Read on Twitter
Some thoughts on the functions and design choices of this app, in the light of the European Data Protection Board’s guidelines for how they should be done (Short thread) https://twitter.com/adrianweckler/status/1280247575963197441
App says it is used for 3 things. As we’ll see later, it is actually used for four. But the EDPB says that it should only be used for one thing.
The HSE decided to rely on Consent as the legal basis for processing.
I’m not really happy with this choice. Recital 53 suggests we ideally pass a specific law to allow for health data to be processed, with built in safeguards.
And public bodies shouldn’t rely on consent
I’m not really happy with this choice. Recital 53 suggests we ideally pass a specific law to allow for health data to be processed, with built in safeguards.
And public bodies shouldn’t rely on consent
This metric collection is the Fourth purpose not mentioned on the opening splash page.
These stats are sent to the CSO. They are, well, extensive.
And remember, the only bit of data removed seems to be the IP address. I’m unconvinced this is sufficient to say it’s fully anon.
These stats are sent to the CSO. They are, well, extensive.
And remember, the only bit of data removed seems to be the IP address. I’m unconvinced this is sufficient to say it’s fully anon.
Here’s Appendix D of the DPIA for this app, which is available on GitHub (an excellent piece of transparency)
It sets out all the metrics which are sent, every day in the background, to the HSE from each user.
It sets out all the metrics which are sent, every day in the background, to the HSE from each user.
Note Numbers 6 and 7- the app promises that the user has the choice whether or not to alert the HSE when they receive a notification from the app.
But in fact that data- stripped of IP address only?- is actually sent without the user’s knowledge to the HSE daily anyway.
But in fact that data- stripped of IP address only?- is actually sent without the user’s knowledge to the HSE daily anyway.
I’d have concerns about that one.
I think this app has been the product of a model- and I say that really clearly- a model, good faith effort by the state to deliver a trustworthy app.
This seems like an error.
I think this app has been the product of a model- and I say that really clearly- a model, good faith effort by the state to deliver a trustworthy app.
This seems like an error.
The HSE’s own DPIA recognises the particular risk of re-identification via the app data that this could pose to people’s rights.
The EDPB is very clear on how unwise and undesirable it would be for location to be tracked in relation to a Covid tracing App by “any means”.
So it is surprising to see that the App collects and transmits some location data.
This data seems of low utility, being associated only with the self reported “how are you feeling today” section.
This data seems of low utility, being associated only with the self reported “how are you feeling today” section.
This self-reported Check-In system seems like the weakest purpose in the app.
It invites people to self assess their symptoms and record them.
Given my lack of medical training, I’m not sure how valuable my self assessment is to anyone.
It invites people to self assess their symptoms and record them.
Given my lack of medical training, I’m not sure how valuable my self assessment is to anyone.
It will take a medical Data expert to tell you whether this snuffle-o-meter is of significant use.
The relevant appendix in the DPIA simply says that the CSO processes it so “Anonymised micro-data will be presented on an internal-facing dashboard with geo-spatial mapping...”
The relevant appendix in the DPIA simply says that the CSO processes it so “Anonymised micro-data will be presented on an internal-facing dashboard with geo-spatial mapping...”
Which, again, feel very “location” to me.
For a much more expansive assessment of the Covid App and its supporting documentation, see the ICCL and DRI joint Report Card. (They gave it a C+) https://www.iccl.ie/2020/experts-issue-pre-release-report-card-on-the-hse-covid-19-tracker-app/
And, more in the light of the strictures from the EDPB that absolutely no location data should be used in a Covid tracing app.
Won’t work on Android without location services?
https://twitter.com/ciananbrennan/status/1280271503548911617?s=21 https://twitter.com/ciananbrennan/status/1280271503548911617
Won’t work on Android without location services?
https://twitter.com/ciananbrennan/status/1280271503548911617?s=21 https://twitter.com/ciananbrennan/status/1280271503548911617
But for what it’s worth, I think all of the issues I’ve identified are fixable with updates and unbundling.
And the very constructive approach the HSE’s taken to date suggests that they are willing to fix things and get this app right.
And the very constructive approach the HSE’s taken to date suggests that they are willing to fix things and get this app right.
The real question about this app- like them all- is whether the laws of physics allow Bluetooth antenna to accurately determine proximity +/- 2 meters for a set period of time.
Research Work from TCD’s Computer Science Dept increasingly suggests the answer is No.
Research Work from TCD’s Computer Science Dept increasingly suggests the answer is No.
Which is presumably why the governance oversight committee has the power to decide to self-destruct it if it isn’t working or is both necessecary and proportionate after 90 days.
If you asked me if you should install this app, I’d say that I’d like to see V1.1 in place before that.
But I do want it to work, so I’m torn.
However I can say, without equivocation, that if you want to really pull together & play your part (like most people) - wear a mask.
But I do want it to work, so I’m torn.
However I can say, without equivocation, that if you want to really pull together & play your part (like most people) - wear a mask.
Wearing a face mask, unlike Covid tracing apps, are scientifically backed to work to reduce infection rates.
“Face mask use could result in a large reduction in risk of infection” from this WHO-backed study in the Lancet. https://www.thelancet.com/journals/lancet/article/PIIS0140-6736(20)31142-9/fulltext
“Face mask use could result in a large reduction in risk of infection” from this WHO-backed study in the Lancet. https://www.thelancet.com/journals/lancet/article/PIIS0140-6736(20)31142-9/fulltext
Anyway, that’s what I think at the moment.
