sensor technology, nine of them are Asian countries. All ten Asian countries except Malaysia choose to use either other technology or the combination of Bluetooth and other technology in their data collection.

For the data storage process specified by app framework in the case of contact tracing apps, one-third of the total apps (7/21) use the centralized framework, while the rest use the decentralized framework. All the 7 European countries chose the decentralized framework, except France. Among them, U.K. (see Case #17) took a major U-turn, shifting from a centralized framework to a decentralized process. For the data storage technology specified by app protocol, nine apps use the Apple-Google API protocol. Interestingly, no apps in Asia use the Apple-Google API, while all apps in Europe use the Apple-Google API protocol, except France (see Case #13).

The findings above brings three major implications for national CDAMA systems worldwide.

6.1 Implication 1: Governments of the Asian countries are more intrusive and hold a tougher attitude in their national CDAMA approach than countries elsewhere

The following pieces of evidence support this implication. First, regarding the compliance policy, governments of China (Case #1), Singapore (Case #7), India (Case #2), Indonesia (Case #3), and South Korea (Case #8) make the use of the contact tracing apps make use of the contact tracing apps mandatory despite citizens’ privacy concerns (Sarkar, 2021). One strategy of making the app mandatory is to combine the app with the check-in system (see Case #7 Singapore and Case #1 China). In this way, as long as citizens want to enter public venues such as restaurants, workplaces, schools, and malls, they have to download and use the app. Second, regarding the sensor technology, compared to non-Asian countries, governments of the Asian countries use more intrusive sensor technologies, such as telecommunication tech (see Case #1 China and Case #3 Indonesia), GPS (see Case #2 India, Case #4 Israel, and Case #8 South Korea), and Q.R. code scanning (see Case #1 China and Case #7 Singapore). These sensor technologies are more intrusive than Bluetooth. Compared to Bluetooth, which collects citizens’ approximate close contact data only when citizens turn on the Bluetooth on their phone, the telecommunication technology is able to automatically collect identifiable data of citizens, such as location, time, and date, as long as they have signals in their phones, and GPS is able to collect precise location data of citizens. Third, regarding the app framework, governments of all seven European countries, except France (Case #13), use the decentralized framework to store citizen data on their own mobile phones. This means that citizens have more ownership toward their data than the government that they can choose to share or not their data with the government. Finally, regarding the app protocol, many governments of the Asian countries choose to use other protocols (usually self-developed) for their app rather than use the Apple-Google API protocol. The main reason is that the Apple-Google API protocol is a platform designed for decentralized app framework, prioritizing citizens’ privacy protection than governments’ needs of contact tracing. In addition, the tech companies Apple and Google refused to share their users’ data with the government. Therefore, this finding suggests those governments who want to own more citizen data developed their own app protocols to collect more data from their citizens.

6.2 Implication 2: Governments of the European, North American, and Oceanian countries are more flexible and hold a softer and more respectful attitude in their national CDAMA approach

The shreds of evidence for this implication are as follows. First, regarding the compliance policy, governments of all European, North American, and Oceanian countries in our study make the download and use of the app voluntary. It means that citizens have the option to either download and use the app or reject the app at their will. Second, regarding the sensor technology, governments of all European, North American, and Oceanian countries (except Case #17 U.K. and some states in Case #19 U.S.) choose to use the Bluetooth for data collection, with which citizens have an option to switch off Bluetooth if they are unwilling to be data collected. Third, regarding the app framework, governments of all countries (except Case #13 France) use a decentralized framework that citizens’ data is stored on their mobile phones rather than on central servers managed by the government. In this way, citizens have more authority over their data – governments need to ask permission to access citizens’ data and citizens can decide whether to share their data with the government. Even if the U.K. government (Case #17) initially planned to use a centralized framework, it shifted to decentralized due to various reasons such as technical and cultural barriers. Finally, regarding the protocol, governments of all countries (except Case #13 France) use the Apple-Google API protocol. One reason is that the principle of protecting citizen privacy insisted by the Apple-Google API aligns with the decentralized app framework that these countries are using. Furthermore, since the apps are voluntary, the Apple-Google API platform can help governments increase the download rate because citizens can easily find the apps in the app store.

