Search
Content type: Examples
23rd September 2020
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: Examples
21st September 2020
An audit of two apps and a website used by national and local governments in Colombia finds: an absence of public information about the tools, how they work, or how their security and privacy is protected; non-compliance with Colombia’s data protection legal framework, particularly in the area of consent; and reckless deployment of solutions that put hundreds of thousands of users’ personal data at risk. Fundación Karisma, which conducted the audit, makes a number of recommendations for…
Content type: Examples
21st September 2020
Following trials in Leicester, Luton, and Blackburn with Darwen, the UK government will assign teams of health care professionals to more than ten local authorities and offer them Public Health England’s near real-time data on infections and a dedicated team of contact tracers, shifting away from its £10 billion centralised national system run under contract by Serco. As of early August, the Serco scheme was still failing to reach a significant proportion of those who had been in close contact…
Content type: Examples
20th August 2020
The outsourcing company Serco, which the UK government has contracted to perform contact tracing, accidentally shared the email addresses of almost 300 of the contact tracers it hired when a staff member sent an introductory email and used CC rather than blind CC. Serco does not intend to refer itself to the Information Commissioner's office.
Writer: Ross Hawkins
Publication: BBC
Content type: Examples
24th July 2020
After ORG asked questions via its legal representative, AWO’s Ravi Naik, the UK’s Department of Health and Social Care agreed to change the period it would retain Test and Trace data from 20 years to eight. Public Health England manager Yvonne Doyle explained that the novelty of COVID-19 was the reason for keeping the data longer, in case PHE needed to get back in touch with those who had tested positive with additional information.
Publication: ZDNet
Writer: Daphne Leprince-Ringuet
Content type: Examples
24th July 2020
In early July the Open Rights Group issued a pre-action legal letter to UK health secretary Matt Hancock and the Department of Health and Social Care saying they have breached requirements under the Data Protection Act 2018 and GDPR by failing to conduct an impact assessment for the Test and Trace system. ORG and its lawyers, AWO, had been asking for details of the DPIA since the beginning of June, a few days after the system was launched. In their response, the DHSC’s lawyers said “there were…
Content type: Examples
13th July 2020
Hours before OpenDemocracy filed suit to compel the UK government to release all the contracts governing its deals with a list of technology firms including Amazon, Microsoft, Google, Palantir, and Faculty, the UK government released the contracts. Faculty is being paid more than £1 million to provide AI services for the NHS, and the companies involved in the NHS data store project, including Faculty and Palantir, were originally granted intellectual property rights and were allowed to train…
Content type: Examples
15th June 2020
The AI firm Faculty, which worked on the Vote Leave campaign, was given a £400,000 UK government contract to analyse social media data, utility bills, and credit ratings, as well as government data, to help in the fight against the coronavirus. This is at least the ninth contract awarded to Faculty since 2018, for a total of at least £1.6 million. No other firm was asked to bid on the contract, as normal public bodies’ requirements for competitive procurement have been waived in the interests…
Content type: Examples
15th June 2020
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
20th May 2020
Under the country's emergency laws, on May 4 the Hungarian government announced it would suspend parts of GDPR and exempted authorities from key provisions such as subject access rights, the right to request erasures, and providing notice that personal information is being collected and stored as long as the data is being collected under the rubric of coronavirus-related health protection.
The changes will remain in place until the government declares the end of the emergency. Opposition…
Content type: Examples
20th May 2020
Only 16% of Australians had downloaded the country's COVIDSafe app by May 3, a week after its launch on April 26, even though most said they support the federal government's coronavirus contact tracing app. In an Ipsos poll, 80% of those who said they were unlikely to download the app cited privacy concerns such as who holds and has access to the data, and which country's law applies. The government has said its goal is for at least half of the population to download and install the app.…
Content type: Examples
20th May 2020
A parliamentary panel granted Israel's Shin Bet security service an additional three weeks to use mobile phone data to track people infected with the coronavirus; prime minister Benjamin Netanyahu had requested a six-week extension while his government drafts legislation to regulate the data use in line with requirements imposed by the Israeli Supreme Court. Testimony given to the parliament's intelligence subcommittee showed that the Shin Bet surveillance was the reason it was possible to…
Content type: Examples
12th April 2020
GDPRHub is collecting a list of projects around the world that are using personal data to combat the novel coronavirus. The list is divided into categories such as decentralised contact tracing apps and frameworks; centralised contact tracing systems; lockdown enforcement; self-assessment apps; mapping projects; and statistical analysis. The site also tracks COVID-19-releated data protection issues.
