Hello, privacy pros.
As parts of the world begin to open up from their respective pandemic lockdown measures, focus on contact tracing apps continues to stay prominent in privacy news.
According to the Hindustan Times, a new administrative protocol has been introduced in India to govern the use and sharing of data collected via the Aarogya Setu app. In particular, the protocol sets retention periods, government access and interdepartmental sharing rules while requiring the deletion of personal information within 30 days of an individual's request. It also provides for a standard maximum retention period and permits further use of deidentified information. Violations of the protocol carry criminal penalties of up to two years imprisonment.
The scope of services provided through the Aarogya Setu app has expanded since first being introduced as a contact tracing app. With nearly 100 million downloads, concerns were raised over the security of the data collected by the app when a French hacker demonstrated how "details of millions of Indians using (the app) could be accessed within a 100-kilometer radius." Installation of the app has also become mandatory for certain activities, including the movement of individuals.
In Australia, ZDNet reports that amendments to the draft legislation related to the government's COVIDSafe app have been introduced to help address some of the privacy concerns raised in relation to last week's initial draft legislation. The legislation includes provisions prohibiting government and businesses from requiring the use of the app for access to services and venues.
The Australian government's plan to include legislation alongside the contact tracing app to provide additional protection to the data collected was a forward-looking good start. But the additional protections included in the revised bill are largely the result of privacy professionals mobilizing to scrutinize the app and the initial draft legislation, then quickly developing guidance back to the government based on deep privacy expertise. One group, coordinated by Peter Leonard, produced "Good legislation to make COVIDSafe trustworthy." A thorough evaluation of the privacy protections within the app and legislation was also provided in the paper "Australia's 'COVIDSafe App': An Experiment in Surveillance, Trust and Law," by Graham Greenleaf and Katherine Kemp of the University of New South Wales.
It is great to see privacy professionals making such a tangible contribution to the laws that govern how our personal information may be collected and used.
Sincerely,
Stephen Bolinger