Your iPhone could help track disease—if you let researchers spy on you

Researchers want to use your cell phone’s location data to stop diseases from spreading. But at a time of data breaches, privacy violations, and lack of trust, they may not be ready to keep it safe.

Your iPhone could help track disease—if you let researchers spy on you
[Photos: Prawny/Pixabay; Flickr user NIAID; Argelis Rebolledo/iStock]

In a new study out of the Massachusetts Institute of Technology, health researchers make the case for using real-time cell-phone data to track and mitigate major disease outbreaks. Unfortunately, several barriers—including privacy concerns and a lack of data legislation—are likely to stop this kind of information from ever getting to researchers.


Earlier this year, researchers at MIT set out to see if they could reasonably predict how a disease might move through a city by looking at commute routes. Through a deal with Singapore telecom Singtel, MIT researchers were able to get access to four months’ worth of anonymized cell-phone location data from 2011. The disease they were tracking was a 2013 outbreak of dengue fever, a virus transmitted via mosquito that manifests in headaches, muscle pain, and vomiting. The researchers hypothesized that the disease traveled around the city along the same routes as people’s phones did. When they tested their predictions against census data for 2013 and 2014, which recorded the number of cases over the course of two years, they found the models were accurately estimating the growth trajectory the disease.

The study is remarkable for its ability to examine the pattern of dengue’s spread as it moves inside smaller regions like cities and towns. Typically, researchers study disease at a much broader level—think states and countries. But smartphone data allows researchers and scientists to see more detailed information about the way people interact with their environment and each other.

“This data can be really useful in an emerging situation,” says Emanuele Massaro, a scientist at École polytechnique fédérale de Lausanne in Switzerland and the lead author on the paper. He argues that “scientists, NGOs, and political decision makers” should have access to cell-phone data more broadly, so they can more easily contain disease outbreaks.

This data can be really useful in an emerging situation.”

Emanuele Massaro

The study reveals the ways that personal data, the kind sucked up by major tech companies like Google, Facebook, and telecoms like Verizon and AT&T, could help public health researchers divert the next major disease outbreak. But getting that data may prove difficult. Globally, people are increasingly aware of the value of their data and the way it is used by large corporations. Weary from having their private data abused, they may be hesitant to hand it over to scientists. Corporations too may not want to share data with researchers or public health officials, fearful that anonymizing the data still may not make it private enough. Still, researchers are trying to make the case for why they should—and how personal data, if properly safeguarded, could save lives.

Tapping into the well of personal data

The Singtel study isn’t the only example of researchers using data to track disease.


A week before an outbreak of the Ebola virus was confirmed in Guinea in 2014, researchers at Boston Children’s Hospital already had cause for concern. On March 14, their web-crawling project, HealthMap, picked up on eight deaths caused by a “mystery hemorrhagic fever” in Macenta, at the southern tip of Guinea. Eight days later, the Republic confirmed a total of 59 such deaths, which had officially been linked to Ebola.

HealthMap, which started in 2006, is a public data health initiative that shows how powerful data can be in predicting and tracking disease just using web links. It has successfully tracked the vaping illness, dengue, malaria, and a variety of other viruses, rashes, and diseases that spread through mosquitoes or rats. While good work has been done using data pulled from the web, researchers think smartphone data could help them change the course of a rapidly advancing disease as it’s happening.

You can get a person’s entire health profile and social profile all with data that’s coming from their mobile phone.”

Yulin Hswen

“We literally use our mobile phones all the time. It’s not just tracking our mobility, but depending on what device you have, it can track heart rate,” says Yulin Hswen, a researcher who works on HealthMap and is currently tracking sources of the vaping illness that has claimed 47 lives. “If you have certain apps, it can log the steps you’re taking. People also log their food. They make purchases through their phone, they do their banking.”

“You can get a person’s entire health profile and social profile all with data that’s coming from their mobile phone,” Hswen says. With such access, Hswen says scientists could create individual predictive health profiles that estimate the likelihood of a person falling ill as well as stop diseases from spreading in the first place. If you know who is vulnerable to disease, you can steer them toward preventative measures, like a vaccine.

