There is still no evidence that they have done a DPIA. Doing and publishing one would give body to the closing words of this blog: "we will continue to work based on transparent standards of privacy, security and ethics".
Also "We are also taking technical assurance very seriously, with an independent assurance board ensuring that the app we deliver will be stable, resilient, secure, performant, highly usable and above all effective in the fight against COVID-19." - good but
it would be good to tell us more than just "The assurance board includes experts in mobile apps, data governance and clinical safety." Names please. Independence and accountability.
Good: "As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can “look under the bonnet”"
Ambiguous: "We are working with Apple and Google on their welcome support for tracing apps around the world."
Is that using the new privacy-supportive feature to support their centralised service? Or aiming to lend pressure to the France argument with Apple?
Here's why DPIA matters.
"In future releases of the app, people will be able to choose to provide the NHS with extra information about themselves to help us identify hotspots and trends."
You need to have a handle on function creep from the start. This doesn't.
You can follow @EerkeBoiten.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: