Digital government teaching case study

Introduction

In March 2020, as COVID-19 spread, governments around the world had to act fast to manage a pandemic which tested their health care and governance systems. The first case in the Philippines was reported on January 30, 2020, when a 38-year-old Chinese woman from Wuhan was diagnosed with the disease (WHO, 2020). On March 7, local transmission was confirmed; the government introduced community quarantines and passed the “Bayanihan to Heal as One Act” on March 24 to mobilize resources against the virus (Official Gazette, 2020). 

The situation worsened rapidly and, by September 1, 2020, the World Health Organization (WHO) reported 224,264 confirmed cases and 3,597 deaths in the country (WHO, 2020). Traditional contact tracing methods, due to their dependence on manual processes, struggled to keep pace with the spread of the virus, and delays in identifying and isolating cases only worsened the situation (DOH, 2020).

Digital contact tracing was incorporated into these efforts, offering the promise of tracking potential COVID-19 infections more quickly and efficiently. The National Task Force (NTF) against COVID-19 and the Inter-Agency Task Force (IATF) on Emerging Infectious Diseases announced “StaySafe PH” as the official contact tracing and symptom monitoring application of the Philippines(DILG, 2020). The IATF, composed of representatives from multiple government departments including the Department of the Interior and Local Government (DILG), the Department of Health (DOH) and the Department of Information and Communications Technology (DICT), served as the primary coordinating body for the country's pandemic response and digital health initiatives.

Developed by Multisys Technologies Corporation (Multisys), a private software solutions company in the Philippines, and donated to the DILG, with support from the Department of Health and the Department of ICT, StaySafe PH was developed to unify the contact tracing system of the country (MultiSys, 2020). The application allowed users to check on their health status, receive exposure notifications and help identify potential COVID-19 cases digitally.

However, the app faced significant adoption challenges due to privacy concerns and technical issues. The application has been criticized for a number of issues, including privacy concerns, security weaknesses and poor usability. Technical assessment of the systems revealed numerous privacy and security weaknesses, including asking for too many permissions and inadequate data storage mechanisms. Another disturbing discovery made by the Citizen Lab (2021) was that user geolocation data was stored in an insecure manner, which could have allowed hundreds of thousands of users to have their location data compromised.

To increase usage of the app, the government made it compulsory to use the app in certain settings such as government offices, public transportation, banks, and malls, increasing the number of users to 15 million by March 2021 (DILG, 2021). However, controversies persisted. On August 3, 2021, then Health Secretary Francisco Duque III told a Senate hearing that the app had "almost no impact" in contact tracing, a position that contradicted the DILG's claims of success, sparking more debate about the value and impact of the app (Philstar, 2021).

This case study aims to investigate the development, adoption, and challenges of StaySafe PH as the Philippines’ contact tracing application during the COVID-19 pandemic. By looking at the technical, policy, governance, and user experience aspects of this digital public health tool, we will attempt to derive significant lessons on the interplay of technology, privacy, security, and public health in a moment of crisis. The findings may be useful for government officials, technology developers, policy makers, and public health experts as they prepare and plan for future emergencies that will need rapid technological development.

StaySafe PH demonstrates the multifaceted issues that emerge when implementing digital solutions at the national level during public health emergencies, particularly in environments where digital literacy, infrastructure, and governance frameworks continue to evolve. This prompts crucial questions regarding future crisis management: How can governments make sure that digital health tools are both effective and ethical? What factors influence the acceptance or resistance of the public towards such technologies? And what criteria can be used to measure success in such cases where the outcomes are complex and subject to competing interpretations?

The Public Servant’s Dilemma 

As the COVID-19 pandemic worsened, members of the Inter-Agency Task Force (IATF) on Emerging Infectious Diseases found themselves confronting an unprecedented dilemma: How to use digital technology to contain the worsening pandemic while also addressing the effectiveness of their digital contact tracing app and public concerns with it. Launched on September 3, 2020, the StaySafe PH App was designed to improve contact tracing amid a rapidly spreading public health crisis, but its deployment revealed major issues — low uptake linked to privacy worries and public distrust in government data management (CNN Philippines, 2020).

