Apple and Google's Covid-19 collaboration given the tentative thumbs up by ICO

You know the world has turned upside down because you didn't read the title wrong, Apple and Google are collaborating to help find technical solutions to combat Covid-19.  On 10 April, Apple and Google announced that they are working together on application programming interfaces (APIs) that would facilitate the communication between iOS and Android devices.  In short, the two tech giants are working together to facilitate the use of 'contact tracing applications' by governments and public health authorities.  

How does it work?

A contact tracing app is believed to be a way to manage social distancing and facilitate the relaxing of lockdown laws.  Based on the current proposal, your phone will send out a Bluetooth 'beacon' to identify other phones in the immediate vicinity and record all other beacon keys you come in contact with over a period of time.  Other people's beacon keys are stored on your phone.  If you were to test positive for Covid-19, and if you consent, all beacon keys you have come into contact with in the last 14 days will be uploaded from your phone to the server.  The server would then alert the people with those beacon keys that they have recently been in contact with someone who has tested positive for coronavirus and provide advice on how to proceed.  For a simple explanation of how the app will work, see here.

Contact tracing is a proposed solution to assist the relaxation of lockdown laws with targeted isolation only for individuals who have come in contact with someone who has tested positive.  The Italian Prime Minister today has suggested a contact tracing app is an 'essential tool' to help governments lift lockdown, although they would remain voluntary.

What about privacy and data protection? 

The Information Commissioner has released a statement that the current app development is aligned with the principles of data protection by design and by default.  The current proposal takes into account privacy principles of data minimisation, security, transparency and fairness of processing.  This opinion is based on the current proposal where the app would not collect personally identifiable information, explicit consent is required, people who test positive are not identified to other users and the purpose of use is restricted to contact tracing by public health authorities for the management of Covid-19.

However, the ICO does warn of 'scope creep' and the potential for this technology to be misused as it develops.  For example, what if developers use the API's to create an app which stores other information from users phone or uses the information for any purpose beyond managing the spread of Covid-19. 

As the ICO has stated, data protection shouldn't hinder the use of new innovative technologies.  Data protection laws should make uses feel safe taking up new technologies with the comfort that there personal data is protected.  In unprecedented times it is vital to utilise necessary technology where it can save lives.  However, it is also important those advancements do not come at the expense of our other fundamental human rights.