Yesterday, I had a business lunch. The restaurant asked me to input my data on SocialPass, an app now mandatory in Canton Vaud for restaurants gastrovaud.ch/coordonnees-de…
I get the need for tracking, not the creation of abusive surveillance infrastrutures ignoring data protection👇
The app is extremely invasive. The designers have not heard of Data Minimization. It is unclear why my address, my name, or *my date of birth!* is at all necessary for a tracer to call me (yes, all fields mandatory and phone number checked via SMSa)
The privacy policy does not specify the purpose of the collection of these data (also not heard about purpose limitation) socialpass.ch/protectiondesd…
I have to give it to them that they say they won't use or sell the data... Why even collect it then??????
The data is encrypted. This is good. But where is the key? Who has access under which conditions?
Also.. what data? What is the visitor/visit relation if the visitor data resides on the phone?
They declare only Cantonal doctors can access data (not clear which data) but not under which conditions. Double authorization, cool. Who authorizes what? Is there any oversight or participation from the establishments? Can lists be decrypted without their involvement? Who can?
At the end of the day, encrypted or not, this is a very juicy centralized database of, let's not forget, data that is not necessary for tracing
And you may be thinking... why did you not ask for pen&paper...? We did ask. The waitress said no, it is not allowed! #StarveOrSurveillance is the new normal
And isn't this discrimination? Well, if you have no phone then you can use paper... so actually the new-normal hashtag is #IfWeCanSurveillYouWeWill
(so ironically, discriminates against those with phones by requiring from them different more invasive information)
Incidentally, we just proposed a system that shows that none of this abusive collection and excessive power for the data holder is necessary to enable this tracing github.com/CrowdNotifier/…
If tracing must happen, let's make it such that it doesn't erode our fundamental rights
• • •
Missing some Tweet in this thread? You can try to
force a refresh
As countries deploy data-hungry contact tracing, we worry about what will happen with this data. Together with colleagues from 7 institutions, we designed a system that hides all personal information from the server. Please read and give comments!