IATF decision-makers, under the leadership of the Department of the Interior and Local Government (DILG), together with the Department of Health (DOH) and Department of Information and Communications Technology (DICT), faced competing pressures between public health imperatives and citizen concerns about privacy and surveillance.

According to Alampay (2020), prior to COVID-19, the Philippine open data ecosystem was very fragmented, and health data on the Open Data Philippines (ODPH) portal was limited to 12 datasets and 40 files, which were outdated and not in open formats – such as PDFs on the DOH website. The government’s ability to collect data for crisis response and management was impacted by a lack of interoperability and up-to-date data (Alampay, 2020).

The app’s use of GPS tracking raised even further public fears of surveillance, damaging the “social licence” — people’s willingness to share data for the greater good (Verhulst et al., 2021; Citizen Lab, 2020). As a decentralized country, there was also inconsistent app implementation across local government units, while at the national level, the National Privacy Commission (NPC) had set very high standards for data protection, which were challenging to implement (NPC, 2020).

Moreover, IATF had to address ethical issues, including the accessibility of the app for those without smartphones (The Public Manager Considerations, 2022).  In 2020, 30% of the Filipino population lacked smartphones, with internet penetration at only 67% nationwide, and much lower access in rural areas (Philippine Statistics Authority, 2020; DataReportal, 2020). The consequences of these issues were high: Low uptake of the app could compromise its public health value, and a heavy-handed approach could further erode public trust in government data practices.

For IATF members, these challenges posed both personal and professional dilemmas. Recommending mandatory adoption could achieve public health goals but establish surveillance precedents that might outlast the pandemic, while advocating for voluntary approaches respected privacy but might be seen as inadequate during a national emergency when decisive action was expected from the coordinating body.

Given these constraints, IATF decision-makers identified three potential approaches:

Option 1:  Mandatory Adoption with Centralized Data Governance

As with Singapore's “TraceTogether” model, the first option IATF members explored involved making the StaySafe PH App mandatory for all sectors, necessary for citizens to access public services, workplaces and transportation (GovTech Singapore, 2020). Either the DILG, DOH or the DICT would manage data centrally through integration with other contact tracing apps like the COVID-KAYA systems, to establish a unified tracing framework (WHO, 2021). 

The mandatory adoption approach with centralized data governance provided several benefits, including the ability to quickly reach 50 million users for effective contact tracing,  the optimization of data collection to address fragmented systems, and its crisis-driven legitimacy, as the government could position it as a necessary measure (DILG, 2021; Verhulst et al., 2021; Public Manager Considerations, 2022).

However, this approach risked escalating surveillance concerns and faced implementation challenges, further eroding trust given the app’s initial security problems and pre-COVID data practices (Citizen Lab, 2020; Alampay, 2020). Enforcement across 1,642 cities and municipalities with limited capacity could create additional governance challenges while raising ethical issues about smartphone accessibility and digital literacy requirements.

Option 2: Voluntary Adoption with Decentralized, Privacy-First Governance

The second option was to encourage voluntary adoption while ensuring privacy through decentralized data governance. This would include adopting the Google/Apple Exposure Notification (GAEN) framework, keeping data on users’ devices, and enforcing data deletion policies (StaySafe.ph, 2021). In this option, digital literacy and education campaigns on user control and transparency would be essential in scaling the usage uptake of the app.

Social license and principles of user empowerment (Open Data Governance, 2020) are upheld through the voluntary adoption approach, with decentralized and privacy-first governance, potentially regaining trust through citizen control of data with daily updated anonymized data (Verhulst et al., 2021; Alampay, 2020). It also ensures ethical compliance by respecting autonomy, complying with NPC guidelines and addressing coercion concerns (Public Manager Considerations, 2022; NPC, 2020).

​​Unfortunately, considering the existing distrust among the citizens, this approach might not address the limited adoption challenge. The decentralized system also needed a more complex data infrastructure, which presented difficulties for LGUs with minimal resources.

Option 3: Context-Specific Mandates with Hybrid Governance

The third option was a hybrid approach: the IATF implemented this in November 2020 by requiring the app’s use in high-risk settings such as government offices, public transportation, and large venues, while making it voluntary elsewhere. This was paired with hybrid governance, which had centralized oversight for mandated areas, decentralized privacy protections for voluntary users, and NPC compliance measures like 60-day data deletion (StaySafe.ph, 2021).

