National Health Service
Auto Added by WPeMatico
Auto Added by WPeMatico
A UK parliamentary committee that focuses on human rights issues has called for primary legislation to be put in place to ensure that legal protections wrap around the national coronavirus contact tracing app.
The app, called NHS COVID-19, is being fast tracked for public use — with a test ongoing this week in the Isle of Wight. It’s set to use Bluetooth Low Energy signals to log social interactions between users to try to automate some contacts tracing based on an algorithmic assessment of users’ infection risk.
The NHSX has said the app could be ready for launch within a matter of weeks but the committee says key choices related to the system architecture create huge risks for people’s rights that demand the safeguard of primary legislation.
“Assurances from Ministers about privacy are not enough. The Government has given assurances about protection of privacy so they should have no objection to those assurances being enshrined in law,” said committee chair, Harriet Harman MP, in a statement.
“The contact tracing app involves unprecedented data gathering. There must be robust legal protection for individuals about what that data will be used for, who will have access to it and how it will be safeguarded from hacking.
“Parliament was able quickly to agree to give the Government sweeping powers. It is perfectly possible for parliament to do the same for legislation to protect privacy.”
The NHSX, a digital arm of the country’s National Health Service, is in the process of testing the app — which it’s said could be launched nationally within a few weeks.
The government has opted for a system design that will centralize large amounts of social graph data when users experiencing COVID-19 symptoms (or who have had a formal diagnosis) choose to upload their proximity logs.
Earlier this week we reported on one of the committee hearings — when it took testimony from NHSX CEO Matthew Gould and the UK’s information commissioner, Elizabeth Denham, among other witnesses.
Warning now over a lack of parliamentary scrutiny — around what it describes as an unprecedented expansion of state surveillance — the committee report calls for primary legislation to ensure “necessary legal clarity and certainty as to how data gathered could be used, stored and disposed of”.
The committee also wants to see an independent body set up to carry out oversight monitoring and guard against ‘mission creep’ — a concern that’s also been raised by a number of UK privacy and security experts in an open letter late last month.
“A Digital Contact Tracing Human Rights Commissioner should be responsible for oversight and they should be able to deal with complaints from the Public and report to Parliament,” the committee suggests.
Prior to publishing its report, the committee wrote to health minister Matt Hancock, raising a full spectrum of concerns — receiving a letter in response.
In this letter, dated May 4, Hancock told it: “We do not consider that legislation is necessary in order to build and deliver the contact tracing app. It is consistent with the powers of, and duties imposed on, the Secretary of State at a time of national crisis in the interests of protecting public health.”
The committee’s view is Hancock’s ‘letter of assurance’ is not enough given the huge risks attached to the state tracking citizens’ social graph data.
“The current data protection framework is contained in a number of different documents and it is nearly impossible for the public to understand what it means for their data which may be collected by the digital contact tracing system. Government’s assurances around data protection and privacy standards will not carry any weight unless the Government is prepared to enshrine these assurances in legislation,” it writes in the report, calling for a bill that it says myst include include a number of “provisions and protections”.
Among the protections the committee is calling for are limits on who has access to data and for what purpose.
“Data held centrally may not be accessed or processed without specific statutory authorisation, for the purpose of combatting Covid-19 and provided adequate security protections are in place for any systems on which this data may be processed,” it urges.
It also wants legal protections against data reconstruction — by different pieces of data being combined “to reconstruct information about an individual”.
The report takes a very strong line — warning that no app should be released without “strong protections and guarantees” on “efficacy and proportionality”.
“Without clear efficacy and benefits of the app, the level of data being collected will be not be justifiable and it will therefore fall foul of data protection law and human rights protections,” says the committee.
The report also calls for regular reviews of the app — looking at efficacy; data safety; and “how privacy is being protected in the use of any such data”.
It also makes a blanket call for transparency, with the committee writing that the government and health authorities “must at all times be transparent about how the app, and data collected through it, is being used”.
A lack of transparency around the project was another of the concerns raised by the 177 academics who signed the open letter last month.
The government has committed to publishing data protection impact assessments for the app. But the ICO’s Denham still hadn’t had sight of this document as of this Monday.
Another call by the committee is for a time-limit to be attached to any data gathered by or generated via the app. “Any digital contact tracing (and data associated with it) must be permanently deleted when no longer required and in any event may not be kept beyond the duration of the public health emergency,” it writes.
