To help limit the spread of the coronavirus within the UK, and as part of easing lockdown measures, millions of people will soon be asked to track their movements via an app on their smartphone.
What is contact tracing?
Contact Tracing aims to identify and alert people who have come into contact with a person infected with coronavirus.
Smartphones can be used to quickly and automatically determine whether somebody has been in contact with an infected person.
The NHS has developed an app for the UK, which is aimed at limiting a second wave of coronavirus which will be trialled on the Isle of Wight, and then launched to the rest of the UK, if it proves successful.
Health Secretary, Matt Hancock has urged residents of the Isle of Wight to download the app to “protect the NHS and save lives” he has said that “by downloading the app, you’re protecting your own health, you’re protecting the health of your loved ones, and the health of the community.”
Contact tracing has been credited with helping to lift restrictions in other countries when combined with other measures.
What will happen with my data?
The UK app will use a centralised model, meaning the matching process will take place on a computer server, and will help give more insight into how the disease spreads.
The data is recorded under an anonymous ID, rather than by the person’s name.
Civil rights group Liberty said the government must take the risks seriously, and should not make installing the app a condition to leaving the lockdown or returning to work.
”The information gathered will only ever be used for health and research purposes, and the app can be deleted at any time” (NHSX – the digital development arm of the health service).
Data protection considerations
Introduction of a contact tracing app causes privacy and security concerns for many people.
- Architecture – what technology (e.g. Bluetooth / GPS) and security protocols will be adopted? How will the data be encrypted?
- Access to the data and purpose – who will have access to the data collected (the government, health authorities, academia, police, private companies, other app users)? What can the data be used for by these parties?
- Categories of data collected – will the app collect the user’s name and contact details, their geolocation data, whether they are showing symptoms and / or have been tested positive for COVID-19?
- Data retention – how long will the data be retained for? Will it be anonymised or deleted at the end of the COVID-19 pandemic?
- Data storage – will the data be stored on the user’s smartphone or centrally?
- Legal basis – what will be the legal basis for processing the personal data? Will the app rely on user’s consent or use public interest as a basis for processing?
- Quality of data – will the app notify other users only if the user tests positive or also if they self-report that they have been showing symptoms? How will the app ensure that users do not abuse the notification feature?
- Users – will users be required to use the app or will it be voluntary? Will children be expected to use it as well?
Whilst we haven’t got the answers to all of the above, data protection regulators have actively been involved in the development of the contact tracing app to ensure it complies with UK data protection laws. Use of the contact tracing app will be voluntary, with the first part of the user’s postcode being the only data stored when the app is launched. NHSX have advised additional location data will only be recorded if users agree to a further opt-in request.
If you would like further guidance or support on data protection or require advice on other people management matters please contact Clover HR on 0121 516 0299 or email us at info@cloverhr.co.uk ©️ Copyright Clover HR
