NHSX app must meet highest privacy and security standards

A Liberal Democrat press release brings the news…

Responding to the Health Secretary’s announcement that the NHSX app is now being piloted on the Isle of Wight, Acting Leader of the Liberal Democrats Ed Davey said:

We must test, trace and isolate to keep people safe. Mass testing, contact tracing and isolation at the community level for those who test positive is the only safe way out of lockdown.

While technology can help the tracing work, much of it must inevitably be people-based. Apps like NHSX may help but they carry risks, not least in terms of privacy and efficacy.

Many will be understandably concerned and, given the sensitivity of data being recorded, it is imperative the Government ensures that any NHSX app meets the highest security and privacy standards.

The Liberal Democrats demand absolute transparency when it comes to what information is collected, how long it is stored for, and who has access to this data.

When it comes to contact tracing, outsourcing this process to private companies like SERCO fails to capitalise on local knowledge, which will be crucial in tackling future outbreaks at a local level. The Government must do more to harness local public and environmental health expertise to inform the tracing process.

We know contact tracing will only be effective if we are also testing at scale. The Government must be frank with the public about the number of tests conducted each day, and the levels of testing needed to ensure the success of a test, trace, isolate approach.

These concerns are all the more important given what the Health Service Journal reports:

The government’s coronavirus contact tracing app has so far failed the tests needed to be included in the NHS app library, HSJ understands.

The app is being trialled on the Isle of Wight this week, ahead of a national rollout later this month. Senior NHS sources told HSJ it had thus far failed all of the tests required for inclusion in the app library, including cyber security, performance and clinical safety.

There are also concerns at high levels about how users’ privacy will be protected once they log that they have coronavirus symptoms, and become “traceable”, and how this information will be used.

I’ll be talking about the civil liberties implications of coronavirus apps such as this one with the Open Rights Group‘s Jim Killock in the next episode of Never Mind The Bar Charts. Sign up here to get an email notification when it comes out.

3 responses to “NHSX app must meet highest privacy and security standards”

  1. I have the usual privacy concerns if data is stored and processed centrally. I might concede my reservations if UK gov explains the limits to how my data might be used or by whom. Maybe an escrow authority should be established? Period for data retention? I think that long term data might be useful to epidemiologists but I am not aware of methodology of handling identified Covid-19 sufferers without de-anonymising them in some way.

  2. I have no faith that this data will be secure, or that the intelligence services won’t use it to further encroach on our lives. There have been numerous incidents over the years of data held by the Government getting into public hands. And if we learned anything from Edward Snowden it is just how far the intelligence services are prepared to go to spy on British Citizens. Many other countries around the world are using the decentralised tracing app that Apple and Google have collaborated on. So why does our Government feel that a centralised database/tracing app is needed? Until this has been explained to my satisfaction I will not even consider using the app.

  3. An anonymous ID and what anonymous IDs you were near is -barely- personal data; for me the biggest concern about the centralised approach is if it reduces uptake too much rather than the actual privacy concerns. If you’d rather not share that info to be notified when you might be contagious, that’s your choice and I support your right to make it, but personally I will be making the informed choice to use the app, and accept the minor trade off. I do appreciate if you get symptoms you are /asked/ for more personal details, but at that point I’d assume you would be happy to hand over the same information to a contact tracer on the phone anyway.

    There are legitimate concerns for sure, and it’s right to put pressure and ask questions to make sure the most appropriate privacy policies are in place, and get clear answers for the worries people understandably have about something of this nature (note that they have said what the benefits to a centralised approach is), but the actual data collected and what it’s for is far more reasonable than most services the vast majority happily trade their data away for; if you’re someone who is always very careful with their data then fair enough I suppose but my concern is large numbers of people hearing or seeing the app in headlines about privacy, not digging deeper and avoiding it on the basis of a headline alone… Then the next day mashing yes when a random website asks for their location and ships that data off to a shady ad network without a second thought.

Leave a Reply

Your email address will not be published.

All comments and data you submit with them will be handled in line with the privacy and moderation policies.