Contact tracing, surveillance, and data privacy