A parliamentary committee has called for a number of privacy and civil rights safeguards before the full deployment of the Covid-19 contact tracing app.
It adds to the voices warning of the threat to privacy and sets out a number of steps to ensure strong protections are in place.
The committee says that the app should not be released until Parliament passes primary legislation to guarantee protections for any data gathering, and an independent body is set up to oversee its use. This would involve a digital contact tracing human rights commissioner being able to deal with complaints from the public and report to Parliament.
In addition, the health secretary should undertake a review every 21 days of the app’s efficacy, as well as the safety of the data collected and how privacy is being protected.
Along with this the Government should be transparent at all times about how the app and the data is being used, and it should be made clear whether the intended benefits are being realised.
Lack of reassurance
In a statement accompanying the report, the committee said it has not been reassured that current release plans for the app sufficiently protect privacy and human rights. It also expressed concern that there has not yet been sufficient parliamentary scrutiny in line with previous extensions of state powers of surveillance and data protection.
This followed a hearing on Monday when it took evidence from Elizabeth Denham, the information commissioner, and Matthew Gould, chief executive of NHSX, the body in the Department of Health and Social Care that has led on the development of the app.
The report expresses concerns with the current approach taken by NHSX in its plans for the app. It says there is a lack of evidence that it would be an effective tool in combatting the virus, and there are dangers of mission creep in the collection of data. Plans to upgrade the app could lead to an incremental change in systems that could undermine privacy protections.
There are also concerns that Gould’s statement that “the data will only ever be used for NHS care, management, evaluation and research” it too broad and unclear, which may lead to it being used for purposes beyond fighting the spread of the virus.
These fears have been heightened by an indication that data would be held for research purposes. The report says that, even though it would be anonymised, the inclusion of the user’s postcode would provide the potential for it to be “deconstructed”.
Chair of the committee Harriet Harman MP (pictured) said: “Assurances from ministers about privacy are not enough. The Government has given assurances about protection of privacy so they should have no objection to those assurances being enshrined in law.
“The contact tracing app involves unprecedented data gathering. There must be robust legal protection for individuals about what that data will be used for, who will have access to it and how it will be safeguarded from hacking.
“Parliament was able quickly to agree to give the Government sweeping powers. It is perfectly possible for parliament to do the same for legislation to protect privacy.”
Image from Twitter