6.3 Implication 3: Governments’ priority between national safety and citizen privacy is different reflected from their different national CDAMA approaches

From the first and second implications, this study finds that governments have different priorities between national safety (i.e., public health in this study) and citizens’ individual privacy. We assume that every government of the countries knows clearly that the more citizens the government can track and the more citizen data the government can own, the more effective the contact tracing measure is and the more national safety the country can gain. But with the same knowledge of contact tracing, governments worldwide choose different CDAMA approaches. To guarantee the national safety to the biggest extent, most governments of Asian countries use intrusive sensor technologies to collect citizen data, require the permission of access to citizen data that is not necessarily related to COVID-19 management, collect identifiable citizen data, such as photo, name, address, etc., and store citizen data in the central server managed by the government. While this helps manage the pandemic efficiently and effectively, governments are criticized for not respecting and protecting citizen privacy. On the contrary, governments of non-Asian countries, especially those of the European countries, apply voluntary policy to their citizens and use Bluetooth alone to collect their citizen data without requiring any identifiable information. This helps protect citizen privacy to the greatest extent, but meanwhile also received complaints that the app loses its function as few people are using or downloading it.

7. Conclusions

The COVID-19 pandemic brings the topic of governments’ national citizen data management (CDAMA) to public attention because, on the one hand, governments are tracking citizens to manage the pandemic via citizen data collection, and on the other hand, citizens are concerned about their data privacy under governments’ management system (Gerli et al., 2021; Mora et al., 2021). Despite the importance of this topic, less researches in the past are about data management in public sectors, and instead, most of them are in private sectors, which researchers called the industrial environment. This study has aimed to fill this gap by conducting research about data management in governments and thus overviews 21 representative contact tracing apps from four continents. More specifically, this study answers the following research questions: 1) What contact tracing apps have been developed by different countries? 2) How do governments in different countries manage (i.e., collect and store) citizen data? and 3) What are the characteristics of the national approaches for CDAMA of each government and whether there are any patterns across different countries and continents?

Focusing specifically on the processes and technologies involved in data collection and data storage in the national CDAMA system, with the case of contact tracing apps, our finding shows that in terms of CDAMA approaches, governments’ priorities between national safety and citizen privacy is different: governments of Asian countries tend to prioritize national safety over citizen privacy and thus are more intrusive of citizen data and requires more control over the data than those of the non-Asian countries (including European, North American, and Oceanian countries), while governments of non-Asian countries tend to prioritize citizen privacy over national safety, and thus are more flexible and hold a softer and more respectful attitude in their CDAMA approaches. We conclude the implications by analyzing and comparing the similarities and differences of the contact tracing apps in terms of their data collection process (compliance policy), data collection technology (sensor technology), data storage process (app framework), and data storage technology (app protocol). This study demonstrates that for countries in the same continent, which share similar cultures and social norms, their governments are more likely to adopt similar technologies and processes in developing and promoting the app. Nevertheless, the concern of individual privacy and data storage will be major concerns for citizens in all contexts (Gerli et al., 2021; Mora et al, 2021).

The findings support the statements in the foresight report The Future of Citizen Data Systems (2020) that governments of China, the U.S., and E.U. countries have different priorities between citizen privacy and national safety. Our study also further specifies the findings in Shepherdson’s (2020) investigation report of six ASEAN countries (including Malaysia, Singapore, Thailand, Indonesia, Vietnam, and the Philippines) on how their governments use citizen data in contact tracing apps during COVID-19. Compared to the two reports mentioned above, our study goes one step further, using the specific case of contact tracing apps to analyze and synthesize the national approaches of CDAMA adopted by their governments in more countries of various continents.

