NHS COVID-19 app – Is my data safe?

Tuesday, 12th May, 2020 - 16:36

With the Coronavirus sparking uncertainty in just about all areas of the world right now, we understand why some people are nervous to start combatting the virus using new, unknown methods such as the 'NHS COVID-19’ app. However, by the time you finish reading this article we hope you’ll have gained more understanding about what the app is and how safe your data will be.

Ministers see it as a key element in their ‘test, track and trace’ strategy to stop the spread of the disease and to enable easing of the lockdown restrictions. The app has purely been developed to tackle and control the virus in hope that it helps us all get back to normality, sooner rather than later, making it an option definitely worth pursuing.

Has the app been trialled & tested?

Yes, the app is currently being tested on the Isle of Wight before becoming nationally available by the end of the month.

Many countries are already using contact tracing apps to tackle the world pandemic. Hong Kong, Singapore and Germany amongst others have rolled out the contact tracing method to help manage and control the spread of the virus. In Singapore particularly, a contact-tracing app called ‘Trace Together’ has been rolled out by the government to track those who might be infected by coronavirus. Since March 20 it has been downloaded over 800,000 times in the hopes of creating a “community-driven” response to the virus. Countries such as Australia, Italy, France and the UK will see phones gather anonymised records if apps are approved and used as soon as possible. Other countries such as South Korea have used contact tracing apps from the outset in order to minimise the possibility of a total lockdown.

Why did the UK choose this type of app?

There are two ways the tracing app could work. One is a ‘decentralised’ model where all the relevant contact information is held only on users’ phones. The alternative approach is the ‘centralised’ model which is where some data is held by the NHS on a single database. The UK app will use the centralised model, meaning the matching process will take place on a single computer server.

The decentralised model has been promoted by tech giants Apple and Google, arguing that this is the safer way to proceed as it’s simply ‘more secure’. As a result, both companies have set out to develop a range of interfaces to support a contact tracing app on that basis.

However, the NHS team who are developing the official tracing app have rejected that approach, and instead insisted on holding a central database of those who say they have been infected - But this has raised concerns over privacy.

In relation to the above, the NHSX (the digital development arm of the health service) says that its centralised system will help give us more insight into how the disease spreads and help it to make the app more efficient. NHSX also says it will play a vital role in reducing the transmission of the virus, by alerting people who may have been exposed without knowing it to take the precautionary measures to protect themselves and others.

Privacy & data security

To clear up any uncertainty about privacy and what data will be used with the tracing app, Ian Levy, the technical director of the National Cyber Security Centre (NCSC), wrote on Monday 4th May that the NHS would hold only anonymous data. The app will assign each user with a unique number, while data about people they had met would only be uploaded after they report feeling ill.

This, Levy said, would allow the NHS to better “understand how the disease appears to be spreading” and have “contact graphs to carry out some analysis” – although such exercises would be limited as the only data that the app asks for is the first part of a person’s postcode.

With data privacy being a priority in today’s society, it is still not possible to convince everybody to comply and agree to the tracing app strategy. However, the NHSX says, “Millions of us are going to need to trust the app and follow the advice it provides”. It says the information gathered will only ever be used for health and research purposes, and that the app can be deleted at any time.

How safe is the NHS app?

Like any new idea, testing time is required to prove something works effectively, safely and securely. The 'NHS COVID-19’ app has been developed quickly and efficiently, so we can track and trace the problem nationally, as soon as possible. This will, in effect, enable us to gather and analyse data to better understand the virus and how it is spreading.

Again, an element of trust will be required from the British public for this to work effectively, but to help those who are worried about this, the NHSX insists the app "strongly protects your privacy and security" and has "been designed with privacy in mind".

It added: "The app does not collect personally identifiable data from users. Users will always remain anonymous. The anonymous data collected by the 'NHS COVID-19’ App will only ever be used for NHS care, management, evaluation and research."

Anonymising the data does not eliminate the risk of a privacy breach, according to some experts. This week, ministers called on the government to put effective safeguards in place to protect the individual's privacy before rolling out the app.

The general mood of the tracing app at this time is positive and regarded as a step in the right direction to resolve the world pandemic. However, people will need to trust the technology as they do with most apps downloaded onto their mobile phones. Banking apps, Social media apps and even some games pose similar risks to the 'NHS COVID-19’ app.

We will be following this topic over the coming weeks and providing regular updates...

Blog Tags: