Friday 28 Apr 2023 @ 12:25
Information Commissioner's Office
Printable version

Blog: Protecting privacy during a pandemic: our work on the UK’s Covid apps

The ICO’s work is often in the headlines, and our recent enforcement action against TikTok for allowing over a million UK children to use its platform without parental consent brought international media attention.

In practice, the majority of our work to protect people’s privacy rights has a far lower profile. Making sure people are considering data protection at an early stage, and providing the advice and support to ensure privacy protections are built into new services is less glamorous, but very effective.

Our work with the Department of Health and Social Care and Welsh Government around the NHS Covid app is a prime example. The app was officially decommissioned on Thursday, after a fall in the number of users across England and Wales. It marks the end of a journey that began in the pandemic, and saw as many as 30 million people download the app.

The ICO offered advice and support to DHSC from the start, recognising the vital role that data played in navigating the pandemic and our responsibility, as a regulator, to protect people’s privacy during the development of new technology. Given the unprecedented circumstances, our teams worked hard to ensure that data protection law wasn’t a barrier to this innovation and privacy considerations were built into the lifecycle of the app – from design to decommission.

We were the first data protection authority to share a formal Opinion on the joint Google-Apple contact tracing API, just days after it was first published in April 2020. This was shortly followed by our data protection expectations for app development that served as a touchpoint throughout the pandemic. As the app’s functionality evolved, we continued to engage with DHSC and Welsh health bodies to ensure privacy and transparency were considered every step of the way.

Decommissioning was a key part of our expectations for the NHS Covid app. We made it clear to the Department of Health and Social Care that for people to have confidence in the app, they must be able to trust that their data would be deleted once the app was no longer required. We’re pleased that our work, started in March 2020, has helped to protect millions of people across the UK.

The same approach brought similar benefits across the UK. In Scotland, we offered advice and support on the development of the Protect Scotland app and in Northern Ireland, we provided advice and support on the development of the StopCovidNI app. Both proximity tracing apps followed the design principles set out in our expectations document and in line with these expectations, the Scottish app was decommissioned in April 2022 and the NI app was decommissioned in June 2022.

It’s an approach we continue to take today, working closely with organisations to support them to get data protection right from the start when creating new products and services. Our enforcement work may get the headlines, but it is the influence we can have over crucial moments behind the scenes that allows us to make the biggest difference.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/04/protecting-privacy-during-a-pandemic-our-work-on-the-uk-s-covid-apps/

Share this article

Latest News from
Information Commissioner's Office

ICO publishes guidance to improve transparency in health and social care

16/04/2024 09:10:00

The Information Commissioner’s Office (ICO) is supporting health and social care organisations to ensure they are being transparent with people about how their personal information is being used.

Information Commissioner’s Office seeks views on accuracy of generative AI models

12/04/2024 12:25:00

The Information Commissioner’s Office (ICO) has launched the latest instalment in its consultation series examining how data protection law applies to the development and use of generative AI.

ICO joins global data protection and privacy enforcement programme

04/04/2024 15:20:00

The Information Commissioner’s Office (ICO) has signed onto a new international multilateral agreement with the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE) to cooperate in cross-border data protection and privacy enforcement.

ICO sets out priorities to protect children's privacy online

04/04/2024 09:10:00

The Information Commissioner’s Office (ICO) is calling on social media and video-sharing platforms to improve their data protection practices so children are safer when using their services. 

ICO publishes new fining guidance

19/03/2024 09:10:00

The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines.

ICO reprimands Dover Harbour Board and Kent Police over information sharing

18/03/2024 10:20:00

The Information Commissioner’s Office (ICO) has issued reprimands to Dover Harbour Board and Kent Police after they breached data protection law.

ICO reprimands London Mayor's Office for Policing and Crime for complaint web form error

15/03/2024 14:10:00

The London Mayor’s Office was yesterday reprimanded by the Information Commissioner’s Office (ICO) for a web glitch that potentially revealed the personal information of people who were complaining about the Metropolitan Police Service.

ICO fines Wigan-based Pinnacle Life £80,000 for “predatory” spam call campaign

07/03/2024 12:25:00

Wigan-based company Pinnacle Life has been fined £80,000 by the Information Commissioner’s Office (ICO) for a year-long unlawful spam phone call campaign.

ICO launches “consent or pay” call for views and updates on cookie compliance work

06/03/2024 15:05:00

As part of our cookie compliance work, I committed to providing the online advertising industry with clarity on ways in which it can use advertising cookies in compliance with data protection law.