Julian Hayes and Andrew Watson’s previously published article ‘Data protection – another COVID-19 casualty?‘ has now been picked up by the key industry titles, Euronews, Infosecurity, Data Protection Magazine, Open Access Government and Information Age.

Here’s an extract from the article:

What is contact tracing?

Contact tracing has long been a key tool in preventing the spread of communicable diseases such as STDs. Essentially detective work, it involves tracking down and alerting those who have been in contact with a confirmed sufferer.  However, it has readily apparent limitations: with air-borne diseases such as COVID-19 where symptoms are delayed, it is difficult to identify everyone who may have been exposed. It is also time-consuming and works best where infection levels are low. On 12 March, the UK Government stood down Public Health England’s 290 contact tracers, believing them already overwhelmed by the spread of the coronavirus.

In April, however, seemingly following best advice from the World Health Organisation, the Government reversed its decision, announcing plans to recruit and train 18,000 contact tracers, and decided to support their efforts through automation using a contact-tracing app developed by NHSX (the digital arm of the NHS) downloaded to smartphones to ‘track-and-trace’ those exposed to the virus.

How would automated contact tracing work?

Individual nations are developing their own particular contact tracing apps but, broadly, two methodologies exist: one employing the user’s geo-location, often in conjunction with credit card data and surveillance camera records (which formed part of pandemic containment measures in South Korea), and a more privacy-friendly version based on Bluetooth being developed by many countries in the West.

In the Bluetooth version, as the user moves about, the phone would connect with other phones within a certain range. A ‘Bluetooth handshake’ would take place in which connected phones exchange and each store a unique ‘key’ signifying physical proximity. In the UK, when users subsequently display symptoms they may choose to allow the app to inform the NHS which would then alert other app users whose smartphones hold the infected person’s key, indicating that those other users should self-isolate. (Presumably anybody choosing to tell the NHS that they are suffering symptoms would themselves have sensibly already decided to self-isolate). Crucially, the key would be anonymous and would not reveal the personal identity or location data of the infected individual to those receiving alerts.

To facilitate automated contact tracing, Apple and Google, which dominate the global smartphone market, are collaborating to release interfaces (APIs) to enable Android and iOS devices to work together using apps from public health authorhis ities.

This article was originally published by BCL solicitors on the 4th May. You can read the full version here.

A version of this article was published by Information Security on the 6th May. You can read this version here.

A version of this article was published by Open Access Government on the 6th May. You can read this version here.

A version of this article was published by Data Protection Magazine on the 7th May. You can read this version here.

A version of this article was published by Euronews on the 12th May. You can read this version here.

A version of this article was published by Infosecurity on the 12th May. You can read this version here.