View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO Releases Data Protection Guide for Contact Tracing Apps

Designers must be transparent about the benefits expected from the contact tracing app.

By claudia glover

On the same day that the ICO appears before the Human Rights Joint Committee, the agency has released a data protection guide for the correct development of contract tracing applications.

The guidelines come in the form of a 10-step catalogue of principles that must be taken into account when constructing a contact tracing app or service.

Read This! Europe Publishes Contact-Tracing App Guidelines

Contact tracing is the process of slowing the spread of a virus during an epidemic by identifying anyone who might have come into contact with an infected person, and collecting further information about these contacts.

By tracing the contacts of infected individuals, testing them for infection and treating those affected, authorities can theoretically drastically reduce infections in a population.

The UK government and the NHS are developing an app to help them collect data on people who have contracted COVID-19, so they can implement contact tracing to mitigate the risk of a second wave of infections. The app will notify users if they have been in the same area as one or more infected people who are using the app. The UK’s app is to be trialled on the Isle of Wight this week.

Transparency is Key

The first three steps of the guide outline which aspects of the process the ICO will expect to be transparent. The app or service must be clear about its purpose, whether it will be created to track proximity, for example, or whether the design will be more ambitious. The designers must be clear about what risks their approach poses to individual rights, with developers strongly advised to take the least invasive route. They must also be transparent about the benefits expected from the app or service.

The ICO has also set-out guidelines concerning the users of the app; making it clear they must be protected through the use of pseudonyms, “which are renewed regularly as appropriate to your purposes and are generated in such a way that risks of re-identification and tracking are reduced”. According to the ICO, users should be given control over their own data via a privacy control panel or dashboard, and this data must not be stored for any longer than is necessary.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Finally, the commission states that the app must collect the minimum amount of data necessary for its purpose, and that the privacy of the user should be strengthened by the app, that its design does not introduce additional privacy and security risks for the user, such as identification or location.

While the UK is only at the testing stage, China, Australia Singapore, India, South Korea and most of Europe have already created apps to slow the progress of coronavirus.

Don’t Leave Before You’ve Read This! Dangers of Data Sprawl Increase during the Remote Work Revolution

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.