Source: https://gdprhub.eu/index.php?title=Projects_using_personal_data_to_combat_SARS-CoV-2…
Content type: Examples
12th April 2020
The US Department of Health and Human Services has announced it will waive penalties for violations of the Health Insurance Portability and Accountability Act, which protects patient data privacy. HHS argued that in the nationwide emergency caused by the COVID-19 pandemic, greater latitude is needed to allow doctors to provide telehealth services and use new technologies such as one-on-one video conferencing apps to communicate with patients. However, the agency said that public-facing…
Content type: Examples
12th April 2020
On March 20, the UK's Department of Health and Social Care published a notice providing legal backing for the NHS to set aside the duty of patient confidentiality as part of its response to the COVID-19 pandemic. As long as it is to fight the coronavirus, NHS organisations and GPs may share whatever patient data they deem necessary.
Source: https://twitter.com/halhod/status/1245297265054367744/photo/1
Writer: Hal Hodson
Publication: Twitter
Content type: Examples
9th April 2020
On March 24 the German Bundestag passed a comprehensive amendment to the Infection Protection Act that authorises the Federal Ministry of Health to implement measures for medical care without the consent of the Federal Council. These include the ability to impose curfews and travel restrictions, override patent protection for medical products, and issue ordinances creating other exceptions to the law. The Federal Data Protection Commissioner criticised the proposals because he doubted whether…
Content type: Examples
26th March 2020
On March 14, the Peruvian government set up a website for individuals to check their symptoms so they can be directed towards sources of help. The web form asks for ID number, phone, email and home address.
Source: https://www.gob.pe/coronavirus
Writer: Peruvian government
Publication: Peruvian government
Content type: Examples
26th March 2020
The Indonesian Doctors Association has asked the government to open up the identity of patients who have tested positive for the novel coronavirus in order to facilitate contact tracing and improve the efficiency of efforts to prevent further spread, arguing that in an emergency like this the public will support the disclosure in the interests of safety.
Source: https://mediaindonesia.com/read/detail/296992-permudah-kontak-tracing-idi-dorong-pemerintah-buka-data-pasien
Writer: Atalya Puspa…
Content type: Examples
26th March 2020
The first two confirmed cases of COVID-19 in Indonesia and their neighbours became the targets of media coverage and social media abuse after their personal details were spread via WhatsApp and other social media soon after the President announced the positive tests results - before anyone told the patients themselves. The Health Ministry denied responsibility for the data breach.
Sources:
https://www.thejakartapost.com/news/2020/03/04/covid-19-patients-become-victims-of-indonesias-lack-of-…
Content type: Examples
19th March 2020
A review of European privacy laws considers whether the tracking and monitoring methods China used to shut down the COVID-19 epidemic are in compliance with GDPR. The French data protection authority CNIL says employers are not allowed to take mandatory temperature readings from employees or visitors or require them to fill out compulsory medical questionnaires. Italy passed emergency legislation requiring anyone who has recently stayed in an at-risk area to notify health authorities. Germany…
Content type: Examples
18th March 2020
A task force at the Italian Ministry of Innovation, in collaboration with the University of Pavia to leverage big data technologies to deal with COVID-19, after the WHO advised governments that lockdowns alone are not enough, and that testing, isolation, and contact tracing are crucial. The effort is beginning with anonymised data provided by Facebook; Italian telcos including Tim, Vodafone, Wind Tre, and FastWeb, via their Asstel trade association, have also offered anonymous datasets…
Content type: Examples
4th February 2020
Recent study shows that Americans are wary of data from smart speakers being used in criminal investigations, the Pew Research Center reported. A recent study showed that 49% of Americans answered that it is unacceptable for smart speakers companies to share audio recordings of their customers with law enforcement in order to help with criminal investigations. Only 25% said it is acceptable. Aparently, this result contrasts with some other data use practices measured in the same survey. For…