4 von 5

1. Dezember 2020

December - Health data – 4 von 5 Insights

Contract tracing apps - will consenses create success?

Jo Joyce looks at the privacy issues involved in developing contact tracing apps and whether they impact their ultimate success.


Jo Joyce

Senior Counsel

Read More

In the early stages of the COVID-19 pandemic a consensus quickly developed that contact tracing to alert individuals to possible exposure to someone with a COVID-19 diagnosis, would become crucial to public health management and the suppression of the virus. Around the world governments began commissioning and, in some cases, developing mobile phone apps to automate the contact tracing process.

The fact that almost every person in the developed world now carries at least one mobile phone on their person in public, means that COVID-19 tracing apps, if widely taken up, have the potential to make a huge difference to the number of people participating in contact tracing services. Even 10 years ago, the adoption of the technology needed to run apps would not have been sufficiently widespread to ensure the critical mass needed to make contact tracing efforts meaningful and effective.

The UK approach – a cautionary tale or a prudent U-turn?

In the UK, development and take up of the NHS contact tracing app wasn’t entirely straightforward. The government, in its initial approach, fell foul of a pitfall experienced by many an app developer: over ambition.

The first version of the UK app spent months in development and was trialled on the Isle of Wight but had to be scrapped. This was largely because it had tried to adopt a centralised approach whereby data relating to possible COVID transmissions would be collated centrally and shared with government to allow notifications to be made based on the data available to the central database. Such data would include not only details of other app users that a person has been contact with but also details of the other users that those people had been in contact with.

In theory a notification received by users to tell them to self-isolate would be more reliable in a centralised tracing system because it would be based on more data. The government would then also have a clearer picture of how transmission is taking place to improve its response. However, the theoretical superiority of centralised systems has been impeded by two major factors, a lack of support from phone operating systems, and the public's privacy concerns reducing uptake.

Governments adopting a centralised approach to their apps found that the result of that decision was denial of access to Apple and Google expertise in the development process. This meant that the Bluetooth technology needed to ensure the apps could detect the presence of nearby devices just didn’t achieve the accuracy needed to make the app work properly. The UK was not alone in feeling those frustrations with similar issues experienced in the development of centralised contact tracing apps in France, Denmark and Australia.

A simpler solution to a complex problem?

The second version of the UK app began development in June 2020 and was launched in September after collaboration with the Californian tech giants made sure that the software designed would be able to make full use of the hardware available.

Like other decentralised contact tracing apps, the UK’s NHS Test and Trace app is designed to share as little personal data as possible. The app doesn’t even know the identity of the user as they are not requested to register an account so names, email addresses, and phone numbers are not shared. All contract traces are stored on the user’s phone and only Bluetooth, not location data is used to determine contacts. The only data communicated by a user’s app with the government server relates to encryption keys. Although such keys could, theoretically identify the user, the Apple/Google API changes the keys daily, making it virtually impossible to use them for identification.

The types and amounts of data collected and retention periods and methods do vary across different government backed apps but the approach taken is broadly the same for all non-centralised apps. No contact information or no location information will leave the users’ phones. All the contact traces are stored only on the phone and the app decides when it receives keys of infected users. The app then calculates whether a received key comes from among the users that the app user has been sufficiently close to for a sufficiently long period to trigger a self-isolation recommendation.

The app also allows users to check in to venues using a QR code that must be displayed by law (when a venue is permitted to open). If Public Health England identifies an infection that occurred in a venue, the user’s app looks up the venues where the user has been and checks whether they were in a venue where an outbreak occurred at the relevant time.

In the two months since its launch, the NHS Test and Trace app has been downloaded nearly 20 million times in England and Wales. While this represents significant engagement, it means that over half of the adult population does not have the app. In some cases, those individuals will be self-isolating, or will not have access to a sufficiently up-to date mobile phone to run the app. Despite the government’s best efforts to reassure, some individuals have expressed privacy concerns about the use of the app and fears over government access to in-app data.

A united front

The UK government’s move to develop a contract tracing app was very much in line with the initial responses of governments around the world. Although not every government experienced the same initial challenges, most have ended up with a very similar product, technically if not visually.

In the Republic of Ireland an app using the same low-level Bluetooth technology as the NHS app, proved instantly popular when launched in early July and was developed for a comparatively low 850,000 Euro price tag. A million users downloaded the app within 24 hours of its launch. Questions remain though as to the extent of take up needed to ensure that contact tracing apps can provide a meaningful solution.

The Irish government says that while over half the adult population has now downloaded the app, only 34% of the population is actively using it to determine and record proximity to other users. Rates of take up and active use have been similar across Europe with both German and French authorities announcing in September that take up was too low.

One factor that may boost app use is interoperability, a crucial development as and when international travel becomes easier once more and a priority for the EU. In October France, Ireland and Germany announced that their apps can now communicate with one another, meaning that visitors returning from a foreign trip to one of those countries will be notified by their app if someone they came into contact with while abroad has received a COVID-19 diagnosis through, or shared by their own app. The European Commission’s own data server in Luxembourg will be used to host app data shared on the European Federation Gateway Service.

Only data from non-centralised apps can be shared and the Commission has offered assurances that Citizens’ personal data is fully protected. Information will only be stored in the gateway for a maximum period of 14 days. The information exchanged is fully pseudonymised, encrypted and Member States are joint controllers for the European Federation Gateway Service. The participating Member States determine together the purpose and means of processing of personal data through the Gateway.

At present the UK like other non-EU Members is unable to participate in data sharing from contact tracing apps from EU Member States via the Commission framework , though the frequency of travel between Northern Ireland and Ireland made interoperability for the apps run by those two countries essential to ensure take up. For the UK government the biggest interoperability priority is to ensure that the NHS Scotland and Northern Ireland apps (which are interoperable with each other) can also share data with the app for England and Wales.

Designing for confidence

One major impact of the involvement of governments in contact tracing and the growing demand for interoperability is that the many healthcare apps already in existence pre-COVID, have had their opportunities to engage with their user base restricted during the pandemic. Whether this will continue to be the case in future years is likely to depend on the levels of public confidence in the ability of governments to keep data secure and to respect user privacy.

One aspect of the UK government’s approach that has been designed to ensure transparency and give users confidence in the NHS app is the privacy policies developed to provide users with information about how the app works and handles their data. The NHS app links to three separate privacy policies as well as the government’s very detailed data privacy impact assessment documents. The different policies are designed to reflect different user needs with a simple policy and a policy for young people sitting alongside the complete privacy notice.

Legal design principles have been employed to improve the readability of the simple policy, particularly with graphics and a very simple structure making it stand out as a striking example of privacy communication.

Measuring success

Whether contact tracing apps will ultimately be considered a success very much depends on the expectations of those behind them. In the UK and other countries, the more manual test and trace system operates alongside the app but does not rely on it. Without universal take up, contract tracing apps are unable to offer a comprehensive solution to COVID-19 transmission anywhere.

However, if public confidence in the security and privacy respecting credentials of government-run apps can be improved and maintained so as to ensure maximum take up, they will provide a valuable tool to enable life to reflect some semblance of normality as we wait for longer term medical weapons against COVID-19.


Global Data Hub

Go to Global Data Hub main hub