Hostname: page-component-78c5997874-v9fdk Total loading time: 0 Render date: 2024-11-10T07:11:44.347Z Has data issue: false hasContentIssue false
  • English
  • Français

Citizens’ Attitudes to Contact Tracing Apps

Published online by Cambridge University Press:  02 September 2020

Laszlo Horvath Open the ORCID record for Laszlo Horvath [Opens in a new window] ,
Susan Banducci  and
Oliver James
Laszlo Horvath*
Affiliation:
Department of Politics, University of Exeter, Exeter, UK; Twitter: @_lhorvath, @femalebrain, @_Oliver_James_
Susan Banducci
Affiliation:
Department of Politics, University of Exeter, Exeter, UK; Twitter: @_lhorvath, @femalebrain, @_Oliver_James_
Oliver James
Affiliation:
Department of Politics, University of Exeter, Exeter, UK; Twitter: @_lhorvath, @femalebrain, @_Oliver_James_
*
*Corresponding author. Email: L.Horvath@exeter.ac.uk
Rights & Permissions [Opens in a new window]

Abstract

Citizens’ concerns about data privacy and data security breaches may reduce the adoption of COVID-19 contact tracing mobile phone applications, making them less effective. We implement a choice experiment (conjoint experiment) where participants indicate which version of two contact tracing apps they would install, varying the apps’ privacy-preserving attributes. Citizens do not always prioritise privacy and prefer a centralised National Health Service system over a decentralised system. In a further study asking about participants’ preference for digital-only vs human-only contact tracing, we find a mixture of digital and human contact tracing is supported. We randomly allocated a subset of participants in each study to receive a stimulus priming data breach as a concern, before asking about contact tracing. The salient threat of unauthorised access or data theft does not significantly alter preferences in either study. We suggest COVID-19 and trust in a national public health service system mitigate respondents’ concerns about privacy.

Keywords

Digital contact tracingprivacydata breachconjoint experiment
Type
Research Article
Information
Journal of Experimental Political Science , Volume 9 , Issue 1 , Spring 2022 , pp. 118 - 130
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.
Copyright
© The Author(s) 2020. Published by Cambridge University Press on behalf of The Experimental Research Section of the American Political Science Association

Introduction

Contact tracing mobile applications can help slow the spread of COVID-19 (Ferretti et al. Reference Ferretti, Wymant, Kendall, Zhao, Nurtay, Abeler-Dörner, Parker, Bonsall and Fraser.2020). However, citizens’ concerns about data privacy and data security breaches may reduce adoption below the required coverage to be effective (Ada Lovelace Institute 2020; Liu and Carter Reference Liu and Carter.2018). We analyse the determinants of citizens’ attitudes to these contact tracing apps. In Study 1, we implement a choice experiment (conjoint experiment) where participants indicated which version of two contact tracing apps they would be most likely to install. We vary the privacy-preserving attributes of the apps and estimate their effects on adoption. In Study 2, participants indicate a preference for digital-only vs human-only contact tracing. To assess the salience of data breaches as an issue for adoption, we randomly allocated a subset of participants in each study to receive a stimulus priming data breach as a concern, before asking about contact tracing.

Under current pandemic conditions, we find that citizens do not always prioritise privacy but give high preference to a centralised system led by the National Health Service (NHS) over a decentralised system (see also Wiertz et al. Reference Wiertz, Banerjee, Acar and Ghosh.2020). Citizens tend to support a mixture of contact tracing done digitally with limited human involvement. The salient threat of unauthorised access or data theft does not significantly alter either set of preferences.

Figure 1 Overview of Study 1.

Figure 2 Overview of Study 2.

Figure 3 Treatment effects on preference of data storage systems.

Note: Treatment is exposure to stimulus raising awareness of data breach. AMCE values calculated with the cjoint (Hainmueller et al. Reference Hainmueller, Hopkins and Yamamoto.2014) package in R. For ATE values (coefficients) see Table 2.

Figure 4 Treatment effects on privacy preferences within centralised systems.

Note: Treatment is exposure to stimulus raising awareness of data breach. AMCE values calculated with the cjoint (Hainmueller et al. Reference Hainmueller, Hopkins and Yamamoto.2014) package in R. For ATE values (coefficients) see Table 3.

