With the pandemic infecting our society, calls are being made for technological solutions to curb the spread of the virus even further. Once again, governments, health bodies and private companies are looking at big data as the potential cure. During this time of crisis where all norms are forgotten will our privacy be compromised in the panic?

The app that everyone’s talking about

A coronavirus tracking app (the Covid-19 Symptom Tracker) has become one of the UK’s most popular downloaded apps since its launch last Tuesday. The free app asks individuals to provide certain information about themselves such as their age, gender, postcode as well as more sensitive health information such as whether they have heart disease, asthma or diabetes. Individuals are expected to monitor their health on a daily basis to detect whether they have any of the known symptoms of the virus, such as a cough or fever.

The aim of the app is to determine where the high-risk areas in the UK are; who is most of risk of the virus and how fast the virus is spreading in your local area.

Should we be downloading apps like this and what are the privacy risks? 

Remarkably, this app was put together in just five days by researchers at Guy’s and St Thomas’ hospitals and King’s College London university. The creators of the app are encouraging more members of the public to sign up to the app as they argue the more real-time data they have, the more this will aid this crucial research. So, if we can contribute to potentially life-saving research, what’s the problem?

The platform collects sensitive health data about its users and shares this with hospitals, the NHS, universities, health charities and other research institutions. The inherent sensitivity of health data means that organisations collecting it and sharing it need to adhere a stricter set of rules under the GDPR. Unfortunately, in recent times, health apps have been notorious for sharing users’ health data with third parties for commercial purposes without a user’s consent or knowledge.

The app’s privacy policy reassures users that personal data will be anonymised where it’s shared outside the NHS or King’s College London, by using an anonymous code to replace any personal data. However, the policy warns that when sharing personal data with researchers in the US, it may not be protected to the same standard as the GDPR. Where data is properly anonymised, it does not fall under the scope of the data protection law as no individual can be identified, however it is difficult to ensure that the users’ personal data has truly been anonymised.

Unfortunately, on the back of this pandemic, cybercrime has increased and there may be other apps out there claiming to track symptoms and conduct research into coronavirus. As with all other apps, we recommend that you’re comfortable with which organisation is behind the app, what exactly they want to do with your personal data and who they plan to share your data with.

Of course, where health data is used compliantly, apps like this can be hugely beneficial in assisting with vital research during this difficult time. However, it’s important that both app developers and users are aware that essential privacy safeguards must not be compromised – there is no blanket carve out from privacy compliance during this pandemic. It is simply a case of balancing the needs of the government and health authorities to conduct effective research with users’ fundamental privacy rights.  With the NHS’s technology department, NHSX, planning to launch a coronavirus app using smartphone location tracking data, it’s likely that data protection will come under the spotlight once again.