Former UK Labour deputy leader wants to know how the NHS's contact-tracing app will ensure user privacy

This is the Apple-Google API one, not the 'world-beating' one

Harriet Harman MP, chair of Britain's Commons Human Rights Committee, has written to UK health secretary Matt Hancock seeking clarity on privacy aspects of the government's latest coronavirus contact-tracing app.

In her letter, Harman acknowledges that although the switch from a centralised data store model to a decentralised one, based on the contact-tracing tech advanced by Google and Apple, addresses some of the ongoing privacy concerns, other details remain unclear.

"It is still crucial that people in the UK should be able to feel reassured that their data protection, privacy, and non-discrimination rights are protected in any contact tracing system," she wrote.

Brits were told in April by Hancock and Prime Minister Boris Johnson that the NHS's IT wing, NHSX, was working with tech providers to produce a homegrown "world beating app", that would send data to a central repository. The Reg, back in May, was vocal in explaining why this was unwise.

Last week, the department finally admitted that it was scrapping those initial plans because the software developed didn't work as they'd hoped.

Harman's line of questioning touches on many points pertaining to the acquisition and retention of data, and quizzes Hancock on essential operational details, including how the app will handle data it isn't authorised to collect, as well as ensuring it doesn't discriminate against certain demographics.

The cross-party Human Rights Commission has been unequivocal in its insistence that any contact-tracing framework should be operated in a way that protects the public's right to privacy. While Harman hasn't advocated for any particular technological approach to the problem, she has nonetheless described existing data privacy as insufficient for the scope of a nationwide contact-tracing app.

"We don't want the system to rely on the individual integrity of any minister, or any ministerial team, or any government. That's not the way to protect rights. The way to have protections is through law," Harman said in a May interview with The Reg.

The former deputy Labour leader has also called for the implementation of a contact-tracing tsar, which would be responsible for the governance of any eventual app, and would field complaints from the public.

The letter coincides with the release of research from identity management firm Okta showing widespread public scepticism that data collected from the UK's contact-tracing app would be used solely for the stated purposes.

The survey, which encompassed 2,218 UK consumers, showed an overwhelming majority – 84 per cent – believe their contact-tracing data will be used for reasons other than stopping the spread of COVID-19. ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021