The finding leads us to think more about the research on CDAMA in the future. Future studies can dig deeper into the specific country’s case of their contact tracing app selection. While so doing, future studies may interview policy makers of the selected countries to understand why policy makers have selected a particular sensor technology, compliance policy, app framework and protocol, given their countries’ context. Additionally, because technologies used by the government impact employee job satisfaction (Demircioglu & Chen, 2019) and citizen satisfaction (Alruwaie et al., 2020), future studies may also be conducted to understand how the app characteristics and features affect employee and citizen satisfaction future studies may also investigate how trade-offs between citizen rights and public interest during COVID-19 impact public value such as “encompass[ing] a wider range of values [beyond efficiency and effectiveness towards user orientation, participation, legality, and equity], which also reflect the contribution of the public sector to society and democracy” (Gerli et al., 2021, p. 2). Furthermore, because governments’ COVID-19 responses influence citizens’ trust towards government (Mansoor, 2021), future studies may also investigate how contact tracing apps and the trade-offs between citizen rights and public interest affect citizens’ trust in government with testing theories from good governance. Finally, future studies may use a comparative analysis with regards to how governments have used other technologies (Sarkar, 2021) other than contact tracing apps. These kinds of comparative studies give an opportunity to identify best practices which will be effective for countries to deal with future crises like COVID-19 (Mora, 2021).

Our study makes vital contributions by providing information, summary, and implications on governments’ approaches of citizen data management systems in different countries worldwide. While prior literatures mainly discussed data management in private sectors, the governments’ citizen data management (CDAMA) is necessary and essential, especially during COVID-19, when conflicts arose around governments’ need to manage pandemic and citizens’ concern of data privacy. With our findings, discussions, and future research directions, we hope our study can offer some inspirations for future researches and policymaking.

Footnotes

Appendix: Representative digital contact tracing tools

Figure 4.

*Note: the table is summarized based on Ahmed et al. (2020), Akinbi et al. (2020), Chowdhury et al. (2020), Li and Guo (2020), O’Neill et al. (2020), MIT Technology Review Covid Contact Tracing Tracker, the 47th China Statistical Report on Internet Development, and news articles on NHS Covid-19 app.

References

Abbas

, & Michael

(2020). COVID-19 contact trace app deployments: Learnings from Australia and Singapore. IEEE Consumer Electronics Magazine, 9(5), 65-70.

Accenture. (2020). “Stopp Corona” App. Accenture. https://www.accenture.com/sg-en/case-studies/public-service/stopp-corona-app.

Aguilar

(2021 Mar 29). DILG: LGUs’ contact tracing apps to be integrated with StaySafe.ph. Philippine Daily Inquirer. https://newsinfo.inquirer.net/1412476/fwd-dilg-lgus-contact-tracing-apps-to-be-integrated-in-staysafe-ph.

Ahmed

Michelin

R. A.

Xue

Ruj

Malaney

Kanhere

S. S.

Seneviratne

Janicke

, & Jha

S. K.

(2020). A survey of COVID-19 contact tracing apps. IEEE Access, 8, 134577-134601.

Akinbi

Forshaw

, & Blinkhorn

(2020). Contact tracing apps for COVID-19 pandemic: Challenges and potential.

Alruwaie

El-Haddadeh

, & Weerakkody

(2020). Citizens’ continuous use of eGovernment services: The role of self-efficacy, outcome expectations and satisfaction. Government Information Quarterly, 37(3): 101485.

Amann

Sleigh

, & Vayena

(2021). Digital contact-tracing during the COVID-19 pandemic: An analysis of newspaper coverage in Germany, Austria, and Switzerland. Plos One, 16(2), e0246524.

Anderson

(2021, Apr 10). Majority of Canadians not using COVID Alert app, study finds. CTV News. https://www.ctvnews.ca/health/coronavirus/majority-of-canadians-not-using-covid-alert-app-study-finds-1.5382744.

Bahaudin

, & Wong

(2020 March 20). Coronavirus: Singapore develops smartphone app for efficient contact tracing. The Straits Times. https://www.straitstimes.com/singapore/coronavirus-singapore-develops-smartphone-app-for-efficient-contact-tracing.

10.

Bangprapa

, & Wipatayotin

(2021 Jan 8). Govt u-turns on Mor Chana. The Bangkok Post. https://www.bangkokpost.com/thailand/general/2047263/govt-u-turns-on-mor-chana.

