Following the news around the UK government considering plans to use the NHS contact-tracing app to boost social distancing, CTO leading data privacy experts company offers the following comment.
Following the news around the UK government considering plans to use the NHS contact-tracing app to boost social distancing, CTO leading data privacy experts company offers the following comment.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The challenge with the collection and use of data in this way is that it is an intrusion into people\’s privacy that only a few weeks ago would have been considered almost impossible to imagine in the UK. The accuracy of GPS data is also quite variable in places, urban areas for example, where satellite signals can bounce off of buildings. Such inaccuracies could easily lead to false positives where people could be told to return home or be told that they had been spending too much time outside.
The privacy policy is very light on details of how long the data will be retained, stating as it does that \”In the future, we may use this data to help the NHS support sick individuals\”. Obviously with the collection of medical information (sensitive personal information under the GDPR) as well as location information it is important to know how it is going to be used and how long it is going to be kept for.
Another area of concern is that the privacy policy talks about the use of an anonymous code being used to replace personal information. Such an approach is often not sufficient, leading to the ability to re-identify people from the supposedly anonymised data.
A question that should be asked is whether users of the application will be well enough informed about the privacy implications of providing their consent to collect and process their information. I would argue that most members of the general public don\’t have enough knowledge and would perhaps reasonably assume that their data would be kept for a far shorter period of time than is likely to be the reality.