Figure 5 Preference of digital vs human contact tracing per treatment group.

Note: Treatment is exposure to stimulus raising awareness of data breach.

Theory and hypotheses

Research on the adoption of technology similar to mobile phone contact tracing applications has shown that users’ concern about data security and privacy can reduce acceptance. A study of predictors of individuals’ adoption of healthcare wearable devices found that individuals’ privacy perceptions were an important part of their calculations about the use of the technology (Li et al. Reference Li, Wu, Gao and Shi.2016). This leads to our first hypothesis:

Baseline preference of privacy. We hypothesise a baseline preference of more privacy-preserving contact tracing applications.

The process of contact tracing using apps in practice supplements traditional human contact tracing. There is little direct evidence about this issue for COVID-19, but the broader literature on algorithm aversion suggests that people tend to prefer human involvement in systems even if they perform less well (Dietvorst, Simmons, and Massey Reference Dietvorst, Simmons and Massey.2015). We, therefore, propose the following hypothesis:

Baseline preference of human contact tracing. We hypothesise that citizens prefer more human involvement over digital-only contact tracing.

The concerns of users about privacy and preference for human contact tracing lead us to further examine whether making the possibility of data breaches more salient strengthens these baseline preferences, leading to a third hypothesis:

Saliency of the data breach. We hypothesise that preferences of privacy-preserving contact tracing, as well as human contact tracing, are strengthened for individuals who consider data breach as a realistic threat.

The international experience with COVID-19 has shown that citizens’ responses and willingness to engage with public health measures are affected by broader socio-political attitudes. Recently, evidence has emerged about differences based on partisanship (e.g. Utych Reference Utych2020) and gender (Palmer and Peterson Reference Palmer and Peterson.2020). In the UK context, where our studies are based, there is less clear evidence about partisan divides but the issue of other political attitudes towards the public authorities proposing the use of technology is still salient. Previous studies have found that trust in organisations is a factor influencing the intention to use related digital government technologies (van Velsen et al. Reference van Velsen, van der Geest, van de Wijngaert, van den Berg and Steehouder.2015). For these reasons, we include measures of trust in the NHS, and trust in the UK government’s handling of COVID-19. In each case, higher trust is expected to increase acceptance of privacy reducing and more technology-reliant aspects of the mobile phone app.

Globally, digital contact tracing is being rolled out with a variety of system architectures that have different implications for privacy and data security. The core functionalities of a centralised system are performed by a central server processing user data, which is managed by a health authority and can, subject to permissions, notify an infected user’s contacts of exposure (Ahmed et al. Reference Ahmed, Michelin, Xue, Ruj, Malaney, Kanhere, Seneviratne, Hu, Janicke and Jha2020, 134578–134580; Martin et al. Reference Martin, Karopoulos, Hernández-Ramos, Kambourakis and Fovino.2020). A decentralised system, on the other hand, has most of its core functionalities performed by users’ devices including exposure notifications (Ahmed et al. Reference Ahmed, Michelin, Xue, Ruj, Malaney, Kanhere, Seneviratne, Hu, Janicke and Jha2020, 134580–134581). The privacy implications of these two systems have often been discussed as a trade-off with other attributes (see also Cioroianu and Dal Reference Cioroianu and Dal.2020, for an overview). While decentralised systems are recommended for having more overall privacy-preserving features than centralised systems,Footnote 1 the lack of central oversight does limit human involvement in the process of contact tracing. This might be problematic while contact tracing apps tend to perform with poor accuracy (Briers Reference Briers2020). In contrast, whereas centralised systems do have the ability to integrate digital with human contact tracing and research (by design, but in practice may be a legislative feature), their data servers are vulnerable to the data breach that involves more sensitive protected data.

Methods

Subjects and contextFootnote 2

Study 1 uses an online panel of N = 1,504 from Dynata, targeting a diversity of respondents representative of the UK as of its 2011 censusFootnote 3; Study 2 uses a smaller, N = 809 panel from Prolific Academic, with similar sample demographics,Footnote 4, Footnote 5 Data collection occurred on 18 May 2020 to 23 May 2020. During this period, the UK had no official (government-backed) contact tracing app available for public use, except for a trial version released on the Isle of Wight exclusively. That application was one of the centralised systems as outlined above. The UK’s next contact tracing app to enter a new trial phase will be built on a decentralised system (Department of Health & Social Care 2020).