We’ve reached out to the Department of Health and NHSX for comment on the human rights committee’s report.
Let’s go through Matt Hancock’s letter to @HarrietHarman @HumanRightsCtte on the NHSX app and take a closer look at some of these statements 1/ https://t.co/sQe2U8wkiy
— Michael Veale (@mikarv) May 7, 2020
There’s another element to this fast moving story: Yesterday the Financial Times reported that the NHSX has inked a new contract with an IT supplier which suggests it might be looking to change the app architecture — moving away from a centralized database to a decentralized system for contacts tracing. Although NHSX has not confirmed any such switch at this point.
Some other countries have reversed course in their choice of app architecture after running into technical challenges related to Bluetooth. The need to ensure public trust in the system was also cited by Germany for switching to a decentralized model.
The human rights committee report highlights a specific app efficacy issue of relevance to the UK, which it points out is also linked to these system architecture choices, noting that: “The Republic of Ireland has elected to use a decentralised app and if a centralised app is in use in Northern Ireland, there are risks that the two systems will not be interoperable which would be most unfortunate.”
Professor Lilian Edwards, a legal expert from Newcastle University, who has co-authored a draft bill proposing a set of safeguards for coronavirus apps (much of which was subsequently taken up by Australia for a legal instrument that wraps public health contact info during the coronavirus crisis) — and who also now sits as an independent advisor on an ethics committee that’s been set up for the NHSX app — welcomed the committee report.
Speaking in a personal capacity she told TechCrunch: “My team and I welcome this.”
But she flagged a couple of omissions in the report. “They have left out two of the recommendations from my bill — one of which, I totally expected; that there be no compulsion to carry a phone. Because they will just be assumed within our legal system but I don’t think it would have hurt to have said it. But ok.
“The second point — which is important — is the point about there not being compulsion to install the app or to display it. And there not being, therefore, discrimination against you if you don’t. Like not being allowed to go to your workplace is an obvious example. Or not being allowed to go to a football game when they reopen. And that’s the key point where the struggle is.”
The conflict, says Edwards, is on the one hand you could argue what’s the point of doing digital contact tracing at all if you can’t make sure people are able to receive notifications that they might be a contact. But — on the other — if you allow compulsion that then “leaves it open to be very discriminatory” — meaning people could abuse the requirement to target and exclude others from a workplace, for example.
“There are people who’ve got perfectly valid reasons to not want to have this on their phone,” Edwards added. “Particularly if it’s centralized rather than decentralized.”
She also noted that the first version of her draft coronavirus safeguards bill had allowed compulsion re: having the app on the phone but required it to be balanced by a proportionality analysis — meaning any such compulsion must be “proportionate to a legitimate aim”.
But after Australia opted for zero compulsion in its legal instrument she said she and her team decided to revise their bill to also strike out the provision entirely.
Edwards suggested the human rights committee may not have included this particular provision in their recommendations because parliamentary committees are only able to comment on evidence they receive during an inquiry. “So I don’t think it would have been in their remit to recommend on that,” she noted, adding: “It isn’t actually an indication that they’re not interested in these concepts; it’s just procedure I think.”
She also highlighted the issues of so-called ‘immunity passports’ — something the government has reportedly been in discussions with startups about building as part of its digital coronavirus response, but which the committee report also does not touch on.
However, without full clarity on the government’s evolving plans for its digital coronavirus response, and with, inevitably, a high degree of change and flux amid a public health emergency situation, it’s clearly difficult for committees to interrogate so many fast moving pieces.
“The select committees have actually done really, really well,” added Edwards. “But it just shows how the ground has shifted so much in a week.”
This report was updated with additional comment
Powered by WPeMatico
The UK may be rethinking its decision to shun Apple and Google’s API for its national coronavirus contacts tracing app, according to the Financial Times, which reported yesterday that the government is paying an IT supplier to investigate whether it can integrate the tech giants’ approach after all.
As we’ve reported before coronavirus contacts tracing apps are a new technology which aims to repurpose smartphones’ Bluetooth signals and device proximity to try to estimate individuals’ infection risk.
