The need of the time is to develop a contact tracing app which broadcasts if someone near you is a victim of the coronavirus disease. While such apps are being developed and deployed locally by multiple countries, it raises serious concerns regarding user privacy.
What is Contact Tracing?
Contact tracing is a vital part of the global strategy to limit local spread. While battling the coronavirus disease, time is of imminent importance. The faster the contact tracing process is initiated, the sooner it can identify the people that are at risk. At the same time, quicker health officials will be able to intervene and impose quarantines if necessary, and limit the spread of the disease locally.
It is these local measures that need to be taken place to ensure the spread is contained and that the pandemic is no longer maintaining its fatal status. The process of contact tracing starts with recall – where you will have to remember who you were sitting next to, who you interacted with. This information helps health officials map a better picture of who is at risk.
Stance of Governments
Governments around the globe have the same objective – follow the precise guidelines given by the WHO and introduce necessary measures to curb the spread of COVID-19. As such, the contact tracing app developed by countries like Singapore, Australia, and others has been widely criticized by not only opponents in the government but security experts as well.
The privacy settings of any such app require thorough scrutiny, with several in the local and international community doubtful about the collection of their personal information by the government. While the government argues to keep the data anonymous and delete it once the pandemic is over, it’s unclear whether it will come to that point and worse – data getting hacked by malicious actors.
The Law Council of Australia believes that:
‘Both our health and our privacy can be protected if we are careful, and there must be a balance between legitimate efforts to protect public health and individuals’ right to privacy.
If privacy protections are built-in in the app, it will provide the public with greater confidence. There must also be strict limits on what kind of data can be collected and the uses to which it can be put, and there must be clear limits about how long data can be kept and when it must be deleted. It must also be made clear how the collection of data be limited to ensure that only the required or necessary data points to address COVID-19 are being collected.’
With any new app that is developed by an unreputed developer, there’s an element of uncertainty. With the pandemic in full swing, there’s a race to limit the privacy concerns that might result from contact tracing applications. Pat Walshe, a privacy specialist, has advised against installing apps that are not transparent on how they use or store user data.
During this time of ambiguity, websites and apps will be rushing towards maximum downloads and traffic by claiming to be the best ones for coronavirus related information and tracking. Keep in mind that these applications will be using your location and Bluetooth sharing capability to track others around you.
This is an ideal time for hackers to hack into the source code of such apps and amass user data. In an event where that does take place, users can have their sensitive information compromised like their location, name, device name, and potentially other data.
Pat Walshe further added:
“I’ve found it difficult or impossible to determine who is behind a number of them. They do not adopt appropriate standards of compliance with data protection law, and I see dubious ethics. Could an app help? Yes, possibly. But I think we need the NHS to coordinate it to provide confidence, trust, and protection.”
Websites and apps that are acting as COVID symptom trackers are mainly collecting user data and claiming that the data is protected under GDPR. The argument is that the data will only be used for medical science and to help health officials.
The privacy notice goes further to list the institutions it shares data with, such as KCL, Guys & St Thomas’ Hospitals, the NHS, Harvard University, Stanford, Massachusetts General Hospital, Tufts, Berkeley, Nottingham, University of Trento, and Lundt University.