Countries across the world are developing software and apps to track their citizens’ movements in order to trace and contain the spread of COVID-19. As we enter the eighth week of lockdown, Britain is no exception. In collaboration with the NHS, the British government are devising a contact-tracing app which will send users anonymous notifications if they come into contact with an infected person.
Whilst we at Kazient support the idea of using data in order to stop the spread of this virus and bring an end to the pandemic, Data Privacy needs to be at the forefront of any decisions made.
How the app works
The NHSX app uses Bluetooth technology to track the locations and contacts of its users, in the hope it will help to track the spread of the virus. Contrary to other European countries, and to companies like Apple and Google, the U.K is seeking to have the data on this app centralised.
Apple and Google have been working together to develop an integrated Android and iOS app with input from public health bodies. It will work with phones exchanging key codes with phones nearby. When an individual becomes infected they can share their code with a database. This database is regularly updated and downloaded to the app. Users can check for any matches between the codes of those who they have come into contact with and the codes on the database. To ensure privacy standards are upheld, the companies will change the key codes every 10-20 minutes. This will mean it is more difficult for potential hackers to link codes to users.
Comparatively, the app being developed by the NHS will involve matches taking place on a central server, rather than on the individuals’ phones. Privacy experts fear that this could mean individuals being inappropriately tracked. Though NHSX has reiterated that privacy and security are a priority for this project, the concerns still remain. Almost 200 privacy experts have expressed “serious concern” over this app by signing a public letter to the government. They have asked that NHSX publish the Data Protection Impact Assessment (DPIA) as soon as possible to allow public debate and scrutiny of the app before its deployment.
The group has also raised questions over the future of the app. In the letter, they have asked for its developers to be transparent over its plans on how the app will be phased out post-pandemic in order to prevent mission creep.
Here, it would mean that the reasoning for keeping data by NHSX would change, and could be used for something more sinister.
This week, there has been speculation that the government may drop the NHSX app in favour of the one being developed by Apple and Google. Following privacy concerns brought forward by experts and MPs, and warnings that the UK could be an outlier should it choose to use a centralised system.
At the time of writing this article, there is still confusion over the app. Despite it being already released in a preliminary capacity in the Isle of Wight, the software has been found to be limited. The source code for the app has not been released and this has been met by criticism by privacy experts who say “without the server source, you have no idea what they’re doing with the data”.
Furthermore, the app only has the capacity to work on phones with at least iOS11 or Android 8. This excludes many older phones as well as those from the Huawei models who don’t run on either software.
Recent reports have also suggested that the government may now decide to move to more of a decentralised method, instead of the previously decided centralised system which caused many privacy concerns. However, nothing has been confirmed as of yet.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.