The UK’s forthcoming app, called NHS COVID-19, has faced controversy because it’s being designed to use a centralized app architecture. This means developers are having to come up with workarounds for platform limitations on background access to Bluetooth as the Apple-Google cross-platform API only works with decentralized systems.
The choice of a centralized app architecture has also raised concerns about the impact of such an unprecedented state data grab on citizens’ privacy and human rights, and the risk of state ‘mission creep‘.
The UK also looks increasingly isolated in its choice in Europe after the German government opted to switch to a decentralized model, joining several other European countries that have said they will opt for a p2p approach, including Estonia, Ireland and Switzerland.
In the region, France remains the other major backer of a centralized system for its forthcoming coronavirus contacts tracing app, StopCovid.
Apple and Google, meanwhile, are collaborating on a so-called “exposure notification” API for national coronavirus contacts tracing apps. The API is slated to launch this month and is designed to remove restrictions that could interfere with how contact events are logged. However it’s only available for apps that don’t hold users’ personal data on central servers and prohibits location tracking, with the pair emphasizing that their system is designed to put privacy at the core.
Yesterday the FT reported that NHSX, the digital transformation branch of UK’s National Health Service, has awarded a £3.8M contract to the London office of Zuhlke Engineering, a Switzerland-based IT development firm which was involved in developing the initial version of the NHS COVID-19 app.
The contract includes a requirement to “investigate the complexity, performance and feasibility of implementing native Apple and Google contact tracing APIs within the existing proximity mobile application and platform”, per the newspaper’s report.
The work is also described as a “two week timeboxed technical spike”, which the FT suggests means it’s still at a preliminary phase — thought it also notes the contract includes a deadline of mid-May.
The contracted work was due to begin yesterday, per the report.
We’ve reached out to Zuhlke for comment. Its website describes the company as “a strong solutions partner” that’s focused on projects related to digital product delivery; cloud migration; scaling digital platforms; and the Internet of Things.
We also put questions arising from the FT report to NHSX.
At the time of writing the unit had not responded but yesterday a spokesperson told the newspaper: “We’ve been working with Apple and Google throughout the app’s development and it’s quite right and normal to continue to refine the app.”
The specific technical issue that appears to be causing concern relates to a workaround the developers have devised to try to circumvent platform limitations on Bluetooth that’s intended to wake up phones when the app itself is not being actively used in order that the proximity handshakes can still be carried out (and contacts events properly logged).
Thing is, if any of the devices fail to wake up and emit their identifiers so other nearby devices can log their presence there will be gaps in the data. Which, in plainer language, means the app might miss some close encounters between users — and therefore fail to notify some people of potential infection risk.
Recent reports have suggested the NHSX workaround has a particular problem with iPhones not being able to wake up other iPhones. And while Google’s Android OS is the more dominant platform in the UK (running on circa ~60% of smartphones, per Kantar) there will still be plenty of instances of two or more iPhone users passing near each other. So if their apps fail to wake up they won’t exchange data and those encounters won’t be logged.
On this, the FT quotes one person familiar with the NHS testing process who told it the app was able to work in the background in most cases, except when two iPhones were locked and left unused for around 30 minutes, and without any Android devices coming within 60m of the devices. The source also told it that bringing an Android device running the app close to the iPhone would “wake up” its Bluetooth connection.
Clearly, the government having to tell everyone in the UK to use an Android smartphone not an iPhone wouldn’t be a particularly palatable political message.
This is effectively a form of Android Herd Immunity: for the good of Britain, vaccinate your friends by giving them Androids!
— Michael Veale (@mikarv) May 5, 2020
One source with information about the NHSX testing process told us the unit has this week been asking IT suppliers for facilities or input on testing environments with “50-100 Bluetooth devices of mixed origin”, to help with challenges in testing the Bluetooth exchanges — which raises questions about how extensively this core functionality has been tested up to now. (Again, we’ve put questions to the NHSX about testing and will update this report with any response.)
Work on planning and developing the NHS COVID-19 app began March 7, according to evidence given to a UK parliamentary committee by the NHSX CEO’s, Matthew Gould, last month.
Gould has also previously suggested that the app could be “technically” ready to launch in as little as two or three weeks time from now. While a limited geographical trial of the app kicked off this week in the Isle of Wight. Prior to that, an alpha version of the app was tested at an RAF base involving staff carrying out simulations of people going shopping, per a BBC report last month.
Gould faced questions over the choice of centralized vs decentralized app architecture from the human rights committee earlier this week. He suggested then that the government is not “locked” to the choice — telling the committee: “We are constantly reassessing which approach is the right one — and if it becomes clear that the balance of advantage lies in a different approach then we will take that different approach. We’re not irredeemably wedded to one approach; if we need to shift then we will… It’s a very pragmatic decision about what approach is likely to get the results that we need to get.”
However it’s unclear how quickly such a major change to app architecture could be implemented, given centralized vs decentralized systems work in very different ways.
Additionally, such a big shift — more than two months into the NHSX’s project — seems, at such a late stage, as if it would be more closely characterized as a rebuild, rather than a little finessing (as suggested by the NHSX spokesperson’s remark to the FT vis-a-vis ‘refining’ the app).
In related news today, Reuters reports that Colombia has pulled its own coronavirus contacts tracing app after experiencing glitches and inaccuracies. The app had used alternative technology to power contacts logging via Bluetooth and wi-fi. A government official told the news agency it aims to rebuild the system and may now use the Apple-Google API.
Australia has also reported Bluetooth related problems with its national coronavirus app. And has also been reported to be moving towards adopting the Apple-Google API.
While, Singapore, the first country to launch a Bluetooth app for coronavirus contacts tracing, was also the first to run into technical hitches related to platform limits on background access — likely contributing to low download rates for the app (reportedly below 20%).
Powered by WPeMatico
Oxwash, a UK-based laundry startup that’s aiming to disrupt traditional but environmentally costly washing and dry-cleaning processes by using ozone to sterilize fabrics at lower temperatures, along with electric cargo bikes for hyper local pick ups and deliveries, has bagged a £1.4 million (~$1.7M) seed.
Backers in the funding round include TrueSight Ventures, Biz Stone (co-founder of Twitter), Paul Forster (founder of Indeed.com), Founders Factory and other unnamed angel investors.
Prior to this, Oxwash was working with a £300k pre-seed round — which it used to fund building its first washing hubs (which it calls “Lagoons”) and to test its reengineered washing process.
The startup’s pitch is that its applying “space age” technology to clean dirty laundry, burnished by the claim that its co-founder and CEO, Kyle Grant, is a former NASA engineer — having spent two years as a systems engineer where he researched the use and effect of microorganisms for extended space travel.
That said, it’s packing its reengineered cleaning system into standard (but “massively” modified) industrial washing machines. Just add coronavirus-safe ‘space suits’ (er, PPE)….

“Washing still has crazy carbon emissions, pollution and collection/delivery services cause large amounts of congestion. We saw a way to re-engineer the laundry process from the ground up and to be the first truly sustainable, space-age laundry company in the world,” says Grant, discussing the opportunity he and his co-founder spied to rethink laundry.
“We’re developing processes to have zero net carbon emissions for the whole laundry process — from collection to washing and back to delivery.”
The team is developing “chemistry that works at 20˚C better than at 40˚C or higher, integrating ozone disinfection to remove microorganisms by oxidation rather than using heat and developing water recycling and filtration systems to reduce water consumption and remove microfibre pollution at the same time”, per Grant.
It’s also structuring business operations to locate washing hubs in city centres, where its customers are based, so it can make use of electric bikes for moving the laundry around — allowing for a next day service with 30 minute collection and delivery windows.
“Traditional washing processes use huge amounts of water, energy to heat said water, harsh chemicals and normal petrol/diesel vans for the collections and deliveries. These process warehouses are usually located outside of cities and there are large lags in when items are returned to the customers (up to two weeks),” he further claims.
While ozone itself is a pollutant that degrades air quality, and can even be dangerous if released, Grant says the ozone used in its cleaning machines — which is produced from oxygen in the atmosphere — degrades back to oxygen “within minutes and is therefore inert and safe”.
“After extensive analysis ozone is far safer to use in commercial laundry processes than heat and harsh chemicals such as peroxides (bleach),” he suggests.
On safety, he also says their washing machines are modified to be sealed whilst “washing and disinfecting”, and can only be opened after the ozone has degraded. “Our lagoons are also fitted with ozone sensors that will cut off our generators if the ozone concentration in the air ever goes over the safe limit,” he adds. “Thankfully this has never occurred. The risks to our staff are far lower than when working with boiling water tanks, harsh chemicals and manual handling, the usual work flow in commercial laundries.”
