Data security & privacy issues have been flagged-up as the UK joins with major tech companies in order to produce a contact tracing app that will be able to identify people who have the Coronavirus infection.
Plans are in place for a mobile application app that will warn users if they were recently in close contact with someone who is thought to be have been infected by Covid-19.
British Health Secretary Matt Hancock mentioned this decision in a UK press briefing on April 12.
Hancock explained that the NHS is working jointly with a number of leading technology companies on this project, as the BBC had reported. It was indicated that Apple & Google were likely to be the partners. Both companies last week announced a joint effort to develop a software building block that in turn makes it much easier for contact-tracing mobile applications to be set up by others.
This plan premises on the idea that those with suspected Coronavirus symptoms will now be able to declare their new status in the app via a confirmation key.
A centrally maintained database that is connected to this app will send a yellow alert to all the users who have been designated as having recently been close to the suspected patient for what is described as an ‘extended period of time’, observed this report.
When a medical test then confirms the infection, then a red alert will be immediately sent out, which then further ‘suggests’ that the other users go straight away into a self-quarantine.
‘Covid Symptom Tracker’, which is an app that actually tracks the symptoms of the virus is currently one of the most popular UK downloads.
Any success of any of these types of apps rely only on widespread adoption and use, explained Rahim Jina, who is the COO and co-founder of Edgescan.
“In western societies, this means that privacy will not only need to be respected but must also need to be the focal point during the design of these apps. Transparency will be key here, & every part of what these apps do, what data they collect and process, from sign-up to daily use to future evolution of the products, will need to be scrutinised by both data protection bodies and also given assurance by third party organisations,” he cautioned.
If, however, there is the least suspicion about the technologies or the possible uses of this data, this will then mean people may well not be as comfortable using the apps & their effectiveness would be compromised, he further added.
As no app can ever be described as impenetrable, the security of personal data is always of concern, observed Jake Moore, who is a cyber-security specialist at ESET.
“As with any account online, you should always think about submitting the least amount of personal data as possible. It is vital to hold onto your own private information as it is becoming the most valuable currency of current times,” he warned.
“Cyber-criminals are constantly attempting to poach private information from dormant accounts, so although this may seem like a good idea presently, many people never delete their accounts. making this data easily targeted in future attacks. It is vital to be sure to delete accounts you don’t use anymore.”
The difficult question to be posed is, “if the public now accepts this intrusive use of personal data for health reasons in an emergency, would they then become desensitised to the UK government using data for crime prevention, to monitor large crowds at events or even to replace the UK National Census – due in 2021?”, debated Toni Vitale, who is Head of Data Protection at JMW Solicitors.
China and Hong Kong
“In some parts of the world – including China and Hong Kong – such tracking is already taking place. However, the EU & also the UK are likely to be more cautious with this approach,” he observed.
The EDPB, which functions to advise the EU Commission on aspects of data privacy, insists on the maintenance of anonymity whilst collating this location data.
“Public authorities should first seek to process location data in an anonymous way (i.e. processing data aggregated in a way that individuals cannot be re-identified), which could enable generating reports on the concentration of mobile devices at a certain location,” explained the EDPB statement on the processing of personal data applied in the context of the current outbreak.
EEA Member States
“Whilst the EDPB recognises that EEA Member States are entitled to introduce legislative measures to safeguard public security, it points out that if this involves non-anonymised location data then the legislative measure must also put in place adequate scrutiny and safeguards. These could include providing the right to a judicial remedy,” outlined Vitale.
“It emphasises that governments should always use the least intrusive solutions possible, considering the specific purposes of the legislation. Blanket surveillance is unlikely to be compliant with EU laws even when it is for the public good.” strongly cautioned Vitale.
Saving of Life
In summary, the vital saving of life needs to be now balanced against the vital needs of privacy, & most professionals will be relieved that this hugely difficult moral & legal decision does not fall directly to them.