Dependent measures

In Study 1 conjoint experiment, respondents were asked to choose one of two COVID-19 contact tracing apps to install, with their data privacy and security attributes varying. Each respondent made a series of five such selections.

In Study 2, the dependent measure is the respondents’ preferred amount of human involvement in the process of COVID-19 contact tracing. This is a rating scale ranging from human-only contact tracing (1) to digital-only contact tracing (7).

Treatment: Data breach stimulus

Both groups in each study received a brief text about data security including its definition as “a set of standards and technologies that protect data from intentional or accidental destruction, modification or disclosure.” The treatment group additionally got a text about data breaches becoming “more common,” giving examples: “theft of personal data, devices containing personal data being lost or stolen.”Footnote 6 Figures 1 and 2 show the placement of treatment stimuli in the two studies, respectively.

Conjoint experiment

The conjoint experiment enabled us to assess the causal impact of multiple attributes related to privacy and data security: data storage until when data are stored, what kinds of contacts and what specificity of location is uploaded and what constitutes contact.

Conventional conjoint experiments randomise and display all attributes independently. Our challenge, however, was to capture two vastly different implementations of digital contact tracing with their privacy options fundamentally incompatible with each other, restricting the option of independent randomisation. Decentralised systems of digital contact tracing use minimal data sharing across devices whereas centralised systems use data sharing between devices and a data server. As explained above, decentralised systems may preserve privacy better but are not integrated with human contact tracing and research in contrast to centralised systems that can be integrated but may consequently be seen as vulnerable to data breaches.

We address the issue using dependent attributes. Respondents evaluate five pairs of potential contact tracing applications that compare either a decentralised system that simply does not store contact or location data with a centralised system that stores at least one of these, or two centralised systems with varying privacy attributes excluding the possibility of no data storage. In this way, attributes presented in Table 1 below are heavily system-dependent.

Table 1 Privacy attributes depending on data storage system (dependent attributes)

Notes: A third of all binary comparisons were between a centralised system (privacy attributes varying) and a decentralised system (privacy attributes not varying), and two-thirds between two centralised systems (privacy attributes varying, greyed cells). Privacy-varying attributes reported on latter subsample.

Table 2 Data storage models

***p < 0.001, **p < 0.01, *p < 0.05.

Pooled GLM estimates with standard errors clustered on respondent level.

Note: For simplified display, “Covariate” means “Treatment” in the first,

“Trust in NHS” in the second and “Gov’t performance” in the third column.

Table 3 Treatment and moderator effects on preference within centralised systems

***p < 0.001, **p < 0.01, *p < 0.05.

Pooled GLM estimates with standard errors clustered on respondent level.

Note: For simplified display, “Covariate” means “Treatment” in the first,

“Trust in NHS” in the second and “Gov’t performance” in the third column.

Table 4 Treatment effects on preferred amount of human involvement in contact tracing

*p < 0.001.

As attributes are not fully independent we (1) present a comparison of effect sizes on the data storage attribute alone, independently from the privacy attributes, and then (2) present the effect of the rest of the privacy attributes separately on respondents who compared two centralised systems.Footnote 7

Moderators

We include the following as moderators of conjoint preferences: trust in the NHS and satisfaction with the government’s handling of coronavirus.Footnote 8

Results

Study 1

Descriptive results

Across all attributes, respondents do not systematically prefer more privacy. For data storage, the NHS led centralised system is preferred in 55.94% of binary comparisons compared with the centralised system led by the UK government (45.85%) and the decentralised system (47.63%) despite the NHS system being potentially displayed with attributes more intrusive to privacy.Footnote 9

Treatment effects: Data storage

In the pooled model across all conjoint choices (five tasks, two profiles per task displayed by respondents thus N = 15,040) with standard errors clustered on the respondent level, we found no difference between a preference for data storage and exposure to the data breach stimulus, see Figure 3.

Treatment effects within centralised data storage systems

An N = 10,950 app profiles described a centralised system with further attributes relating to privacy varying. In this subset of the data, our model finds no treatment effects relating to exposure to the data breach stimulus except some evidence that the stimulus may have further strengthened respondents’ preference to store data until vaccines or tests are available over indefinite data storage, see Figure 4.