Oxwash launched in the UK in early 2018 and now has more than 4,000 individual customers, per Grant, along with “several hundred” business customers — including the Marriott Hotel Chain, NHS GP practices, London Marathon and Universities of Oxford and Cambridge.
It’s executed a slight pivot of focus over the past two months — spying an opportunity to target risks related to the coronavirus. “We’ve developed a service in the last 2 months that is available to provide coronavirus disinfection,” he says in a statement. “We are working closely with [the UK’s National Health Service] NHS and vulnerable groups to provide support when needed.”
“We have adopted laboratory-grade PPE [personal protective equipment] processes, heavily inspired and adapted from my time working at NASA but also from guidelines from the NHS and HSE England,” Grant adds. “For example, we now perform contactless collections and deliveries whereby the customers pre-bag their items in supplied dissolvable bags. Our rider then has gloves, goggles and a respirator to perform the transfer back to the lagoon where a member of our team in full hazmat gear will load and unload the machines where disinfection is performed.”
Before the COVID-19 pandemic, he says the startup was getting traction from customers wanting to remove allergens that caused them allergic reactions.
“We were confident of moving into the healthcare market in the years to come but usually the tender process for such contracts is not conducive to a startup,” says Grant. “However since the advent of COVID-19 and our ongoing healthcare certification, we have seen a huge increase in the value of proper hygiene to both the individuals and businesses we serve. The Marriott Hotel chain and Airbnb have both expressed serious intent to work on a non-healthcare hygiene rating much like that of the Food Standards Authority. We are working with CINET (the international textile committee) to bring this to market with our technology and processes.”
The seed funding will be used to expand to more cities within the UK and Europe — with London and other European hubs, such as Paris and Amsterdam, in its sights. Its initial two locations are Oxford and Cambridge.
It’s also going to spin up on the hiring front, planning to add a head of growth and head of tech, as well as new operational roles in London.
Ploughing more resource into software dev is another focus, with funding going to expand the tech stack and the software systems which run its logistics and integrate with its digitised washing process. More work on its app is also planned.
Asked what makes Oxwash a scalable business, Grant points to the development of this proprietary software alongside the reengineered washing service. “This iteration of technology and service allows us to develop our washing technology rapidly and get real-time feedback on the end-product and service from our customers,” he says. “The scalable technology element is the proprietary washing process driven by our bespoke software stack and process algorithms.”
On the labor side, Grant says Oxwash is “working towards a B Corp accreditation”.
“[We] have long held that our team should be properly reimbursed for their work but also as ambassadors for our brand out on our bikes. To that end all of our riders (couriers) are fully employed and like the rest of the team they are paid in excess of the national living wage,” he adds.
Powered by WPeMatico
A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.
China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.
Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.
The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.
In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.
The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.
The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.
While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?
Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.
Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.
Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.
The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.
“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.
“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”
Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”
The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.
Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.
On its website PEPP-PT explains the approach thus:
Mode 1
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.Mode 2
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.
Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”
While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”
Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:
Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.
However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.
Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.
“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.
“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.
“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”
We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.
“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”
“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.
“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”
The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.
Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.
Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.
Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.
But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.
Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.
Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.
Powered by WPeMatico
As part of its response to the public health emergency triggered by the COVID-19 pandemic, the European Commission has been leaning on Europe’s telcos to share aggregate location data on their users.
“The Commission kick-started a discussion with mobile phone operators about the provision of aggregated and anonymised mobile phone location data,” it said today.
“The idea is to analyse mobility patterns including the impact of confinement measures on the intensity of contacts, and hence the risks of contamination. This would be an important — and proportionate — input for tools that are modelling the spread of the virus, and would also allow to assess the current measures adopted to contain the pandemic.”
“We want to work with one operator per Member State to have a representative sample,” it added. “Having one operator per Member State also means the aggregated and anonymised data could not be used to track individual citizens, that is also not at all the intention. Simply because not all have the same operator.
“The data will only be kept as long as the crisis is ongoing. We will of course ensure the respect of the ePrivacy Directive and the GDPR.”
