Share this page!

Michael Veale Profile picture
Twitter logo
5 Apr, 10 tweets, 3 min read
Updates announced to England and Wales presence tracing (QR checkin) app functionality. (short thread translating what these things mean) Image
1st point isn't actually a change to the app or regulations. The regulations have always required everyone individually to scan in if they used the app, but allowed a 'lead member' to represent a group of up to six. This would abolish the latter. More: michae.lv/law-of-qr/
Venue history upload is controversial. The DPIA has not yet been updated to show the privacy-preserving method that the press release claims to use. May also make people wary to upload venue data. Cannot analyse without further information.
The third point makes it seem like the gov are moving to automatic testing (not quarantining) alerts for presence tracing or check-in. Less extreme than automatic quarantining (w/o public health sense check of whether the index case was in the venue in a way that posed a risk)
Unclear what the 'New QR Code Posters' means, although this could be because the original app used a proprietary and inefficient encoding (taken from New Zealand's NZ Diary app) which didn't work well from distances or on screens. (see revk.uk/2020/09/how-no… from @TheRealRevK)
Presumably the 'New QR Codes' not about changing the data within the QR code to facilitate a new protocol, else every venue has to reprint. Have to assume they just encode the same data. @TheRealRevK's blog has helpful comparison between what they are and could be with same data ImageImage
The England/Wales QR system made some good design choices from start - but still residual abuse risk, needs oversight of use. The Scotland system 'Check In Scotland' (launched after lockdown so no-one knows it) needs a LOT more scrutiny. Appears to be central database of visits.
(I missed the word manually there – somebody could only represent group of up to 6 if providing their details manually, but those who use the app could not represent others, largely as they wouldn’t be notified about where they were at risk so couldn’t tell their friends)
so weirdly the first point in that new release says there will be a change of law but it only affects people who are signing in manually and puts more of an obligation on them
Anyway all the details and references are in the blog post for that aspect

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Michael Veale

Michael Veale Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mikarv

Michael Veale Profile picture
4 Jan
Want to probe underneath a company, technology or phenomenon drenched in personal data?

In our new OA paper @TechRegJournal, Researching with Data Rights, @Jausl00s & I explain how you might, can & should use GDPR data rights in your research projects. techreg.org/index.php/tech… 1/ Image
We outlines current approaches to accessing enclosed data, and argue that GDPR transparency, access, portability rights can be a powerful bottom-up, adversarial data access tool, if used well. Image
We outline the nature of those transparency provisions for those unfamiliar, and show how they can be used, elaborating on legal, ethical and methodological challenges — a bit like a mini-manual. A lot more could be said — but we hope this helps researchers make a good start.
Read 6 tweets
Michael Veale Profile picture
15 Dec 20
Digital Markets Act Thread
Core to the DMA is the idea of "core platform services" and providers thereof, listed here and defined either within the reg or in previous regs. Big and powerful providers of these are in scope, basically.
The juicy parts of the DMA are Articles 5 and 6. These contain obligations for gatekeepers in relation to core services. Art 6 obligations can be further specified by the EC through implementing acts.
Read 33 tweets
Michael Veale Profile picture
15 Dec 20
Today's Online Harms consultation response is perhaps the first major UK divergence from a big principle of EU law not tied to Brexit directly: it explicitly proposes a measure ignoring the prohibition on requiring intermediaries like platforms to generally monitor content.
the e-Commerce Directive art 15 prohibits member states from requiring internet intermediaries to actively look for illegal content; this is because the awareness would make them liable.
The Online Harms White Paper roughly kept with this, indicating that automatic detection systems were an approach platforms could use, but they would not be required to. Consultation responses (unsurprisingly) agreed.
Read 11 tweets
Michael Veale Profile picture
24 Sep 20
After a long, unnecessary saga, England/Wales launches a decentralised contact tracing app based on the DP-3T work led by @carmelatroncoso, following other regions of the UK.

On privacy and public health grounds, you should download and use it. apps.apple.com/gb/app/nhs-cov…
The original was a triple whammy of hubris: wouldn’t work abroad, wouldn’t work technologically on platforms, centralisation open for abuse and function creep.

This version has much better foundations.

I understand mistrust that may linger — but please do try this new one.
We’ve also learned plenty about platforms. If governments want the citizens to be able to run arbitrary code on mobile devices, making use of all sensors, they’ll need the law to crack open walled gardens. theguardian.com/commentisfree/…
Read 9 tweets
Michael Veale Profile picture
12 Aug 20
I suspect students in England will make a very large number of subject access requests under the GDPR to schools from tomorrow for their teacher-estimated grade as well as rank-order in the class — information which will likely have determined their university entrance. 1/
There is a relevant exemption/delay provision in the Data Protection Act 2018 sch 2 para 25 for exam scripts, but this only pushes the deadline to a minimum of 22 September 2020. The ICO has confirmed this. ico.org.uk/global/data-pr… Image
The only time I can see a plausible ground for this grade to be refused is where the rank order reveals data about others, such as in classes of 2 or 3 (wow). Even then, no presumption against disclosure (see DB v General Medical Council [2018] EWCA Civ 1497).
Read 4 tweets
Michael Veale Profile picture
10 Aug 20
I am so excited this info-filled, beautiful, OA volume is out. Please:

- obtain an actual meatspace copy
- donate & download it in cyberspace (shop.meatspacepress.com/product/data-j…)
- DL for free on meatspacepress.com.

Amazing, timely work by @linnetelwin @empo11on @XGargi @shazjameson
There are dispatches from a huge array of countries... Image
... from a huge array of authors... Image
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mikarv has new unrolls!

Check out other threads from @mikarv!

Read all threads by @mikarv