Trust in NHS as a moderator

In two similar pooled models as above, across data storage systems as well as within centralised systems we find that although high trust in the NHS strengthens preferences for an NHS-led centralised system, low trust in the NHS does not mean clear support for a decentralised system (or a centralised one maintained by the government). Within centralised systems, trust in the NHS motivates respondents to give up more privacy.

Government performance as moderator

Satisfaction with the government’s performance in handling COVID-19 moderated preferences given to a centralised system maintained by the UK government. Across the spectrum, however, the NHS-led centralised system remains the clear preference in the majority of comparisons.

Study 2

Study 2 repeated the data breach stimulus asking respondents about their preferred amount of human involvement in the process of contact tracing. The majority of citizens prefer a mixture between human-led and digital, with greater proportions preferring “Mostly digital” to “Mostly human.”Footnote 10 We find no significant treatment effects for exposure to data breaches, see Figure 5 and Table 4.

Discussion and Conclusions

Citizens prefer a balanced (human plus digital) approach to contract tracing. Privacy concerns were not as influential on the choice of the digital app as initially expected and as indicated by past research. Privacy concerns were overridden by trust in the NHS and the NHS centralised app is preferred to both the centralised government app and the decentralised system. The NHS has strong support amongst the UK public; support and research on other public services have found users have greater willingness to cooperate in the co-production of public services delivered by public organisations when compared with services delivered under contract to private companies (James and Jilke Reference James and Jilke.2020). Our findings are consistent with this line of research and demonstrate that when a trusted public health provider is involved in the development and deployment of the tracing app it can bring about the cooperation of the public necessary for its successful use in reducing the spread of infection.

Our results suggest two considerations for future research. First, to further understand the role of health care providers, research should examine the effect of institutional differences on coproduction, including whether the organisation is public or privately owned. The unique status of the NHS with its current high regard among the British public may not translate to coproduction in all other jurisdictions. Secondly, variation in the perceptions of the salience of the COVID-19 threat across different countries and populations might explain how the public responds to privacy concerns. The data breach treatment does not influence outcomes, possibly because of crisis perceptions which were likely high in the initial phase of the pandemic. Potential changes in responses over time as the pandemic develops and differences in findings between jurisdictions with different public health systems are particularly important topics for future research.

Supplementary material

To view supplementary material for this article, please visit https://doi.org/10.1017/XPS.2020.30.

Footnotes

Support for this research was provided by the Economic and Social Research Council (Award No. ES/R005133/1), the Exeter Q-Step Centre and the College of Social Sciences and International Studies at the University of Exeter. Susan Banducci’s work was supported through a Turing Fellowship, The Alan Turing Institute, UK. The authors declare no conflicts of interest. The data, code and any additional materials required to replicate all analyses in this article are available in Horvath et. al. (2020), at the Journal of Experimental Political Science Dataverse within the Harvard Dataverse Network, at: doi:10.7910/DVN/KVKGUB.

1 A central data server is especially vulnerable to a single point of failure (Ahmed et al. Reference Ahmed, Michelin, Xue, Ruj, Malaney, Kanhere, Seneviratne, Hu, Janicke and Jha2020, 134585) but as Baumgärtner et al. (Reference Baumgärtner, Dmitrienko, Freisleben, Gruler, Höchst, Kühlberg, Mezini, Miettinen, Muhamedagic, Nguyen, Penning, Pustelnik, Roos, Sadeghi, Schwarz and Uhl.2020) show, decentralised systems are vulnerable to potential profiling of individual user locations.

2 The research design presented here was reviewed and approved by the University of Exeter College of Social Sciences and International Studies Ethics Committee, and pre-registered at Aspredicted.org Study No. #41234 prior to data collection.

3 Our target sample size for Study 1 was 1,500 to allow us for a minimum detectable effect size of approximately 5% on a four-level attribute across five discrete choice tasks.

4 Study 2 requires substantially fewer observations based on power considerations only. We targeted 800 towards the lower end N where the data provider offered the option of representative demographics.

5 Distribution of age, gender and region of residence are summarised in supplementary material. Other than compliance with our demographic quotas (managed by the data supplier) and indication of informed consent, there were no additional inclusion criteria to participate and paid respondents self-selected to participate.

