UK plans its own Covid contact tracing app

News by Chandu Gopalakrishnan

Data security and privacy issues have been raised as the UK teams up with tech majors to create a contact tracing app to identify those with Coronavirus infection

The UK government has announced plans for a mobile application app to warn the user if that person was recently in close proximity to someone  suspected of being infected by Covid-19.

Health secretary Matt Hancock announced the decision at a UK government press briefing on 12 April.

Hancock said the NHS is working in tandem with leading technology companies on the project, the BBC reported. The report indicated Apple and Google as likely partners. Both companies last week announced a joint effort to develop a software building block that makes it easier for others to set up contact-tracing mobile applications.

The plan operates on the idea that people with suspected Coronavirus symptoms will be able to declare their status in the app through a confirmation key.

The central database connected to the app will send a yellow alert to all users who have recently been close to the suspected patient for an extended period of time, said the report. Once a medical test confirms the infection, then a red alert will be sent, suggesting the other users go into self-quarantine.

Covid Symptom Tracker, an app that tracks the symptoms of Covid-19 is currently one of the most popular downloads in the UK.

The success of any of these types of apps rely only on widespread adoption and use, noted Rahim Jina, COO and co-founder of edgescan.

“In western societies, this means that privacy will not only need to be respected but must also need to be the focal point during the design of these apps. Transparency will be key here, and every part of what these apps do, what data they collect and process, from sign-up to daily use to future evolutions of the products, will need to be scrutinised by both data protection bodies and also given assurance by third party organisations,” he said. 

Any suspicion about the technologies or the possible uses of this data will mean people will not be comfortable using the apps and thus reduce their effectiveness, he warned. 

With no app being impenetrable, the security of personal data is a concern, said Jake Moore, cyber-security specialist at ESET.

“As with any account online, you should always think about submitting the least amount of personal data as possible. It is vital to hold onto your own private information as it is becoming the most valuable currency of current times,” he said.

“Cyber-criminals are constantly attempting to poach private information from dormant accounts, so although this may seem like a good idea presently, many people never delete their accounts. making this data easily targeted in future attacks. It is vital to be sure to delete accounts you don’t use anymore.”

If the public accepts this intrusive use of personal data for health reasons in an emergency, would they become desensitised to the UK government using data for crime prevention, to monitor large crowds at events or even to replace the national census – due in 2021, asked Toni Vitale, head of data protection at JMW Solicitors.

"In some parts of the world – including China and Hong Kong – such tracking is already taking place. However, the European Union and the UK are likely to be more cautious with this approach," he said.

The EDPB, which advises the EU Commission on data privacy, insists to maintain anonymity while processing location data.

"Public authorities should first seek to process location data in an anonymous way (ie. processing data aggregated in a way that individuals cannot be re-identified), which could enable generating reports on the concentration of mobile devices at a certain location," said the EDPB statement on the processing of personal data in the context of the COVID-19 outbreak.

“Whilst the EDPB recognises that EEA Member States are entitled to introduce legislative measures to safeguard public security, it points out that if this involves non-anonymised location data then the legislative measure must also put in place adequate scrutiny and safeguards. These could include providing the right to a judicial remedy," explained Vitale.

"It emphasises that governments should always use the least intrusive solutions possible, taking into account the specific purposes of the legislation. Blanket surveillance is unlikely to be compliant with EU laws even when it is for the public good.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews