Some really helpful guidance on contact tracing mobile apps from ICO today. However, four broader issues remain unanswered:
1. What about employers' contact tracing apps?
2. Do we need additional legislation to set out the necessary protections to an individual’s rights in relation to contact tracing apps, such as the proposed UK Coronavirus Safeguards Bill?
3. For the same reasons, is additional oversight of contact tracing (and other COVID-19 related extraordinary data processing)( required?
4. Interoperability of various apps and international cooperation.
You may find our more about ICO's expectations on key requirements (no surprises here) and best practice guidance, and my initial thoughts about the four issues listed above, in the brief LinkedIn article below.
Earlier today, ahead of attending a session of the UK Parliament Human Rights Joint Committee this afternoon, the ICO published its COVID-19 Contact tracing: data protection expectations on app development - see https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/05/covid-19-contact-tracing-data-protection-expectations-on-app-development/ the "Tracing App Expectations document"). In this fairly detailed guidance, ICO sets out its key expectations based on the GDPR and UK Privacy and Electronic Communications Regulations (which implement he EU e-Privacy Directive in the UK). The ICO sets out the core compliance requirements for developing a contact tracing app in line with the principles of data protection by design and default, and provides a series of best practice recommendations.