Parliamentary committee calls for additional privacy for NHS tracing app
MPs and peers express concerns over ‘unprecedented data-gathering’
Credit: Adobe Stock
Ministers must improve data protections in the NHS coronavirus tracing app before it is made widely available to the public, an influential group of MPs and peers has said.
The Joint Committee on Human Rights warned there were still "significant concerns" about the safety of the application, which they claimed had "potential longer-term effects on personal freedoms and concerns around surveillance".
The NHS app, which is currently undergoing a pilot study on the Isle of Wight, will alert users if they have been in significant contact with an infected person, and allow medical staff to follow the spread of the illness
Health secretary Matt Hancock has already said the public had a "duty" to download it when it is made available, but insisted the software had been developed to bring "high privacy" to users’ data.
- NHS tracking app must do ‘heavy lifting’ to avoid second virus peak, claims chief scientific adviser
- How Denmark aims to ‘create trust’ in contact-tracing tech
- Coronavirus: can we keep track of our sensitive data?
But in a new report, the committee said they were "not reassured" the measures went far enough to protect the public "regarding surveillance and the impact on other human rights".
While the group said the app could "pave the way" out of lockdown if successful, they hit out at the lack of parliamentary scrutiny of the plans as they demanded ministers sought the urgent approval of MPs.
They wrote: "Previous extensions of state powers of surveillance and data collection for the purposes of terrorism prevention have been legitimised by legislation scrutinised by Parliament; and so, it should be for public health purposes. Without clear efficacy and benefits of the app, the level of data being collected will not be justifiable and it will, therefore, fall foul of data protection law and human rights protections."
They added: "The government and health authorities must at all times be transparent about how the app, and data collected through it, is being used, including publishing ethics reviews and sufficient technical specification information relating to the app and to data security."
Meanwhile, the group also called for a review of the app's safety every 21 days to be carried out by the health secretary to ensure there had been no breaches of sensitive data.
Labour MP Harriet Harman, who chairs the committee, said: "Assurances from ministers about privacy are not enough. The government has given assurances about protection of privacy so they should have no objection to those assurances being enshrined in law.
"The contact-tracing app involves unprecedented data gathering. There must be robust legal protection for individuals about what that data will be used for, who will have access to it and how it will be safeguarded from hacking. Parliament was able quickly to agree to give the government sweeping powers. It is perfectly possible for parliament to do the same for legislation to protect privacy."
Whistleblower raised concerns about practice that went unheeded
The Public Accounts Committee finds a lack of information and collaboration could have seen many ‘slip through the net’
Scottish institutions to work with consenting older citizens to track energy usage
Up to 11 million UK accounts recently saw personal information published online
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...
Engage Process explains how to ensure that process remains at the heart of your management programs - and how to keep undue pressure from those processes
With the backdrop of the COVID-19 pandemic, every disaster now entails responding to at least two emergencies. Dataminr explains how organisations can best prepare.