6 We examine compliance with treatment in supplementary material.

7 We include more explanation in supplementary material.

8 “Please tell me on a scale of 0-10 how much you personally trust the National Health Service [NHS] where 0 means you do not trust the NHS at all, and 10 means you have complete trust,” and “How well or badly do you think the UK government is handling the coronavirus (Covid-19) outbreak?” expressed on a 1 (Very badly) to 4 (Very well) scale.

9 We show the obtained distribution of all conjoint preferences in supplementary material.

10 We show the original distribution of preferences descriptively in supplementary material.

References

Ada Lovelace Institute. (2020). COVID-19 Rapid Evidence Review: Exit through the App Store? https://www.adalovelaceinstitute.org/exit-through-the-app-store-how-the-uk-government-should-use-technology-to-transition-from-the-covid-19-global-public-health-crisis/ Google Scholar
Ahmed, N., Michelin, R. A., Xue, W., Ruj, S., Malaney, R., Kanhere, S. S., Seneviratne, A., Hu, W., Janicke, H. and Jha, S.. 2020. A survey of covid-19 contact tracing apps. IEEE Access 134577134601 DOI: 10.1109/ACCESS.2020.3010226 CrossRefGoogle Scholar
Baumgärtner, L., Dmitrienko, A., Freisleben, B., Gruler, A., Höchst, J., Kühlberg, J., Mezini, M., Miettinen, M., Muhamedagic, A., Nguyen, T., Penning, A., Pustelnik, D. F., Roos, F., Sadeghi, A.-R., Schwarz, P. M. and Uhl., C. 2020. Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. arXiv preprint arXiv:2006.05914.CrossRefGoogle Scholar
Briers, M. 2020. A technical roadmap for the UK’s contact tracing app functionality. The Alan Turing Institute Blog. Retrieved from https://www.turing.ac.uk/blog/technical-roadmap-uks-contract-tracing-app-functionality Google Scholar
Cioroianu, I. and Dal., A. 2020. What is missing from the online debate around COVID-19 digital tools? Institute of Policy Research Blog, University of Bath. Retrieved from https://blogs.bath.ac.uk/iprblog/2020/07/08/what-is-missing-from-the-online-debate-around-covid-19-digital-tools/ Google Scholar
Department of Health and Social Care. 2020. The NHS Test and Trace App (early adopter trial, August 2020): data protection impact assessment, Published 13 August 2020. Retrieved from https://www.gov.uk/government/publications/nhs-test-and-trace-app-privacy-information/the-nhs-test-and-trace-app-early-adopter-trial-august-2020-data-protection-impact-assessment Google Scholar
Dietvorst, B., Simmons, J. P. and Massey., C. 2015. Algorithm Aversion: People Erroneously Avoid Algorithms after Seeing Them Err. Journal of Experimental Psychology: General 144(1), 114126. DOI: 10.1037/xge0000033 CrossRefGoogle ScholarPubMed
Ferretti, L., Wymant, C., Kendall, M., Zhao, L., Nurtay, A., Abeler-Dörner, L., Parker, M., Bonsall, D. and Fraser., C. 2020. Quantifying SARS-CoV-2 Transmission Suggests Epidemic Control with Digital Contact Tracing. Science 368(6491), DOI: 10.1126/science.abb6936 CrossRefGoogle ScholarPubMed
Hainmueller, J., Hopkins, D. and Yamamoto., T. 2014. Causal Inference in Conjoint Analysis: Understanding Multi-Dimensional Choices via Stated Preference Experiments. Political Analysis 22(1):130, DOI: 10.1093/pan/mpt024 CrossRefGoogle Scholar
Horvath, L., Banducci, S. and James., O. 2020. Replication Data for: Citizens’ Attitudes to Contact Tracing Apps. Harvard Dataverse, DOI: 10.7910/DVN/KVKGUB CrossRefGoogle Scholar
James, O. and Jilke., S. 2020. Marketisation Reforms and Coproduction: Does Ownership of Service Delivery Structures and Customer Language Matter? Public Administration https://doi.org/10.1111/padm.12670 CrossRefGoogle Scholar
Li, H., Wu, J., Gao, Y. and Shi., Y. 2016. Examining individuals’ adoption of healthcare wearable devices: An empirical study from privacy calculus perspective. International Journal of Medical Informatics 88: 817.CrossRefGoogle ScholarPubMed
Liu, D. and Carter., L. 2018. Impact of Citizens’ Privacy Concerns on e-Government Adoption. In Proceedings of the 19th Annual International Conference on Digital Government Research: Governance in the Data Age, 1–6, DOI: 10.1145/3209281.3209340 CrossRefGoogle Scholar
Martin, T., Karopoulos, G., Hernández-Ramos, J. L., Kambourakis, G. and Fovino., I. N. 2020. Demystifying COVID-19 digital contact tracing: A survey on frameworks and mobile apps. arXiv preprint, arXiv:2007.11687.CrossRefGoogle Scholar
Palmer, C. L. and Peterson., R. D. 2020. Toxic Mask-ulinity: The link between masculine toughness and affective reactions to mask wearing in the COVID-19 era. Politics & Gender, 114, DOI: 10.1017/S1743923X20000422P Google Scholar
Strezhnev, A., J. Haimnueller, D. J. Hopkins, T. Yamamoto. 2019. Conjoint Survey Design Tool Verison 2.0: A Python Graphical User Interface for Creating Conjoint Experimental Designs Usable with Web Survey Platforms. Retrieved from https://github.com/astrezhnev/conjointsdt Google Scholar
Utych, S. M. 2020. Messaging mask wearing during the COVID-19 crisis: Ideological differences. Journal of Experimental Political Science 115, DOI: 10.1017/XPS.2020.15 CrossRefGoogle Scholar
van Velsen, L., van der Geest, T., van de Wijngaert, L., van den Berg, S. and Steehouder., M. 2015. Personalization Has a Price, Controllability is the Currency: Predictors for the Intention to Use Personalized eGovernment Websites. Journal of Organizational Computing and Electronic Commerce 25(1): 7697, DOI: 10.1080/10919392.2015.990782 CrossRefGoogle Scholar
Wiertz, C., Banerjee, A., Acar, O. A. and Ghosh., A. 2020. Predicted Adoption Rates of Contact Tracing App Configurations - Insights from a Choice-Based Conjoint Study with a Representative Sample of the UK population. SSRN Preprint, DOI: 10.2139/ssrn.3589199 CrossRefGoogle Scholar
Figure 0

