Demand NHSX spell out Covid-19 app privacy risks

The Government is trailing mobile “contact tracing” apps to track infections—but has failed to clearly explain how privacy risks will be minimised.

The UK has chosen to do this by building an enormous centralised database that knows who meets whom. Other countries like Germany have chosen to preserve privacy by doing ‘proximity matching’ directly on people’s phones.

In May Open Rights Group (ORG) sent a legal letter to the Government demanding answers. In response, NHSX published a Data Protection Impact Assessment (DPIA).

Too little too late

This DPIA arrived late—after public trials for the app had already begun—and significantly underestimated privacy risks. Threats such as the re-identification of users or the re-use of contact tracing data for other purposes, were merely listed without any discussion of safeguards.

There was also no explanation why users should be denied their rights to access or erase their personal data. These rights are fundamental to trust, especially as data could be used for research by commercial entities.

Deployment of a tool as sensitive as a contact tracing app must happen in consultation with the UK’s data protection authority, the Information Commissioner’s Office (ICO). ORG is pushing for that as well as submitting amendments for a Coronavirus Safeguards Bill. Will you support our work?

Support our work

Join our fight to protect digital privacy

Donate now

The public deserves transparency and it will also help the Government by heading off conspiracy theories. Building public trust is critical to successfully manage a public health crisis like this pandemic.

Become a member

Support ORG


Get involved!


No comments yet