Norway suspends ‘deeply intrusive’ contact-tracing app and deletes all existing data
The country’s data-protection authority has placed a ban on the collection of information via the software after Amnesty investigation
Norwegian authorities have suspended operations of the country’s contact-tracing app and deleted all data gathered by the program so far.
The suspension comes after the country’s data-protection agency, Datatilsynet, prohibited the app from processing personal data until further notice. In addition to temporarily disabling the app, Helse Norge – the Norwegian central health authority – has also said it will delete all data collected so far.
The decision to suspend the app comes following examination by Amnesty International of apps being used by various countries across Europe and the Middle East. The Norwegian program, which was launched in April, was found by the NGO’s researchers to have “alarming implications for users’ privacy, due to its live or near-live tracking of users’ locations by frequently uploading GPS coordinates to a central server”.
Amnesty shared its findings with Norway’s health and data-protection agencies, as well as the government’s justice ministry, and also met with the head developer of the Smittestop app – the name of which translates as ‘infection stop’.
Claudio Guarnieri, head of Amnesty International’s Security Lab, said: “The Norwegian app is deeply intrusive and put people’s privacy at risk. It is the right decision to press pause and go back to the drawing board to design an app that puts privacy front and centre. We were so alarmed by how invasive the app is in its current form that we shared our findings with the Norwegian authorities and urged them to change course. There are better options available that balance the need to trace the spread of the disease with privacy, and we hope the authorities take this opportunity to do just that.”
Amnesty examined 10 other contact-tracing apps, including technology from: Algeria; Bahrain; France; Iceland; Israel; Kuwait; Lebanon; Qatar; Tunisia; and the United Arab Emirates.
The Norwegian app was named by Amnesty as one of three – alongside software developed by authorities in Kuwait and Bahrain – that “stood out as among the most alarming mass surveillance tools”.
In common with Smittestop, the Bahraini and Kuwaiti apps also infringe privacy by “allowing live or near-live tracking of users” via GPS.
“Technology can play a useful role in contact tracing to contain Covid-19, but privacy must not be another casualty as governments rush to roll out apps,” Guarnieri added. “Governments across the world need to press pause on rolling out flawed or excessively intrusive contact-tracing apps that fail to protect human rights. If contact-tracing apps are to play an effective part in combatting Covid-19, people need to have confidence their privacy will be protected.”
It is still unclear when the UK might roll out its contact-tracing app – developd by NHSX – across the country. The technology was originally due to launch in mid-May, but the potential launch date is now no clearer than sometime "in the coming weeks". PublicTechnology reported this week that, about 10 days after the technology began public testing across the Isle of Wight – which was intended as an immediate precursor to rolling out the app nationwide – the software began a programme of capacity and performance testing that will last until the end of July.
Thousands of citizens vaccinated as part of research schemes currently need to request a letter to demonstrate that they have been vaccinated
Platform covers the collection of both clinical and non-clinical information
Commencement of GPDPR pushed back by two months
Department claims that dedicated datacentre space remains essential
It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.