NHS develops second contact-tracing app as privacy concerns mount

Discussions with Big Tech become more productive after "serious legal flaws" are uncovered

The UK is reportedly developing a decentralised contract-tracing app powered by Google and Apple’s technology despite dismissing this idea just weeks ago, all while pursuing the rollout of its own centralised version.

Development is underway on the project after the first app, which is being trialled on the Isle of Wight, receiving a slew of negative feedback, according to the Financial Times (FT). NHSX, however, denies planning any kind of transition.

This is in addition to mounting data protection concerns based on experts’ assessments of the data protection impact assessment (DPIA) conducted on the software, on top of security fears. The pilot version of the app reportedly failed cyber security tests last week, for instance.

The government had initially entertained the idea of using a Google and Apple-developed API to build a contact tracing app to control the spread of coronavirus as lockdown measures are lifted in the coming weeks. 

This software would register contacts between individuals in a decentralised manner, however, with users only being alerted when a contact may be experiencing symptoms from the virus. This goes against the wishes of the UK government as such a system wouldn’t allow for a central database and a granular view on where contacts are being made. 

The tradeoff, however, as feared, has come in the form of functionality, with many individuals reporting compatibility issues with iOS, as well as implications for battery life on devices. Initial concerns were based on the fact it would take longer to develop software with critical features to its functionality, such as the app working in the background.

Discussions with Apple and Google weren't fruitful and the UK decided to pursue its own version of the app that structured and collected personal data in a centralised manner.

The NHSX also released a DPIA for the app being trialled, with digital rights and regulation lecturer UCL Michael Veale breaking down “significant legal flaws” from his perspective in a piece of written analysis.

One major concern is whether the app preserves user anonymity, with Veale suggesting that legally misleading and contradictory statements confuse any assurances offered. 

Related Resource

How to overcome the barriers to personalisation

Leap over every obstacle and jump ahead of your competitors in the process

Download now

“The data in the NHSX app is ‘capable’ of revealing an individual’s identity,” Veale wrote. “Whether NHSX intends to do this is not a relevant question from a legal standpoint, the question is whether it reasonably could. 

Moreover, the document consistently misuses the terms ‘anonymous’ and ‘anonymity’, and primarily processes pseudonymous, not anonymous, personal data. Users are also deprived of data protection rights.

The Information Commissioner’s Office (ICO) has confirmed it’s examining the DPIA for the NHSX’s pilot contact tracing app and will feedback shortly. NHSX has disputed suggestions that its app is unlawful.

Amid concerns over functionality and lawfulness, one person involved with the decision to build a second app suggested talks with Apple and Google had intensified over the previous few days, according to the FT. In particular, there had been a sharp change of direction in the tone of the discussions from week to week, with more “cordial and constructive” talks “exploring how we might change course”. 

The UK’s decision to create its own centralised contact-tracing app flies in the face of the overwhelming consensus from across the world, with a series of nations abandoning such ideas to instead adopt the Apple and Google API. 

There have also been concerns that apps developed across haven’t been downloaded by enough people to render them effective. The uptake of a custom-built app in Singapore, for example, stands at roughly 25%, as opposed to an uptake of 75% required, according to Singaporean press. As a result, there are suggestions the app may be integrated into existing apps that are far more widespread across the population.

IT Pro approached NHSX for the latest information on the status of its contact tracing app and sought confirmation over whether it’s working on an alternative.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
How LSE is using digital technology to shape the future of higher education
digital transformation

How LSE is using digital technology to shape the future of higher education

15 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
Smart devices more than doubled in US homes amid COVID pandemic
Mobile Phones

Smart devices more than doubled in US homes amid COVID pandemic

9 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021