Coronavirus contact-tracing app is key to pandemic exit strategy, but privacy fears abound – Martyn McLaughlin

If many of the consequences have been unavoidable, others are less so, and can at the very least be mitigated as the long and arduous task of stemming the spread of the virus continues.

One of the silver linings in the crisis is the fact it has struck at a time when technology has made it easier than ever before to keep in touch with loved ones and work as normally as possible.

Yet the application of ubiquitous consumer technology can – and should – go further, by playing a key part of the fledgling exit strategy designed to return life to normal.

We are still learning about the virus, and despite global collaborative efforts to create a vaccine, the wait could go on until next autumn, if not longer. In the interim, contact tracing protocols will be of paramount importance, especially as and when strict lockdown measures are eased.

There is a need to embrace innovation and wield the technology at our disposal to disrupt the transmission of the virus, and smartphones will be a vital tool in that tracing effort.

The way it works is deceptively simple: mobile phones log locations, and whenever someone tests positive for Covid-19, details of their recent movements can be shared with health officials, as well as those who were in close contact, notifying them of the need to self-isolate.

App development at advanced stage

The devil, as always, is in the detail, and as the UK rollout of such a contact tracing app nears, it is timely to ask whether we might be sleepwalking into something altogether more sinister. Even before the pandemic struck, the way big tech has been able to amass an unprecedented level of data about our lives was one of the defining issues of our times.

The prospect of a new app, albeit one set up to protect the public’s health, lends it a greater urgency.

As things stand, we do not know enough about the UK’s tracing app to be in a position to properly scrutinise it. Matt Hanock, the health minister, has said little about the initiative, but it is understood NHSX - the health service’s digital innovation unit - has started to test a pre-release version of the software with families at a secure location in the north of England.

This suggests work is at an advanced stage, yet we remain oblivious to some key details about its creation and operation, in particular how the data will be collated, who it will be shared with, and for how long it will be stored.Other countries around the world have been wrestling with these issues, and there is no uniform global solution. Much of it depends on a nation’s political culture, and the relationship between its people and its government.

Data protection fears

South Korea has been held up as the exemplar of the so-called ‘track and trace’ approach, but its system utilised data taken from CCTV footage and credit card transactions in order to recreate the movements of people confirmed to have Covid-19.

Such a pervasive approach would be unconscionable across the majority of the western world, regardless of its proven success.

Instead, general safeguards are emerging to ensure that privacy rights are upheld. The European Commission, mindful of data protection fears, has published guidance on the roll-out of any such tracing apps, noting that existing safeguards such as the General Data Protection Regulation and the ePrivacy directive remain in play. But it goes even further, advising member states that apps must meet a series of prerequisites. They include ensuring that proximity data is stored on an individual’s device, and that the software should adhere to the principle of “data minimisation”, meaning that only personal data that is relevant and limited to the purpose of contact tracing should be processed.

Crucially, the guidance states that location data is not necessary, and any information gathered should only be stored for a finite period of time.

Given the haste with which they were drawn up, the guidelines make for a fairly robust and considered bulwark. The worry, at least as far as the UK is concerned, is that any apps deployed here need only abide by these guidelines until the end of the Brexit transition period in December.

De-anonymised data?

In light of the unprecedented disruption wrought by coronavirus, it seems unconscionable that this deadline can be met, especially given the Herculean task of striking a comprehensive free trade agreement with the EU.

But do not bet against Boris Johnson’s government continuing to stubbornly insist that December’s cut-off represents a red line. Downing Street has already explicitly rejected the International Monetary Fund’s calls to pursue an extension, and there fundamentalist Brexiteers who insist the break with the EU will allow the UK to begin rebuilding by seeking favourable trade deals with the likes of the US.

The dire economic consequences of this course of action cannot be understated, but so too it would finally allow Britain to ignore a raft of rules, directives, and legislation, including those relating to privacy and contact tracing apps.

The consequences of this could be far-reaching, and now is the time to ask the UK government to lift the bonnet on its tracing app so we can inspect its nuts and bolts.

Will it release the source code, for example, and what oversight role – if any – has the National Cyber Security Centre played? Can the government guarantee that the data of individual movements will not be de-anonymised, even if the political clamour to do so reaches fever pitch?

These are questions which will not just inform how the UK responds to the coronavirus in the months – maybe even years – ahead. They will shape our post-pandemic life, and it is crucial they are answered.

A message from the Editor:Thank you for reading this story on our website. While I have your attention, I also have an important request to make of you.With the coronavirus lockdown having a major impact on many of our advertisers - and consequently the revenue we receive - we are more reliant than ever on you taking out a digital subscription.Subscribe to scotsman.com and enjoy unlimited access to Scottish news and information online and on our app. With a digital subscription, you can read more than 5 articles, see fewer ads, enjoy faster load times, and get access to exclusive newsletters and content. Visit https://www.scotsman.com/subscriptions now to sign up.Our journalism costs money and we rely on advertising, print and digital revenues to help to support them. By supporting us, we are able to support you in providing trusted, fact-checked content for this website.

Frank O'Donnell

Editorial Director