11.

Barbaschow

(2020). N.Z. adopts Google/Apple COVID-19 exposure notification tech for contact tracing. NZnet. https://www.zdnet.com/article/nz-adopts-googleapple-covid-19-exposure-notification-tech-for-contact-tracing/.

12.

Basu

(2021). Effective contact tracing for COVID-19 using mobile phones: An ethical analysis of the mandatory use of the aarogya setu application in India. Cambridge Quarterly of Healthcare Ethics, 30(2), 262-271.

13.

Beierle

Dhakal

Cohrdes

Eicher

, & Pryss

(2021). Public Perception of the German COVID-19 Contact-Tracing App Corona-Warn-App. arXiv preprint arXiv:2104.10550.

14.

Bock

Kühne

C. R.

Mühlhoff

Ost

M. R.

Pohle

, & Rehak

(2020). Data protection impact assessment for the Corona app. Available at SSRN 3588172.

15.

Bonyhady

(2020 January 8). Australians urged to stick with COVIDSafe app. The Sydney Morning Herald. https://www.smh.com.au/politics/federal/australians-urged-to-stick-with-covidsafe-app-20210108-p56spa.html.

16.

Bryman

(2016). Social research methods. 5th edition ed. Oxford, U.K.: Oxford university press.

17.

Bunyan

(2020 May 5). Gerak Malaysia, MySejahtera, MyTrace: Apps to get you through the MCO. Malay Mail. https://www.malaymail.com/news/malaysia/2020/05/05/gerak-malaysia-mysejahtera-mytrace-apps-to-get-you-through-the-mco/1863069.

18.

Burgess

(2020). Everything you need to know about the new NHS contact tracing app. Wired. https://www.wired.co.uk/article/nhs-covid-19-tracking-app-contact-tracing.

19.

Cellan-Jones

, & Kelion

(2020). Coronavirus: The great contact-tracing apps mystery. BBC News. https://www.bbc.com/news/technology-53485569.

20.

China Internet Network Information Center. (2021). The 47th China Statistical Report on Internet Development. http://www.gov.cn/xinwen/2021-02/03/5584518/files/bd16adb558714132a829f43915bc1c9e.pdf.

21.

Cho

Ippolito

, & Yu

Y. W.

(2020). Contact tracing mobile apps for COVID-19: Privacy considerations and related trade-offs. ArXiv Preprint ArXiv:2003.11511.

22.

Chowdhury

M. J. M.

Ferdous

M. S.

Biswas

Chowdhury

, & Muthukkumarasamy

(2020). COVID-19 Contact Tracing: Challenges and Future Directions. IEEE Access.

23.

COVID-19: ‘MyTrace’ app to help in contact tracing, says senior minister. (2020, May 3). Malay Mail. https://www.malaymail.com/news/malaysia/2020/05/03/covid-19-mytrace-app-to-help-in-contact-tracing-says-senior-minister/1862624.

24.

CTN News. (2021 Jan 8). Thai Government Clarifies “Mor Chana” Contact-Tracing App Confusion. CTN News, Chiang Rai Times. https://www.chiangraitimes.com/thailand-national-news/news-asia-thailand/thai-government-clarifies-mor-chana-contact-tracing-app-confusion/.

25.

DAMA International, Books24x7, Inc., Mosley, M., & Brackett, M. (2010). The DAMA guide to the data management body of knowledge (DAMA-DMBOK guide), first edition. Technics Publications.

26.

Das

, & Zhang

J. J.

(2021). Pandemic in a smart city: Singapore’s COVID-19 management through technology & society. Urban Geography, 42(3), 408-416. doi: 10.1080/02723638.2020.1807168.

27.

Demircioglu

M. A.

, & Chen

C.-A.

(2019). Public employees’ use of social media: Its impact on need satisfaction and intrinsic work motivation. Government Information Quarterly, 36(1), 51-60.

28.

Department of the Interior and Local Government (DILG), Republican of The Philippines. (2021, Jun 9). StaySafe app launched in Manila. http://ncr.dilg.gov.ph/home/staysafe-app-launched-in-manila/.

