COVID-19: Privacy Considerations of Contact Tracing Apps
by Anastasia Fowle, Matt Quezada, Shruti Goel
Published: May, 2020
Submission: May, 2020
Related Articles in
Latest Firm's Press
Governments are turning toward the use of data driven solutions as part of their response to the COVID-19 pandemic, which raises numerous privacy concerns.
Contact tracing technology seeks to inform and notify individuals that have been in contact with a person infected with COVID-19, enabling such individuals to self-quarantine, receive testing and, if required, obtain follow-up treatment.
Contact tracing apps (CTAs), alongside measures such as the deployment of comprehensive testing regimes and eventual vaccination, will hopefully provide an effective means for managing the pandemic across the globe.
Utilising technology and data to achieve this objective, whilst protecting individuals’ rights and freedoms, is a task governments worldwide are currently grappling with, with varied approaches in overcoming such a challenge.
Contact tracing across the globe
In March 2020, Singapore’s government instructed its Government Technology Agency, and Ministry of Health, to create the app Trace Together. Through the exchange of Bluetooth signals between phones, it detects other users in close proximity, enabling contact tracers to inform close contacts of COVID-19 cases quickly.
Other governments in the region swiftly replicated the technology, with varying degrees of success:
European approach and concerns
Across Europe regulators and government bodies have issued opinions, recommendations and released guidance on the privacy concerns of CTAs including:
The key principles consistent across all the above documentation, are for European governments to adopt a harmonised and uniform approach to the development and implementation of contact tracing technology and deployment of CTAs, which implement and reflect the principles of the GDPR; including:
Google and Apple’s collaboration
Google and Apple have collaborated to create software to enable public health authorities around the globe to create CTAs, using Bluetooth signals to sense when an individual is at risk of being infected with COVID-19. Individuals will download official public health apps, that will share anonymous data with governments and public health organisations.
A matching process will take place through a decentralised system on users’ handsets, matching those that are at risk of contracting COVID-19, with alerts sent directly to their handsets. Google and Apple indicated that a decentralised approach provides increased privacy, limiting governments’ or a potential hacker’s ability to use a computer server to log specific individuals and identify social interactions.
Public health authorities will retain control in setting the parameters to define and calculate their chosen risk level, assigned to individuals receiving an alert that they have been exposed to a person who has tested positive for COVID-19.
The NHS’ technology unit NHSX, however, have rejected the software model proposed by Google and Apple’s collaboration, due to its use of a decentralised system.
NHSX instead believe a centralised system with a computer server assessing which handset should receive a matching alert will provide more insight into COVID-19's spread.
The success of CTAs in fighting the current pandemic is contingent upon user engagement; a substantial proportion of a country’s population downloading and keeping the app installed, as well as self-reporting. If CTAs are solely used on a voluntary basis, public trust and confidence in the integrity and management of individual’s privacy is vital for CTAs success.
The data protection and privacy issues are not only a matter of compliance, but are a key component in eliciting the trust of individuals; which if obtained, will make CTAs, in conjunction with wide-spread testing, an effective tool against lifting some of the measures imposed by governments world-wide, including lockdown.
This information is for educational purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given.
Link to article
Related Articles in
- TMT And Data Compliance & Cybersecurity: Personal Data Protection in the Age of Covid-19
- EDPB Issues Statement on Restrictions on Data Subject Rights During COVID-19
- European Commission Releases First Report on Evaluation of GDPR
- International Comparative Legal Guides: Fintech 2020
Latest Firm's Press
- Bensons for Beds pre-pack deal agreed – Shoosmiths CR&A team advise on another high-profile brand/retailer
- Arbuthnot Assists in Lending Facility for Chiltern Capital with Help from Shoosmiths
- Shoosmiths Boosts UK Real Estate Finance Team with Strategic Gires in London, Manchester & Leeds
WSG Member: Please login to add your comment.