Matt Hancock has announced the UK is building its own symptom and contact tracing app https://www.bbc.co.uk/news/technology-52263244. Promised privacy safeguards are essential not just for individual rights but also for uptake (c 60% of population hoped for) and data quality - 1/n
To support this initiative we've drafted a model statute https://osf.io/preprints/lawarxiv/yc6xu/ for discussion about basic safeguards re data collection, repurposing, and discrimination. It applies scrutiny drawn from human rights based on transparency, legitimacy and proportionality. 2/n
As starting point , no one shall be sanctioned for failing to own or carry a smartphone, have it turned on, have Bluetooth enabled, etc. Penalising digital exclusion or disempowerment is never helpful. 3/n
There is an obvious danger that those who do not wish to install contact tracing apps may be compelled to do so by threat of exclusion from eg public space, employment or public services. If this is ever to be justifiable, it must be very tightly controlled 4/n
We propose a test drawn from human rights where any such compulsion must be public, legitimate, necessary and proportionate to the public goal of defeating coronavirus. Accuracy of data gathered is also a relevant consideration. 5/n
The second clear danger is that data gathered to defeat corona may be re-purposed, shared with the private sector, and retained indefinitely. These dangers are especial where data is flawed eg gathered via self reporting rather than testing 6/n
Data protection is an insufficient safeguard here. We propose that sharing data for any purpose beyond defeating corona require (a) consent and (b) legitimacy, necessity and proportionality to public goal. Data must be deleted/ anonymised as soon as possible or after 6 mos. 7/n
Finally it must be possible and easy for people to assert these rights. While the ICO will clearly have a role, we propose a new Coronavirus Safeguarding Commissioner to act as watchdog and complaints tribunal. 8/n
This proposal does not stand alone. It is a suggestion for "legal code" to add to the privacy protective "computer code" being developed by projects like #DP3T . It attempts to widen what is becoming a hermetically techno-solutionist debate. 9/n
Comments are very very welcome. The lead author is @lilianedwards with help from @mikarv, @lynskeyo @carlykind_ and @rachelcoldicutt . 10/10