29.

Dillet

(2020a). France rebrands contact-tracing app in an effort to boost downloads. Tech Crunch. https://techcrunch.com/2020/10/22/france-rebrands-contact-tracing-app-in-an-effort-to-boost-downloads/.

30.

Dillet

(2020b). France releases contact-tracing app StopCovid. Tech Crunch. https://techcrunch.com/2020/06/02/france-releases-contact-tracing-app-stopcovid-on-android/.

31.

Eigen

, & Gasser

(2020a). Country Spotlight: Germany’s Corona Warn-App. Berkman Klein Center, Harvard. https://cyber.harvard.edu/story/2020-07/country-spotlight-germanys-corona-warn-app.

32.

Eigen

, & Gasser

(2020b). Country Spotlight: Switzerland’s SwissCovid App. Berkman Klein Center, Harvard. https://cyber.harvard.edu/story/2020-07/country-spotlight-switzerlands-swisscovid-app.

33.

Fachriansyah

, & Syakriah

(2020 Mar 30). COVID-19: Indonesia develops surveillance app to bolster contact tracing, tracking. The Jakarta Post. https://www.thejakartapost.com/news/2020/03/30/covid-19-indonesia-develops-surveillance-app-to-bolster-contact-tracing-tracking.html.

34.

Finnish Institute for Health and Welfare (THL). (2021 Jan 7). The corona flasher is now compatible with several European corona applications. https://thl.fi/fi/-/koronavilkku-on-nyt-yhteensopiva-useiden-eurooppalaisten-koronasovellusten-kanssa.

35.

Fritz

, & Klimpfinger

(2020). Contact tracing apps in Austria: A Red Cross initiative. Freshfields Bruckhaus Deringer LLP. https://www.lexology.com/library/detail.aspx?g=9981f095-1f87-46ce-92df-d28352643e98.

36.

Gerli

Arakpogun

E. O.

Elsahn

Olan

, & Prime

K.S.

(2021). Beyond contact-tracing: The public value of eHealth application in a pandemic. Government Information Quarterly, 38(3), 101581.

37.

Global News. (2021 Mar 17). Canada’s COVID Alert app is ’completely useless’ right now: health expert. [Video]. YouTube. https://www.youtube.com/watch?v=x3oyu2i6ndE.

38.

Government Office for Science, Government of U.K. (2020). Evidence and scenarios for global data systems: The Future of Citizen Data Systems. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/927547/GOS_The_Future_of_Citizen_Data_Systems_Report__2_.pdf.

39.

Gupta

Bedi

Goyal

Wadhera

, & Verma

(2020). Analysis of COVID-19 Tracking Tool in India: Case Study of Aarogya Setu Mobile Application. Digital Government: Research and Practice, 1(4), 1-8.

40.

Hern

, & Sabbagh

(2020 May 6). Critical mass of Android users crucial for NHS contact-tracing app. The Guardian. https://www.theguardian.com/world/2020/may/06/critical-mass-of-android-users-needed-for-success-of-nhs-coronavirus-contact-tracing-app.

41.

Hofstede

, & Minkov

(2010). Cultures and Organizations: Software of the Mind. New York, NY: McGraw-Hill.

42.

Indrapati

Mardika

Pratama

Aryan

, & Muspitasari

(2020 Nov 2). Can a COVID-19 tracing app save Indonesia? Strategic Review by SGPP Indonesia. http://sr.sgpp.ac.id/post/can-a-covid-19-tracing-app-save-indonesia.

43.

Italian Government Tourist Board. (2021). Immuni, the Contact Tracing App to travel safely in Italy. http://www.italia.it/en/useful-info/immuni-the-contact-tracing-app-to-travel-safely-in-italy.html.

44.

Jacob

, & Lawarée

(2020). The adoption of contact tracing applications of COVID-19 by European governments. Policy Design and Practice, 1-15.

45.

Kent

(2020). The U.K.’s contact-tracing apps: Why the long wait? Medical Device Network. https://www.medicaldevice-network.com/features/uk-contact-tracing-app/.