The hybrid governance option struck a balance by applying strict regulations to high-risk zones and permitting optional use in other areas, decreasing backlash from  citizens. The GAEN shift in January 2021 also implemented this hybrid model, balancing efficiency with privacy concerns (Open Data Governance, Verhulst et al., 2021; Inquirer.net, 2021).

However, just like option 2, limiting mandates meant incomplete coverage, with app downloads falling short of the 50 million target. Hybrid governance also created complexity, straining LGU capacities, leading to uneven implementation (Verhulst et al., 2021; Alampay, 2020). The initial security controversy, which persisted even after the COVID-19 outbreak, and the government’s pre-COVID-19 lack of stakeholder engagement, further limited voluntary adoption (Citizen Lab, 2020; Alampay, 2020).

Actions and Reactions

Given the challenges of a public health crisis, privacy considerations, low adoption rates, and governance issues like implementation inconsistencies across local government units, the IATF took the hybrid approach of context-specific mandates and hybrid governance. 

This choice focused on mandatory use in high-risk settings while keeping the StaySafe PH App voluntary elsewhere, with privacy enhancements for public use. The rollout underwent multiple phases, from policies on mandatory use to accelerate adoption, to decentralization, and feature changes to reduce privacy concerns. This resulted in varying results from the stakeholders, as citizens and government officials responded with caution, skepticism, and some outright dissent, reflecting wider tensions in digital governance during a crisis.

Decisions and Actions Taken

Through coordinated IATF decision-making involving the Department of the Interior and Local Government (DILG), Department of Health (DOH), and Department of Information and Communications Technology (DICT), the task force decided to implement context-specific mandates for the StaySafe PH App.

StaySafe PH started its official adoption through “DILG Memorandum Circular No. 2020-129,” which the DILG issued on October 21, 2020 to make the contact tracing application mandatory for all local government units (DILG, 2020).By November 2020, the Inter-Agency Task Force for the Management of Emerging Infectious Diseases (IATF) issued “Resolution No. 85” which mandated its use by national government agencies and encouraged private establishment adoption (Inquirer News, 2020). In June 2021, the Land Transportation Franchising and Regulatory Board (LTFRB) also made the system mandatory for public utility vehicles, requiring all passengers to scan QR codes to register (Spot.ph, 2021).  

As seen in the above timeline of initiatives, a targeted approach was applied in high-risk settings such as government offices and public transportation, but allowed voluntary adoption elsewhere to avoid perceived overreach.

To address the public’s privacy concerns, public managers strengthened data governance. In January 2021, after public backlash against the app's initial GPS tracking feature, the app adopted the Google/Apple Exposure Notification (GAEN) framework instead (StaySafe.ph, 2021). This fundamental redesign replaced centralized GPS tracking with Bluetooth, where exposure data remained on users' devices and was deleted after 14 days (Inquirer.net, 2021).

In accordance with the NPC regulations, users were permitted to delete their personal data by March 2021, and manual contact tracing data was removed after 60 days (StaySafe.ph, 2021). These measures sought to rebuild trust through user control and transparency (Public Manager Considerations, 2022) and social license (Open Data Governance, Verhulst et al., 2021).

Philippine governance efforts also attempted to enhance coordination through the country's decentralized system. DILG integrated the app with other COVID-19 tracing apps like the COVID-KAYA platform to enhance data sharing with cities and municipalities (WHO, 2021). However, the government data systems remained fragmented (Alampay, 2020), which made it difficult for LGUs to support the app's full implementation because they lacked the necessary capacity. Public education campaigns were launched to promote adoption, but their reach remained limited.

Outcomes of the Actions

The chosen hybrid approach can be linked to higher adoption rates. Seven hundred local governments joined the platform, and the StaySafe PH App user base expanded to 15 million by March 2021, a major increase from the initial 2 million users in September 2020 (DILG, 2021).  The growth was driven by mandates in government offices and public transportation, where compliance could be enforced.

