GDPR

AmericanThunder

Super Moderator
I’m sure most will be aware of the General Data Protection Regulation that became law in 2018?
Most will also know that even after Brexit the UK will continue to abide by GDPR even though aspects are likely to be re-written.

Now, I’m aware that this is a contentious post, but I feel that people should be aware.
The Covid-19 tracking app is in direct conflict with GDPR due to the data it tracks and the methods used for storing that data it gathers. It does not sufficiently protect people’s identity and does not seek permission for all the data it gathers.
More importantly is that users will NOT have the right to request their data is deleted as per GDPR regulation. One legal firm is challenging the tracking app on the basis that it “poses a great interference with fundamental rights and would require significantly greater justification to become lawful. That justification has not been forthcoming.”

Also note-worthy is that the app, regardless of being iOS or Android runs in a ‘special’ background mode that enables communications. To do this without requiring consent and without granting consent to the other data on your device poses a serious breach of your privacy.

In addition, “the UK governments announcements for sharing health data between the private and public sector appear to be flawed. This means such data sharing is potentially not incompliance with legal requirements.”

Now I’m not sure what announcements they are referring too at this time but for my own peace of mind I will be investigating.

This has all been confirmed by the head of the NCSC, Matthew Gould, (National Cyber Security Centre).
It appeared as part of my daily trawl through various security sites as I look for pending threats to my employer.

Use the app or not is your decision (for now) but at least you know. But before you make up your mind ask why the alternatives from Apple and Google, both of which by design could meet privacy requirements, have been ignored by the government.
 
Last edited:

TransAmDan

Forum Admin
Staff member
Funny you brought this up, I had my weather app pop up on my phone asking for permission of my location. Things like that I dont mind knowing my location, its not as if I'm a drug dealer and worried about anyone knowing where I am.

Hopefully this forum complies with GDPR. I apply all patches I can.
 

AmericanThunder

Super Moderator
GDPR cannot be achieved through patches, it’s about the data that is accessible.
We can chat about it when we next meet if you like?
 

AmericanThunder

Super Moderator
And Kudos to Harriet Harmon who is challenging the tracking app for the data it harvests and how this vast library of data will be managed and controlled.
Unfortunately, Matt Hancock won’t engage in discussion about it.
 

AmericanThunder

Super Moderator
Oh dear. It appears the legal framework for the software is inadequate. This means the government has to change the law to lesson your rights under the human rights in order to make enforcing its use legal.
I guess that explains the delay in rolling it out?
It’s horrifying to me that the mainstream media don’t report it on it, and confirms to me the underhandedness of it all. Less Covid prevention and more to do with surveillance state perhaps?
 

AmericanThunder

Super Moderator
An update from last week I forgot to add.
The official contact tracing app maker has confirmed that all data harvested by the app would be retained after the pandemic ends, “for research”.
Clear breach of GDPR, oh wait, they are exempting the app from GDPR and ignoring your rights to privacy. How silly of me to forget.

And it’s not as if accidents don’t happen. Serco had to apologise after leaking the email addresses of 300 contact tracers too. This is the cake as the government call it (the app is the cherry!!).
 

AmericanThunder

Super Moderator
And if you’ve read all the above it should be no surprise that even the contact tracing proposal does nothing to protect you and your personal data.

direct quote below.


British people will soon begin receiving random phone calls from so-called "contact tracers" warning them about having been in close proximity with potential coronavirus carriers. One of many problems with this scheme is it's dangerously easy to pose as a government contact tracer.

As detailed by the NHS, contact tracers will phone up and text people who report coronavirus symptoms to the government and demand lots of personally identifiable information – including information on other people.


What safeguards are in place? Er, not many. They'll call from a published phone number – 0300 013 5000 – and, bizarrely given the context, UK.gov promises its hired call centre won't "disclose any of your personal or medical information to your contacts".