The privacy question

But handing over that data, even in the name of public health, is quite complicated. Though countries are increasingly adopting privacy regulation, like Europe’s General Data Protection Regulation, there is still little framework for how this data would get shared and who would be in charge of it. There is currently no good way for people to collect their own data and share it at will, and people are increasingly wary of sharing their data.


Vasant Dhar, an artificial intelligence researcher and professor at New York University’s Stern School of Business, says some countries are working on systems that could more easily free up data for such projects. A data protection bill on the table in India would create an app where people can collect and view their data, for instance. It would also appoint a “data fiduciary” to each account, someone who would act as a gatekeeper to a person’s data. A data fiduciary, much like a financial fiduciary does with a person’s assets, would only release data when it was in the best interest of the individual to do so—perhaps for a public health project. Such a system would put the onus on companies and organizations to make the case for sharing cell-phone data, which Dhar believes must be done transparently and safely. Dhar thinks that even a public disease tracking project would have to prove its value.

I think that’s the case that needs to be made here—what are the benefits?”

Vasant Dhar

“You can always construct an Armageddon scenario where it’s obvious that you shouldn’t be asking questions, just save the planet, make the goddamn data available so we can move on with life,” Dhar says. “But I think that’s the case that needs to be made here—what are the benefits?”

Cell-phone location data, though very effective for documenting real-time travel, has limits. As the MIT study notes, cell data is only as good as its coverage. Essentially, MIT couldn’t track anyone who had a cell-phone provider that was not Singtel. However, juxtaposing cell-phone data with accurate public health data, like census records, appears to correct for this problem, according to the researchers.

There is also the issue of anonymity. In the MIT study, Singtel provides researchers with anonymized data. But the ability to make data truly anonymous is up for debate. Cell data can identify the places you spend time—your office, your home, the places you shop—and researchers have shown that it’s relatively easy to attach your name to these details. To this point, Facebook has been slow to share huge chunks of data with a group working on analyzing how the platform affects elections, citing privacy and security as a key reason for its molasses-like pace.

But this concern around data privacy has only come after several missteps. One of Facebook’s errors was conducting a study in 2014 that tested the platform’s ability to manipulate general mood on nearly 700,000 of its users without ever getting their consent. In the years since, the platform has frequently failed to protect user data.


A lack of transparency

Today, the same companies that have built big businesses accruing personal data for ad targeting—and have often acted cavalier about data breaches and other abuses—are striking deals with healthcare institutions. This has been controversial in no small part because they’re often doing this work in the dark, without patient knowledge.

If private companies own your data and can make business out of it, why can’t we use this data for good?

Emanuele Massaro

In 2016, Google’s AI lab DeepMind forged a partnership with the National Health Service in the U.K. and failed to alert patients that it was accessing their records for the project. In a more recent debacle, Google linked up with Ascension, a network of health centers, to develop tools for its doctors. Again, both parties failed to be transparent either about the relationship or Google’s ability to access patient data.

Governments too have a spotty history with protecting consumer data, which could make Massaro’s vision for sharing data with political decision-makers hard to swallow. In 2015, a hack on the federal government’s Office of Personnel Management exposed the records of 21.5 million people, including their home address, phone number, social security number, and other highly sensitive information. And government agencies have also intentionally distributed personal information. This year, Motherboard revealed that the California Department of Motor Vehicles is making $50 million annually on selling customer data to Experian and LexisNexus among other third parties.

Given all the ways personal data has been mishandled, researchers are now worried that people are losing trust in academic and health institutions and will be less likely in the future to volunteer it. But Massaro says that unlike private companies, researchers have strong rules and ethics in place for safeguarding user data. “If private companies own your data and can make business out of it, why can’t we use this data for good?” 

Dhar says that’s a false paradigm, noting that Google shouldn’t necessarily have the personal data that it does. “It doesn’t make it right and doesn’t mean [researchers] should be using it,” Dhar says.

About the author

Ruth Reader is a writer for Fast Company. She covers the intersection of health and technology.