46.

Kim

M. S.

(2020). South Korea is watching quarantined citizens with a smartphone app. MIT Technology Review. https://www.technologyreview.com/2020/03/06/905459/coronavirus-south-korea-smartphone-app-quarantine/.

47.

Kluth

(2020). If We Must Build a Surveillance State, Let’s Do It Properly. Bloomberg. https://www.bloomberg.com/opinion/articles/2020-04-22/taiwan-offers-the-best-model-for-coronavirus-data-tracking.

48.

Law

, & Choon

C. M.

(2020, March 21). How China, South Korea and Taiwan are using tech to curb coronavirus outbreak. The Straits Times. https://www.straitstimes.com/asia/east-asia/how-china-s-korea-and-taiwan-are-using-tech-to-curb-outbreak.

49.

Leprince-Ringuet

(2020). The world’s first contact-tracing app using Google and Apple’s API goes live. ZDnet. https://www.zdnet.com/article/the-worlds-first-contact-tracing-app-using-google-and-apples-api-goes-live/.

50.

, & Guo

(2020). COVID-19 contact-tracing apps: A survey on the global deployment and challenges. ArXiv Preprint ArXiv:2005.03599.

51.

Lin

Knockel

Poetranto

Tran

Lau

, & Senft

“Unmasked II: An Analysis of Indonesia and the Philippines’ Government- launched COVID-19 Apps,” Citizen Lab Research Report No. 136, University of Toronto, December 2020.

52.

Lomas

(2020). England’s long-delayed COVID-19 contacts-tracing app to launch on September 24. Tech Crunch. https://techcrunch.com/2020/09/11/englands-long-delayed-covid-19-contacts-tracing-app-to-launch-on-september-24/.

53.

Lucas-Estan

M. C.

Raptis

T. P.

Sepulcre

Passarella

Regueiro

, & Lazaro

(2018). A software defined hierarchical communication and data management architecture for industry 4.0. 2018 14th Annual Conference on Wireless On-Demand Network Systems and Services (WONS), 37-44. doi: 10.23919/WONS.2018.8311660.

54.

Mansoor

(2021). Citizens’ trust in government as a function of good governance and government agency’s provision of quality information on social media during COVID-19. Government Information Quarterly: 101597.

55.

Marchelin

(2020 Apr 8). Minister Encourages Indonesians to Install Covid-19 Surveillance App. Jakarta Globe. https://jakartaglobe.id/news/minister-encourages-indonesians-to-install-covid19-surveillance-app.

56.

Meijer

, & Webster

C. W. R.

(2020). The COVID-19-crisis and the information polity: An overview of responses and discussions in twenty-one countries from six continents. Information Polity, Preprint, 1-32.

57.

Ministry of Social Affairs and Health, Finnish Government. (2020, Aug 31). Koronavilkku has now been published – download the app to your phone! https://valtioneuvosto.fi/en/-/1271139/koronavilkku-has-now-been-published-download-the-app-to-your-phone-.

58.

Ministry of Solidarity and Health, Government of France. (2020, Oct 21). TousAntiCovid: answers to your questions. https://tousanticovid.stonly.com/kb/fr/informations-generales-26612.

59.

MIT Technology Review Covid Tracing Tracker. (last updated in 2021, Mar 16). https://www.technologyreview.com/2020/12/16/1014878/covid-tracing-tracker/.

60.

Moaje

(2020 Sep 3). StaySafe.ph seen to boost contact tracing efforts. Philippine News Agency, Republican of The Philippines. https://www.pna.gov.ph/articles/1114332.

61.

Moore

M. H.

(1995). Creating public value: Strategic management in government: Harvard university press.

62.

Mora

Kummitha

R. K. R.

, & Esposito

(2021). Not everything is as it seems: Digital technology affordance, pandemic control, and the mediating role of sociomaterial arrangements. Government Information Quarterly: 101599.

63.

Nasseef

O. A.

Baabdullah

A. M.

Alalwan

A. A.

Lal

, & Dwivedi

Y. K.

(2021). Artificial intelligence-based public healthcare systems: G2G knowledge-based exchange to enhance the decision-making process. Government Information Quarterly, 101618. doi: 10.1016/j.giq.2021.101618.

