A tonne of information is now out there for @NHSX App, released without fanfare.
Key documents include a FAQ (with some errors) and the Data Protection Impact Assessment.
faq.covid19.nhs.uk
In the FAQ, a link to the DPIA
faq.covid19.nhs.uk/article/KA-010…
#TrackingApp
Key documents include a FAQ (with some errors) and the Data Protection Impact Assessment.
faq.covid19.nhs.uk
In the FAQ, a link to the DPIA
faq.covid19.nhs.uk/article/KA-010…
#TrackingApp
France probably centralised but undecided; Italy maybe undecided but announcements say they are decentralised; Singapore, Australia have said they are moving to decentralised. Only Norway is centralised and apparently staying so (albeit their app doesn't work very well).
On the DPIA, a few quick things (others like @mikarv will have better points to make):
The government admits it is processing personal data, which is pseudonymous (and therefore capable of being reidentified easily). Rather different to what @matthancock said.
The government admits it is processing personal data, which is pseudonymous (and therefore capable of being reidentified easily). Rather different to what @matthancock said.
This is a start, I guess. “public trust and confidence in the App is paramount to its success. transparency … is key to engendering that trust and confidence”
Unclear retention conditions; admission that data could be extracted and disclosed.
This was contradicted by @privacyinternational and @benlaurie, both of whom found trackers in the App (maybe the Git codebase rather than public release?)
Who is doing this aggregation and analytics? Palantir have contracts around that. Clarity over the processors and what they are doing exactly will be needed.
Here’s a description of various IDs that link your identity to the device (p6)
There’s information about the purposes you would expect the App to do
And more things you’d expect (p7)
And then things you wouldn’t necessarily expect (but Matthew Gould has said they will do).
Note: research using 'deidentified' data.
Note: research using 'deidentified' data.
Some more here on the process of data matching to produce the results
The “screening questions” part near the end looks the most interesting. At a quick glance some of the answers look wrong or incomplete, or underplay some of the issues quite a lot.
I am sure @mikarv @PrivacyMatters and others will be …
I am sure @mikarv @PrivacyMatters and others will be …
Some of it is a bit glib. Are we sure there is no systematic monitoring of an area on a large scale?
Are we sure that someone’s personal data will never be processed without their knowledge?
Is sharing phones a thing?
Is sharing phones a thing?
Do we really think that, if lost, this data could never be linked back to real identities? Should we spell that consequence out a bit better?
