Covid apps raise issues over personal data - Laura Irvine

More than one million people in Scotland have now downloaded Test and Protect while earlier this month UK Health Minister Matt Hancock reported 12.5 million devices had downloaded Track and Trace in England and Wales. While these adoption figures are much higher compared with many other parts of Europe (France has a Covid app adoption rate of just four per cent), they highlight the high level of reluctance amongst the wider public in sharing personal data on government channels.

Balancing an invasion of privacy against the need to tackle a global pandemic should have been straightforward, but it clearly hasn’t been. Part of the reason behind this may be the erosion of trust that individuals have in public authority decision makers at present. Opinion polls show support for the UK Government’s handling of the Covid-19 crisis has dropped from 65 per cent in the early stages of the pandemic to a current approval rating of just 30 per cent

Given this fall in confidence, it’s not surprising to see a reticence from some quarters of the population in providing the same public authorities with personal information, even if it’s aimed at protecting their health and wellbeing.

Part of these concerns stem from the tracking app initially proposed for England and Wales as it was storing the data centrally, collecting a high level of it, including location data, and retaining it for longer than required for tracing purposes. These apprehensions were expressed even before the technical limitations of the apps became an issue with many individuals saying they’d prefer to share their data with Google rather than the government.

The tech giants, had proposed an initial model for the app, claiming its approach would provide more privacy for users, limiting the ability of either the authorities or a hacker to use server logs to track specific individuals and identify their social interactions. However, NHSX, the body responsible for National Health Service technology, digital and data, declined this and opted for a centralised system which it believed would provide greater insight into the spread of Covid-19 and help them evolve the app accordingly.

There were significantly fewer data privacy concerns raised about Scotland’s Test and Protect app before its launch. This app, which stores data centrally, asks for no additional data and has one function: to alert you if you have been in touch with someone diagnosed with the virus.

As a data protection practitioner, observing the reaction that individuals had to the use of personal data during the pandemic has been extremely valuable. Many of the considerations that have emerged can and should be applied to the wider use of personal data by all organisations across all sectors.

The issues that have been raised preceding and following the launch of Covid-19 tracing apps and reluctance of some people to adopt them demonstrates how individuals are much more acutely aware of their right to privacy and to exercise their rights over how their personal data is used.

All organisations can expect further challenges from individuals regarding the use of their personal data. Public trust can only be built by those which understand their obligations to proactively identify risks and minimise the likelihood of potential misuse. Understanding where your data is, ensuring that it is being used lawfully and fairly and communicating that to your clients and customers is imperative. All organisations must be able to respond clearly to data-related queries to ensure that clients, customers and stakeholders trust them and want to work with them.

Laura Irvine is a Partner and data protection specialist, Davidson Chalmers Stewart LLP