64.

Raptis

T. P.

Passarella

, & Conti

(2019). Data Management in Industry 4.0: State of the Art and Open Challenges. IEEE Access, 7, 97052-97093. doi: 10.1109/ACCESS.2019.2929296.

65.

Sabbagh

, & Hern

(2020 June). U.K. abandons contact-tracing app for Apple and Google model. The Guardian. https://www.theguardian.com/world/2020/jun/18/uk-poised-to-abandon-coronavirus-app-in-favour-of-apple-and-google-models.

66.

Salaverria

(2020 Nov 28). Use of staysafe.ph app now a must for LGUs, nat’l agencies. Philippine Daily Inquirer. https://newsinfo.inquirer.net/1365781/use-of-staysafe-ph-app-now-a-must-for-lgus-natl-agencies.

67.

Sarkar

(2021). Breaking the chain: Governmental frugal innovation in Kerala to combat the COVID-19 pandemic. Government Information Quarterly, 38(1), 101549.

68.

Shahroz

Ahmad

Younis

M. S.

Ahmad

Boulos

M. N. K.

Vinuesa

, & Qadir

(2021). COVID-19 Digital Contact Tracing Applications and Techniques: A Review Post Initial Deployments. ArXiv:2103.01766 [Cs]. http://arxiv.org/abs/2103.01766.

69.

Shepherdson

, & Boxall

(2020). A Comparative Review of Contact Tracing Apps in ASEAN Countries. Data Protection Excellence Network (DPEN). https://www.dpexnetwork.org/articles/comparative-review-contact-tracing-apps-asean-countries/.

70.

Sokol

, & Staff

(2020 July 27). Health Ministry launches revamped COVID-19 tracking app. The Times of Israel. https://www.timesofisrael.com/health-ministry-launches-revamped-covid-19-tracking-app/.

71.

Sönmez

, & Celik

(2020). Digital fight against COVID-19 and the “new normal” for security institutions.

72.

Sun

Wang

Xue

Tyson

Camtepe

, & Ranasinghe

(2021). An Empirical Assessment of Global COVID-19 Contact Tracing Applications.

73.

Taweesilp clarifies ‘Mor Chana’ confusion. (2021 Jan 7). Taweesilp clarifies ‘Mor Chana’ confusion. The Bangkok Post. https://www.bangkokpost.com/thailand/general/2047203/taweesilp-clarifies-mor-chana-confusion.

74.

Tham

(2021 Jan 4). More than 4.2m people using TraceTogether, token distribution to resume soon: Lawrence Wong. The Straits Times. https://www.straitstimes.com/singapore/politics/parliament-more-than-42m-people-using-tracetogether-token-distribution-to-resume.

75.

Urbaczewski

, & Lee

Y. J.

(2020). Information Technology and the pandemic: A preliminary multinational analysis of the impact of mobile tracking technology on the COVID-19 contagion control. European Journal of Information Systems, 29(4), 405-414. doi: 10.1080/0960085X.2020.1802358.

76.

Utz

Becker

Schnitzler

Farke

F. M.

Herbert

Schaewitz

Degeling

, & Dürmuth

(2020). Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents. ArXiv Preprint ArXiv:2010.14245.

77.

Waarts

, & Van Everdingen

(2005). The Influence of National Culture on the Adoption Status of Innovations: An Empirical Study of Firms Across Europe. European Management Journal, 23(6): 601-610.

78.

Walls

(2020). Covid 19 coronavirus: NZ’s own tracing app on way as Australia rolls out COVIDSafe. nzherald.co.nz. https://www.nzherald.co.nz/nz/covid-19-coronavirus-nzs-own-tracing-app-on-way-as-australia-rolls-out-covidsafe/ZJVA5NWZIQQFUVM42X52WXARII/.

79.

Watson

, & Jeong

(2020). Coronavirus mobile apps are surging in popularity in South Korea. CNN Business. https://edition.cnn.com/2020/02/28/tech/korea-coronavirus-tracking-apps/index.html.

