The NHS has reportedly asked Swiss company Zuhlke, which is working on the NHS Covid-19 app, to assess if the app can be switched over to the proposed decentralised Apple/Google system, reports The Telegraph.
According to documents leaked to the Financial Times, the contract asks the company to investigate the feasibility of switching the app to the Apple-Google model. An NHSX spokesperson told the FT that it had been co-operating with Apple and Google during the app’s development and that it was normal to continue refining the app.
The report comes after Information Commissioner Elizabeth Denham confirmed to Parliament at the Joint Committee on Human Rights (Monday 04 May) that she had not yet received a Data Protection Impact Assessment on the contact tracing app, and that consulting the ICO was a legal duty.
In response to her comments, the Open Rights Group (ORG) has sent a formal legal request to NHSX to provide clarity about the risks of the app before it is rolled out to the wider public. The group wants NHSX and Health Secretary Matt Hancock to conduct a full Data Protection Impact Assessment of the app, consult with the ICO and publish the full results.
ORG Executive Director Jim Killock expressed concern that NHSX has not fully addressed the main privacy risks associated with building a massive, centralised database of personal contact events. He warned that the ORG would consider further legal action if it finds that sufficient mitigations are not in place.
Separately, the Joint Committee on Human Rights has published a report on the contact tracing app, focused on human rights and the government’s response to Covid-19 digital contact tracing. Following the appearances of the Information Commissioner and NHSX chief, the Committee said it was not reassured that the current plans for release of the app sufficiently protect the right to privacy and other human rights.
The Committee is also deeply concerned that the app has not been subject to in-depth scrutiny by Parliament like previous extensions of state surveillance and data collection powers. The evidence presented to the Committee shows that the app would have significant and widespread implications, with the Committee calling for the app to be examined by Parliament at the earliest opportunity.
The Committee has produced a report outlining key actions the UK Government must take to ensure that the app respects human rights, such as the right to privacy and non-discrimination, at the same time as allowing people to move around freely whilst helping stop the spread of the virus.
The Committee insists that a contact tracing app must not be launched unless there are strong protections in place, and that it is accompanied by primary legislation protecting data and human rights. It also wants guarantees on efficacy and proportionality, as without these the level of data collected cannot be justified and would violate human rights and data protection laws. It also wants guarantees on oversight, with an independent body to oversee the use, effectiveness and privacy protections of the app; transparency, with the government and health authorities being fully transparent about how the app, and collected data, is being used; and regular reviews, with the Health Secretary undertaking a review every 21 days of the app’s efficacy, data safety, and how any data use is protecting privacy.