UK COVID Tracking App
UK COVID Tracking App | |
---|---|
Short Title | UK COVID Tracking App Gives Access to User Information to Third Party Trackers |
Location | Great Britain |
Date | May 2020 |
Solove Harm | Breach of Confidentiality, Surveillance |
Information | Location |
Threat Actors | UK COVID tracking app, Third parties tracking |
Individuals | |
Affected | UK covid app users |
High Risk Groups | |
Tangible Harms |
Contact tracing app in Great Britain was found to have permissions that relate to the collection of location data.
Description
In May 2020 United Kingdom released its NHSX contact tracing app as a part of a public health response to this pandemic of COVID19.
Its permissions and trackers were examined through an automated tool which found that the app includes permissions that relate to the collection of location data (a byproduct of the ‘Bluetooth Low Energy tracking’ the app employs).
This means additional, very accurate data about the users’ location could be collected without additional consent. This can be interpreted as Breach of Confidentiality. There is no mechanism to opt-in or opt-out of third-party trackers which are included with the app
The actions of the third parties, tracking people’s location through this app can be seen as Surveillance.
Breakdown
Threat: COVID tracking app giving access to location dat of users without their knowledge or consent
At-Risk group: UK covid app users
Harm: Breach of Confidentiality
Secondary Consequences: not known
Threat: Third parties tracking users through a COVID tracking app
At-Risk group: UK covid app users
Harm: Surveillance
Secondary Consequences: not known
Laws and Regulations
Sources
https://privacyinternational.org/long-read/3752/coronavirus-tracking-uk-what-we-know-so-far