Right now, as you read this, there is a debate going on in the information and data regulation world.
In the blue corner we have the rights of individuals to have their data protected. In the red corner is Covid 19 and the demands of governments to test and monitor the populations of their nation states.
So you can see, the problem is a simple one to define. It is less simple to answer.
At the heart of the storm is the Information Commissioner’s Office. On the one hand, Liberty and the campaign groups championing civil liberties. On the other hand are those seeking to use data monitoring as a means of getting UK PLC back on her feet.
Elizabeth Denham CBE is the current Information Commissioner and she is highly respected in the field. To her it falls to hold the ring between the blue and red corners. From the outset she has sought to strike a pragmatic and proportionate regulator. One of the means of defeating C19 is to use Apps and monitoring of data.
With this in mind, the ICO has set out some basic principles:
- Continuing to recognise the rights of individuals.
- Focussing on the most serious threats to the public
- Providing ‘front line organisations’ advice on data regulations.
- Cracking down on those seeking to take advantage of the current emergency
One of the more important jobs for the ICO will be to give rapid guidance to public authorities on the suitability of Apps currently under development or being tested (in the Isle of Wight) and the safeguards in those Apps. At the risk of being frivolous, there are reported cases of Apps in other countries, leading to the discovery of extra marital affairs. All rather awkward, I think you will agree. More seriously are the problems we have so often seen in the past few years of data misuse and security.
More prosaically, the ICO has sent out a clear message on their day to day business: if data processors and controllers make innocent mistakes because of staff shortages or changes in working practice caused by C19 and make a clean breast of it, they will be treated reasonably and pragmatically. If they seek to cover up, they will be treated less reasonably. If they behaved cynically and tried to take advantage of the C19 emergency, will be treated harshly.
The ICO will have been consulted in respect of the geo spatial and geo location Apps currently being tested in the isle of Wight. The App, developed by NHSX (the IT arm of the NHS) uses Bluetooth. The Bluetooth pings continuously in the phone in which it is downloaded. It stores anonymised identifiers from other phones in which the App is installed. So, if I am infected, the app will have a record of every phone it has come within range of. These phones (and their owners) can then be messaged.
Now, the NHSX team have opted for a ‘centralised system’. A centralised approach means that data and messages are uploaded to and from a central server within the NHS. This differs somewhat from the Apple and Google’s system. In their case, there is no uploading or downloading or messaging from a central server. The messages are sent direct between phones. The problem here though is simply this - leaving aside the need to identify clusters and allocate resources or implement measures/ warnings accordingly- do you trust Apple or Google anymore than you trust the NHS? Ticklish, isn’t it?
In this writer’s view, people are dying, the economy is crashing, the physical and mental health of the nation are under pressure. The NHS centralised system uses anonymised identifiers. The data will be erased when it is no longer needed. The data collected in the meantime will be used to mitigate risk and save lives, and to model future outbreaks. Data is a tool in this struggle and for the future. Safeguards are in place. Insofar as there are risks to civil liberties, these may have to take a back seat for a while.