Figure 1 Overview of Study 1.

Figure 1

Figure 2 Overview of Study 2.

Figure 2

Figure 3 Treatment effects on preference of data storage systems.Note: Treatment is exposure to stimulus raising awareness of data breach. AMCE values calculated with the cjoint (Hainmueller et al. 2014) package in R. For ATE values (coefficients) see Table 2.

Figure 3

Figure 4 Treatment effects on privacy preferences within centralised systems.Note: Treatment is exposure to stimulus raising awareness of data breach. AMCE values calculated with the cjoint (Hainmueller et al. 2014) package in R. For ATE values (coefficients) see Table 3.

Figure 4

Figure 5 Preference of digital vs human contact tracing per treatment group.Note: Treatment is exposure to stimulus raising awareness of data breach.

Figure 5

Table 1 Privacy attributes depending on data storage system (dependent attributes)

Figure 6

Table 2 Data storage models

Figure 7

Table 3 Treatment and moderator effects on preference within centralised systems

Figure 8

Table 4 Treatment effects on preferred amount of human involvement in contact tracing

Supplementary material: Link

Horvath et al. Dataset

Dataset

https://doi.org/10.7910/DVN/KVKGUB
Link
Supplementary material: File

Horvath et al. supplementary material

Horvath et al. supplementary material 1

Download Horvath et al. supplementary material(File)
File 116.6 KB
Supplementary material: File

Horvath et al. supplementary material

Horvath et al. supplementary material 2

Download Horvath et al. supplementary material(File)
File 137.1 KB
Supplementary material: File

Horvath et al. supplementary material

Horvath et al. supplementary material 3

Download Horvath et al. supplementary material(File)
File 4.8 MB
Supplementary material: File

Horvath et al. supplementary material

Horvath et al. supplementary material 4

Download Horvath et al. supplementary material(File)
File 12.4 KB