Here's the @NHSX app - blog by @matthewsgould and project lead @GeraintLewis. https://www.nhsx.nhs.uk/blogs/digital-contact-tracing-protecting-nhs-and-saving-lives/
Message 1: "you can choose to allow the app to inform the NHS which, subject to sophisticated risk analysis, will trigger an anonymous alert to...other app users" -> centralised.
Message 1: "you can choose to allow the app to inform the NHS which, subject to sophisticated risk analysis, will trigger an anonymous alert to...other app users" -> centralised.
They have consulted with @ICOnews (blog https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/04/combatting-covid-19-through-data-some-considerations-for-privacy/), the @NDGoffice panel, @CDEIUK, and a forum through @Patient_Data (see https://understandingpatientdata.org.uk/news/easier-said-done-challenge-transparency-during-covid-19 @natalie_banner blog), and there's an ethics board headed by @prof_JonMont.
There is still no evidence that they have done a DPIA. Doing and publishing one would give body to the closing words of this blog: "we will continue to work based on transparent standards of privacy, security and ethics".
Also "We are also taking technical assurance very seriously, with an independent assurance board ensuring that the app we deliver will be stable, resilient, secure, performant, highly usable and above all effective in the fight against COVID-19." - good but
it would be good to tell us more than just "The assurance board includes experts in mobile apps, data governance and clinical safety." Names please. Independence and accountability.
Unfortunate phrasing at best:
"Just as the NHS strives at all times to keep your health records confidential, so it will keep the app data secure."
Security is only a small fraction of worries about data protection and wider data sharing issues in NHS https://www.theguardian.com/commentisfree/2020/feb/16/our-personal-health-history-is-too-valuable-to-be-harvested-by-tech-giants
"Just as the NHS strives at all times to keep your health records confidential, so it will keep the app data secure."
Security is only a small fraction of worries about data protection and wider data sharing issues in NHS https://www.theguardian.com/commentisfree/2020/feb/16/our-personal-health-history-is-too-valuable-to-be-harvested-by-tech-giants
Good: "As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can “look under the bonnet”"
Ambiguous: "We are working with Apple and Google on their welcome support for tracing apps around the world."
Is that using the new privacy-supportive feature to support their centralised service? Or aiming to lend pressure to the France argument with Apple?
Is that using the new privacy-supportive feature to support their centralised service? Or aiming to lend pressure to the France argument with Apple?
Here's why DPIA matters.
"In future releases of the app, people will be able to choose to provide the NHS with extra information about themselves to help us identify hotspots and trends."
You need to have a handle on function creep from the start. This doesn't.
"In future releases of the app, people will be able to choose to provide the NHS with extra information about themselves to help us identify hotspots and trends."
You need to have a handle on function creep from the start. This doesn't.