Earlier this week Politico reported that commissioner Thierry Breton held a conference with carriers, including Deutsche Telekom and Orange, asking for them to share data to help predict the spread of the novel coronavirus.
Europe has become a secondary hub for the disease, with high rates of infection in countries including Italy and Spain — where there have been thousands of deaths apiece.
The European Union’s executive is understandably keen to bolster national efforts to combat the virus. Although, it’s less clear exactly how aggregated mobile location data can help — especially as more EU citizens are confined to their homes under national quarantine orders. (While police patrols and CCTV offer an existing means of confirming whether or not people are generally moving around.)
Nonetheless, EU telcos have already been sharing aggregate data with national governments.
Orange in France is sharing “aggregated and anonymized” mobile phone geolocation data with Inserm, a local health-focused research institute — to enable them to “better anticipate and better manage the spread of the epidemic,” as a spokeswoman put it.
“The idea is simply to identify where the populations are concentrated and how they move before and after the confinement in order to be able to verify that the emergency services and the health system are as well armed as possible, where necessary,” she added. “For instance, at the time of confinement, more than 1 million people left the Paris region and at the same time the population of Ile de Ré increased by 30%.
“Other uses of this data are possible and we are currently in discussions with the State on all of these points. But, it must be clear, we are extremely vigilant with regards to concerns and respect for privacy. Moreover, we are in contact with the CNIL [France’s data protection watchdog]… to verify that all of these points are addressed.”
Germany’s Deutsche Telekom is also providing to national health authorities what a spokesperson dubbed “anonymized swarm data” to combat the corona virus.
“European mobile operators are also to make such anonymized mass data available to the EU Commission at its request,” the spokesperson told us. “In fact, we will first provide the EU Commission with a description of data we have sent to German health authorities.”
It’s not entirely clear whether the Commission’s intention is to pool data from such existing local efforts — or whether it’s asking EU carriers for a different, universal data-set to be shared with it during the COVID-19 emergency.
When we asked about this it did not provide an answer. Although we understand discussions are ongoing with operators — and that it’s the Commission’s aim to work with one operator per Member State.
The Commission has said the metadata will be used for modelling the spread of the virus and for looking at mobility patterns to analyze and assess the impact of quarantine measures.
A spokesman emphasized that individual-level tracking of EU citizens is not on the cards.
“The Commission is in discussions with mobile operators’ associations about the provision of aggregated and anonymised mobile phone location data,” the spokesman for Breton told us.
“These data permit to analyse mobility patterns including the impact of confinement measures on the intensity of contacts and hence the risks of contamination. They are therefore an important and proportionate tool to feed modelling tools for the spread of the virus and also assess the current measures adopted to contain the Coronavrius pandemic are effective.”
“These data do not enable tracking of individual users,” he added. “The Commission is in close contact with the European Data Protection Supervisor (EDPS) to ensure the respect of the ePrivacy Directive and the GDPR.”
At this point there’s no set date for the system to be up and running — although we understand the aim is to get data flowing asap. The intention is also to use data sets that go back to the start of the epidemic, with data-sharing ongoing until the pandemic is over — at which point we’re told the data will be deleted.
Breton hasn’t had to lean very hard on EU telcos to share data for a crisis cause.
Earlier this week Mats Granryd, director general of operator association the GSMA, tweeted that its members are “committed to working with the European Commission, national authorities and international groups to use data in the fight against COVID-19 crisis.”
Although, he added an important qualifier: “while complying with European privacy standards.”
The @GSMA and our members are committed to working with the @EU_Commission, national authorities and international groups to use data in the fight against COVID-19 crisis, while complying with European privacy standards. https://t.co/f1hBYT5Lqx
— Mats Granryd (@MatsGranryd) March 24, 2020
Europe’s data protection framework means there are limits on how people’s personal data can be used — even during a public health emergency. And while the legal frameworks do quite rightly bake in flexibility for a pressing public purpose, like the COVID-19 pandemic, it does not mean individuals’ privacy rights automatically go out the window.
Individual tracking of mobile users for contact tracing — such as Israel’s government is doing — is unimaginable at the pan-EU level. Certainly unless the regional situation deteriorates drastically.
One privacy lawyer we spoke to last week suggested such a level of tracking and monitoring across Europe would be akin to a “last resort.” Though individual EU countries are choosing to respond differently to the crisis — such as, for example, Poland giving quarantined people a choice between regular police check ups or uploading geotagged selfies to prove they’re not breaking lockdown.