Aligning with the NPC requirements, the implementation of GAEN alongside data deletion policies resolved some privacy issues,  gaining support from privacy advocates (NPC, 2020). The app also showed some public health impact: in July 2021, the DILG reported that the app had identified specific COVID-19 cases via contact tracing, supporting its potential in crisis management (Inquirer News, 2021).

However, the results did not meet expectations in certain areas. Although a significant improvement, the 15 million users fell well short of the 50 million threshold required for thorough contact tracking (DILG, 2021). The government's pre-COVID-19 failure to create connected data systems restricted the app's effectiveness because LGUs faced challenges when trying to link digital app data with their manual tracing systems (Alampay,2020).

The app's voluntary usage remained minimal outside required areas, which can be linked to users’ continued distrust of the application and lack of access (Citizen Lab, 2020). The insufficient public education initiatives also created digital literacy problems, which prevented numerous citizens, especially those in rural and low-income areas, from effectively using the app.

Stakeholder Reactions

These actions generated diverse public reactions, which highlighted the deeper tensions between public health requirements and privacy protection. People within mandatory settings, including government staff and public transportation riders, adopted the protocols mainly because of necessity instead of faith and trust in the system.  

Even though the app had enhanced privacy features, people retained their doubts, especially those who had experienced the initial GPS tracking function of the app. In early 2021, users on social media from early 2021 expressed their fear of being watched through the app, which some users labeled a "government spying tool" (Citizen Lab,2021). The government's failure to demonstrate data governance transparency pre-pandemic created distrust among citizens, which made it difficult to gain social license during and post-crisis (Alampay,2020).

In the government, reactions were split,  with serious internal disagreements over the app's efficacy. Though the DILG touted the app as a success story, with 15 million users as proof of progress (DILG, 2021), other government officials expressed grave doubts. At a senate hearing in August 2021, former Health Secretary Francisco Duque III stated that StaySafe PH had "almost no impact" on contact tracing efforts. This statement was significant enough to cause Malacanang office, the Capitol of the Philippines, to demand explanations from the DICT about the app's performance (Philstar, 2021). This high-level disagreement illustrated a lack of government consensus on how the app helped with pandemic management, despite significant resources being poured into its implementation.

Privacy advocates and civil society groups also responded differently. While the NPC recognized that the app followed data protection standards after moving to GAEN, highlighting its 60-day data deletion policy as a positive advancement (NPC, 2021), organizations such as the Foundation for Media Alternatives (FMA) criticised the government for not involving multi stakeholder groups early on in the app's design, negating the principles of co-creation (Verhulst et al., 2021). They argued that broader and earlier consultation might have tempered early privacy concerns and increased voluntary adoption (FMA, 2021).

Local government reactions varied widely depending on their digital resources and capacity. The technical limitations and insufficient staff at some local government units made it difficult to integrate app information with traditional contact tracing operations and their existing data systems, if any (Alampay, 2020). Ethical conflicts also emerged from this hybrid approach, as it failed to solve the digital access problems faced by low-income residents who lacked smartphones and digital access (Public Manager Considerations, 2022).

Mixed outcomes and divided stakeholder reactions to StaySafe PH illustrate the inherent complexities of deploying digital solutions during a crisis,  especially in the context of pre-existing governance fragmentation and digital divides. Such reactions also provide useful context for understanding the intersection among the social, technical and governance dimensions of digital governance initiatives, setting the stage for an examination of key lessons from this experience.

Further Reflections

The deployment of the StaySafe PH App is a compelling case to reflect on wider implications for digital public health tools used in crises, especially in a developing country such as the Philippines. The hybrid approach revealed several key challenges across technical, governance, and social dimensions that merit further analysis. 

Technical Layer: Local vs. Global Players and Data Integration

Should we rely on start-ups (local focus) or global players? This technical question highlights one of the important choices in the development of the StaySafe PH App. Developed locally by MultiSys Technologies Corporation, the app received early criticism for  privacy and security flaws. 

Some of these concerns were addressed in January 2021 with the move to the Google/Apple Exposure Notification framework (GAEN), which leveraged global standards for privacy-preserving contact tracing (Inquirer.net, 2021). But this transition also revealed a broader technical issue: interoperable data systems were not present. Alampay (2020) notes that the fragmented data governance in the Philippines — characterized by limited, untimely, and non-open health data — limited the app's integration with existing platforms like COVID-KAYA and therefore  its impact (WHO, 2021).

Financial Layer: Market-Driven vs. Public Policy Driven

Is it driven by market forces or public policy? This financial question reveals the StaySafe PH App's funding and sustainability challenges. While it was primarily driven by the urgent public health need, the app was also public policy-driven. Multisys donated the app to the Philippine government, and it was later funded and managed by DILG with support from the DOH and DICT, reflecting a government-led response to a public health crisis (DILG, 2021). The lack of financial sustainability emerged as public education campaigns received insufficient funding and LGU support, resulting in low voluntary adoption outside mandatory settings (Alampay, 2020).

Political Layer: Privacy Regulation Ownership

Who has the authority to make decisions about privacy and surveillance? This political layer question on privacy regulation ownership highlights governance conflicts during the StaySafe PH App implementation. The initial centralized app design with GPS tracking and monitoring raised public trust concerns and fears over government surveillance (Citizen Lab, 2020). Some worries were eased by the GAEN shift and NPC compliance measures, but the app's legitimacy still suffered from a lack of stakeholder involvement in its design process (Verhulst et al., 2021).

Social Layer: Digital Literacy and Inclusion

Who gets excluded when digital solutions are mandated? This social layer question revolves around digital literacy, a crucial gap in the StaySafe PH App rollout. The application deployment depended on the assumed digital competency of the population and missed that many Filipinos, including the most vulnerable populations in rural and low-income neighborhoods, with little to no access to digital infrastructures and tools. This ethical issue of exclusion (Public Manager Considerations, 2022) became more apparent when regulations on the mandated use of the app were passed, disproportionately limiting access to essential services.

Environmental Layer: Centralization vs. Decentralization

How central is the environment? This environmental question can be interpreted in this case study as the balance between centralization and decentralization, captured by the governance challenges of the StaySafe PH App’s hybrid approach. As we’ve seen, the app was more effective when used in mandatory centralized settings such as government offices and public transportation, but was less effective in decentralized settings due to LGU capacity constraints (DILG, 2021). According to Alampay (2020), LGUs struggled with data integration due to the Philippines' existing fragmented data systems. 

Beyond Binary Success/Failure Assessment

There are inherent limitations to evaluating crisis technologies using a binary success-failure framework, as demonstrated by the StaySafe PH case. The polarized assessments of the app's impact, show how the same initiative may be framed differently depending on contextual metrics and timeframes.

This multifaceted outcome aligns with what Mergel et al. (2019) describe as the “emergent” nature of digital government initiatives, where results often unfold incrementally rather than matching initial expectations. The experience suggests that evaluation frameworks need to account for both immediate crisis response effectiveness and longer-term governance development.

Conclusion

The StaySafe PH case presents the complex challenges public managers encounter when implementing digital solutions during emergencies, including diverse stakeholder needs, pre-existing governance fragmentation and different levels of digital preparedness. The StaySafe PH contact tracing app faced multiple challenges during a severe outbreak, mainly because of its low adoption rate and privacy concerns that caused public distrust (WHO, 2020; CNN Philippines, 2020).

The case traces the challenges faced by Philippine government officials,  from balancing public health, privacy concerns, and governance realities, to the hybrid implementation approach and its mixed results. It provides valuable lessons for public managers navigating similar situations and draws directly from the Teaching Public Service in the Digital Age (TPSDA) curriculum especially “Unit 6: Data Part II: Harmful Uses,” which examines the potential harms of data collection, governance and use,  and the evolving social license during and post-crisis (TPSDA, 2022).

At the end of the day, the StaySafe PH case is not a success story or a cautionary tale but an illustration of the complexities that public managers face when deploying digital solutions in crises. We can learn from its achievements and limitations,  to design more thoughtful digital governance approaches that take advantage of new technologies while remaining rooted in public service values of inclusion, transparency and shared governance. These lessons can be a useful compass for public managers as they navigate the digital transformation of the public service with innovation and integrity, especially in an era of accelerating technological change and increasing crisis frequency.