« Post COVID-19; what the Trump administration is thinking? | Main | Schrems II takeaways: Accountability IN: Privacy Shield OUT; UK’s adequacy determination AT RISK »

05/05/2020

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

In addition to the data protection aspects, as usual well explored by Chris, the potential for abuse is huge.

Given that the users will self-diagnose, a desire to remain off work or school could induce someone to report falsely that they are symptomatic. This would spread quickly and exponentially. It could be engineered to extend absence by 14 day intervals through repeated "exposure" (a challenge shared by the Apple/Google API).

"Genuine" false positives could abound, data could be exchanged between adjacent flat-dwellers; imagine two back-to-back bedrooms where the occupants sleep with their phones on their bedside tables a foot or two apart.

And there's a big question over its adoption, only some 20% of Singapore's residents downloaded that country's app.

Then there is the issue of incompatibility and the potential for the app not to be acceptable to other countries.

A typical f**k-up by HMG/PHE/NHSX/whoever, familiar to me from my days in 1991 as Technical Architect for Security on the NHS-Wide Networking programme (abandoned a few years ago after effectively wasting £10b). [You will remember those days, Chris.]

[Keep well; keep sane; and keep up the good work.]

How would a SAR work in the context that the Controllers for the app have no means to identify you and in order to satisfy the SAR you’d have to provide the information to identify you?

Excellent analysis from Chris (no less that we would expect from him), it certainly reflects very clearly the concerns that the privacy community will have considered, but supports our reservations with clear legal argument. The risk of associated mis-use and of greater concern; purpose creep eating away at civil liberty is one we should all be very cognisant of.
Thank you Chris

The comments to this entry are closed.

All materials on this website are the copyright of Amberhawk Training Limited, except where otherwise stated. If you want to use the information on the blog, all we ask is that you do so in an attributable manner.