Such a scheme bears all the hallmarks of cold-calling scammers, and indeed has already been used for that exact purpose. More to the point: publishing a phone number really doesn't guarantee that the caller is who they claim to be.

SMS and caller line identification (CLI) information is straightforward to spoof if you know how, and with UK.gov publishing the number its callers will be using, there's now an increased level of risk; for the non-technically-adept, a call coming from a published government number is more likely to be taken at face value.
 

AmericanThunder

Super Moderator
And following the insecurities of the contact tracing program, the Police are saying they will launch their own version to protect the identity of officers working undercover. They say the government program does not provide sufficient security for their officers.

nuff said?
 

AmericanThunder

Super Moderator
Latest..... and oh dear!

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation (GDPR).

In addition to the Information Commissioner's Office (ICO), the digital rights body's lawyers have also written to the country's health secretary Matt Hancock, the CEO of NHS digital agency NHSX, and the chief exec of Public Health England, asking for clarity around the system.

The complaint to the ICO relates to the failure by the NHS and Public Health England (PHE), which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment (DPIA), which is required under the GDPR before processing of data in high-risk situations.

The Open Rights Group argues that because Test and Trace is experimental, and processes data of a sensitive nature on a large scale, a DPIA was required before data processing started. PHE and the NHS confirmed that a DPIA has not been conducted, in breach of those GDPR requirements.

The Open Rights Group has instructed Ravi Naik, legal director of the data rights agency AWO, who said: "Rushing out Test and Trace without following basic legal requirements is troubling. These legal obligations are designed to ensure that risks are identified and mitigated. Not conducting these assessments has caused our clients concern that those risks have not been properly thought through.


Meanwhile, head of the Test and Trace programme, Baroness Dido Harding, formerly CEO of TalkTalk, answered questions before the UK Parliament's Health Select Committee yesterday. Or rather, did not.

Pressed by committee chairman and former health secretary Jeremy Hunt on the proportion of new COVID-19 cases being contacted by the programme within 24 hours of a positive test result, she said she couldn't share data until it had been validated by the UK Statistical Authority.


Hunt said he was disappointed in the response and said Harding, who earned the moniker Dido, queen of carnage for her role in the 2017 TalkTalk data breach, should provide the information to the committee by the end of next week.
 

AmericanThunder

Super Moderator
And just today Norway pulls its corona-virus tracking app and deletes all data after their data regulator found it did not adequately protect personal records.

The Norwegian health authorities are not happy with the decision, but agreed.

Essentially the app was not allowing users to stop sharing their location.


I have heard that UK Android phones have had a version of the contact tracing app pushed to their phones without consent and it lacks the ability to turn it off? Can an Android phone user confirm?
 
Last edited:

TransAmDan

Forum Admin
Staff member
No new apps installed here. I tend to have minimal installed.
 

TransAmDan

Forum Admin
Staff member
02. I can't see how they can make you install an app without you knowing.
 

AmericanThunder

Super Moderator
The network can push whatever they want and if they can also block uninstall. However, if you run an unlocked phone and it didn’t come with all the pre-installed junk I suspect they can’t?
Apple of course are so far blocking it.
 

TransAmDan

Forum Admin
Staff member
Brought the phone unlocked, just popped an O2 sim in it.
I'll keep an eye out for anything dodgy.
 

Will

Core Member
I have heard that UK Android phones have had a version of the contact tracing app pushed to their phones without consent and it lacks the ability to turn it off? Can an Android phone user confirm?
I can't see any new apps, but would they be able to hide it from showing up in the list of apps?
 

AmericanThunder

Super Moderator
I believe that if your phone came from the network and is pre-installed with the crap they add on then they can push it to you. If your phone is unlocked and bought independently then I don’t think they can/would. Which networks? They all have the ability but whether they are is another question.
As for hiding it, yes.
I’m not sure whether this claim is substantiated which is why I was asking Android owners.
I’ll be on the security sites again today looking for updates.
 
Top