80.

Wong

(2020 October 20). TraceTogether check-ins to be compulsory at public venues in S’pore by end-December. The Straits Times. https://www.straitstimes.com/singapore/checking-in-with-tracetogether-to-be-compulsory-at-public-venues-by-december.

81.

Wray

(2020). South Korea to step-up online coronavirus tracking. https://www.smartcitiesworld.net/news/news/south-korea-to-step-up-online-coronavirus-tracking-5109#:∼:text=South%20Korea%20is%20set%20to,patients%20to%20recreate%20their%20movements.

82.

Yatid

(2020 Nov 4). COVID-19 and Southeast Asia: COVID-19 and Malaysia’s Lessons in Digital Applications. LSE Southeast Asia Blog. https://blogs.lse.ac.uk/seac/2020/11/04/covid-19-and-southeast-asia-covid-19-and-malaysias-lessons-in-digital-applications/.

83.

Yang

Heemsbergen

, & Fordyce

(2021). Comparative analysis of China’s Health Code, Australia’s COVIDSafe and New Zealand’s COVID Tracer Surveillance Apps: A new corona of public health governmentality? Media International Australia, 178(1), 182-197.

84.

Zhu

, & Wu

A. M.

(2020 July 16). Contact tracing: China’s health code offers some lessons. The Business Times. https://www.businesstimes.com.sg/opinion/contact-tracing-chinas-health-code-offers-some-lessons.

National approaches for citizen data management in response to COVID-19: An overview and implications of contact tracing apps in 21 countries

Abstract

Keywords

1. Introduction

2. Citizen data management

3.2 Data collection technology: Sensor technology of the app

3.3 Data storage process: App framework

3.4 Data storage technology: App protocol

Table 1 Summary table: Data collected for each contact tracing app

5.1 Continent 1: Asia

5.1.1 Case #1 – China: Health Code mini-program

5.1.2 Case #2 – India: Aarogya setu app

5.1.3 Case #3 – Indonesia: PeduiLindungi app

5.1.4 Case #4 – Israel: HaMagen app

5.1.5 Case #5 – Malaysia: MyTrace app

5.1.6 Case #6 – Philippines: StaySafe.ph app

5.1.7 Case #7 – Singapore: TraceTogether app

5.1.8 Case #8 – South Korea: Corona 100m app

5.1.9 Case #9 – Thailand: Mor Chana app

5.1.10 Case #10 – Vietnam: BlueZone app

5.2 Continent 2: Europe

5.2.1 Case #11 – Austria: Stopp corona

5.2.2 Case #12 – Finland: Koronavilkku app

3 link: https://koronavilkku.fi/en/faq/.

5.2.4 Case #14 – Germany: Corona-Warn-App

5.2.5 Case #15 – Italy: Immuno app

4 link: https://www.immuni.italia.it/faq.html.

5.2.7 Case #17 – U.K.: NHS COVID-19 app

5.3 Continent 3: North America

5.3.1 Case #18 – Canada: COVID Alert app

5 link: https://health.canada.ca/en/public-health/services/video/covid-alert.html.

5.4 Continent 4: Oceania

5.4.1 Case #20 – Australia: COVIDSafe app

5.4.2 Case #21 – New Zealand: NZ COVID Tracer app

6. Discussion and implications

Table 2 Summary table (based on systematic case overview)

6.2 Implication 2: Governments of the European, North American, and Oceanian countries are more flexible and hold a softer and more respectful attitude in their national CDAMA approach

6.3 Implication 3: Governments’ priority between national safety and citizen privacy is different reflected from their different national CDAMA approaches

7. Conclusions

Footnotes

Appendix: Representative digital contact tracing tools

References

Table 1
Summary table: Data collected for each contact tracing app

³
link: https://koronavilkku.fi/en/faq/.

⁴
link: https://www.immuni.italia.it/faq.html.

⁵
link: https://health.canada.ca/en/public-health/services/video/covid-alert.html.

Table 2
Summary table (based on systematic case overview)