To start, every question we're seeking to answer is about populations. These data are only useful in so far as they inform us indirectly about average contact rates in populations. We have no interest in individual devices. The information's only useful in aggregate.
The data are de-identified, so in most cases they're pre-aggregated metrics and summary statistics about those populations. When we do receive individual device level data, there's no identifying information received. The contents of it are simply an approximate location and a time-stamp.
The description of half-hour reporting only pertains to that data we hold in extremely secure internal secure data processing platforms, with only a limited number of internal users having access. We have a number of reasons for using industry best practices for data security.
Beyond that, to your larger point about potential reidentification—