The US Center for Disease Control (CDC) has issued the document Guidelines for the Implementation and Use of Digital Tools to Augment Traditional Contact Tracing for the health departments.
The guidelines state that technology can support case investigation and contact tracing but cannot take the place of a trained public health workforce for interviewing, counseling, and providing support for those impacted by COVID-19.
With regards to privacy and data protection, the guidelines foresee a voluntary opt-in contact-tracing app. They also state that users’ consent is required before their data is shared and that sharing location data, proximity data, or sensitive health data with a health department is not necessary for the user to benefit from the tool’s exposure notification features. The guidelines call for encryption of data and storage only on the user's device with the possibility to delete the data at any time by the user. Further, the guidelines require the contact-tracing apps to undergo independent security and privacy assessment, include safeguards to prevent introduction of false data, and use programmatic means of secure data transfers.