The use of contact-tracing apps and data privacy

The Government’s chief scientific adviser claimed this week that a second peak of coronavirus cases could  be avoided with the help of the NHS’s new contact-tracing app – despite criticism the technology may have significant flaws. 

Sir Patrick Vallance told MPs while giving evidence to the health select committee that he was optimistic that cases can be kept under control in the next stage of the epidemic.

The ‘test, track and trace’ app works via Bluetooth and will alert people if they have been in close contact with someone who later fell ill with COVID-19.

If the current trial on the Isle of Wight is successful, the Government plans to roll out the app to everyone across the UK.

With more than one-third of the planet’s population currently under some form of COVID-19 related restriction, the global economic picture is equally bleak.  There are fears that the world economy will shrink by 7% in 2020, with trade levels sinking dramatically and national borrowing set to rise to unprecedented levels.

Experts all over the world have been exploring how to harness technology to automate contact-tracing of those potentially infected with the virus – allowing the world to get back to work and get back on its feet. However, this technology also brings serious practical and ethical concerns and risks putting health care against data protection.

What is contact tracing?

Contact tracing has long been a key tool in preventing the spread of communicable diseases such as STDs.  It involves tracking down and alerting those who have been in contact with a confirmed COVID-19 sufferer. However, it is difficult to identify everyone who may have been exposed. It is also time-consuming and works best where infection levels are low.

The wider impact may be that it fuels pre-existing concern over excessive state surveillance powers and whether the UK’s level of personal data protection is essentially equivalent to that of the EU. This just adds to the extensive list of concerns such as facial recognition technology, criticism of the UK Government over data compliance breaches and data sharing with the US.


There is now a race by NHS officials to get greater privacy safeguards in place amid mounting concern from security experts, MPs and users. Because the technology is being developed at break-neck speed, the government is thought to be appointing an ethics board to improve oversight and publish the software source code in the next month, and has not ruled out “a sunset clause”, agreeing to delete all data collected once the country returns to normal.

However, there are growing concerns about public take-up by security specialists and MPs over the central database which will contain anonymised records of those reporting symptoms and who their phone has come in contact with.

Robert Hannigan, a former director of the government’s intelligence and security organisation, GCHQ, said while he thought the app was “not a threat to individuals” because it only recorded a person’s postcode alongside a unique reference number for each phone, it was right that the exercise in surveillance should be reviewed after the crisis.

Retaining some information in a central database has been deemed necessary because it allows the NHS to track regional outbreaks and obtain information about the future spread of the disease.  The UK rejected an alternative database-free decentralised approach put forward by Google and Apple.

By failing crucial initial security tests, many claim is not yet safe enough to be rolled out across the UK. The system apparently failed all tests needed for it to be included in the NHS Apps Library, including cyber security, clinical safety and performance, reports the HSJ.

However, if the trial is successful then it will be rolled out later this month. The app uses Bluetooth to alert a mobile user when they have spent more than 15 minutes within 6ft of someone who has tested positive for Covid-19 or experienced symptoms. It will also advise the user to self-isolate if they have come into contact with someone who is infected. Senior figures described the app as a ‘bit wobbly’ and have raised concerns it could affect public trust if privacy settings are not tightened.


iCaaS is the trusted standard in data protection. The iCaaS software suits businesses of all sizes. It does all the hard work of achieving compliance and ultimately minimises the risk of data breaches – especially those posed by home working.  Lockdown in the UK has seen a sharp increase in employees working from home. This has opened the floodgates to numerous forms of data transmission back and forth between remote employees and their office. The result is that data security risks have risen significantly. By securing your business the iCaaS platform will save you time and money. More importantly it will secure your staff and help to build confidence and trust within your customer base.

Get in touch, speak to a specialist today. Call: 0345 646 0066

Go to:

Scroll to Top