While former EU Member the U.K. has reportedly chosen to invite in the controversial U.S. surveillance-as-a-service tech firm Palantir to carry out resource tracking for its National Health Service during the coronavirus crisis.
Under pan-EU law (which the U.K. remains subject to, until the end of the Brexit transition period), the rule of thumb is that extraordinary data-sharing — such as the Commission asking telcos to share user location data during a pandemic — must be “temporary, necessary and proportionate,” as digital rights group Privacy International recently noted.
This explains why Breton’s request is for “anonymous and aggregated” location data. And why, in background comments to reporters, the claim is that any shared data sets will be deleted at the end of the pandemic.
Not every EU lawmaker appears entirely aware of all the legal limits, however.
Today the bloc’s lead privacy regulator, data protection supervisor (EDPS) Wojciech Wiewiórowski, could be seen tweeting cautionary advice at one former commissioner, Andrus Ansip (now an MEP) — after the latter publicly eyed up a Bluetooth-powered contacts tracing app deployed in Singapore.
“Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder,” wrote Wiewiórowski.
So it remains to be seen whether pressure will mount for more privacy-intrusive surveillance of EU citizens if regional rates of infection continue to grow.
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
As we reported earlier this week, governments or EU institutions seeking to make use of mobile phone data to help with the response to the coronavirus must comply with the EU’s ePrivacy Directive — which covers the processing of mobile location data.
The ePrivacy Directive allows for Member States to restrict the scope of the rights and obligations related to location metadata privacy, and retain such data for a limited time — when such restriction constitutes “a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system” — and a pandemic seems a clear example of a public security issue.
Thing is, the ePrivacy Directive is an old framework. The previous college of commissioners had intended to replace it alongside an update to the EU’s broader personal data protection framework — the General Data Protection Regulation (GDPR) — but failed to reach agreement.
This means there’s some potential mismatch. For example the ePrivacy Directive does not include the same level of transparency requirements as the GDPR.
Perhaps understandably, then, since news of the Commission’s call for carrier metadata emerged concerns have been raised about the scope and limits of the data sharing. Earlier this week, for example, MEP Sophie in’t Veld wrote to Breton asking for more information on the data grab — including querying exactly how the data will be anonymized.
Fighting the #coronavirus with technology: sure! But always with protection of our privacy. Read my letter to @ThierryBreton
about @EU_Commission’s plans to call on telecoms to hand over data from people’s mobile phones in order to track&trace how the virus is spreading. pic.twitter.com/55kZo9bMhN
— Sophie in ‘t Veld (@SophieintVeld) March 25, 2020
The EDPS confirmed to us that the Commission consulted it on the proposed use of telco metadata.
A spokesman for the regulator pointed to a letter sent by Wiewiórowski to the Commission, following the latter’s request for guidance on monitoring the “spread” of COVID-19.
In the letter the EDPS impresses on the Commission the importance of “effective” data anonymization — which means it’s in effect saying a technique that does genuinely block re-identification of the data must be used. (There are plenty of examples of “anonymized” data being shown by researchers to be trivially easy to reidentify; while location data typically includes many easily identified individual tells, such as a home address and workplace address.)
“Effective anonymisation requires more than simply removing obvious identifiers such as phone numbers and IMEI numbers,” warns the EDPS, adding too that aggregated data “can provide an additional safeguard.”
We also asked the Commission for more details on how the data will be anonymized and the level of aggregation that would be used — but it told us it could not provide further information at this stage.
So far we understand that the anonymization and aggregation process will be undertaken before data is transferred by operators to a Commission science and research advisory body, called the Joint Research Centre (JRC) — which will perform the data analytics and modelling.
The results — in the form of predictions of propagation and so on — will then be shared by the Commission with EU Member States authorities. The datasets feeding the models will be stored on secure JRC servers.
The EDPS is equally clear on the Commission’s commitments vis-a-vis securing the data.
“Information security obligations under Commission Decision 2017/464 still apply [to anonymized data], as do confidentiality obligations under the Staff Regulations for any Commission staff processing the information. Should the Commission rely on third parties to process the information, these third parties have to apply equivalent security measures and be bound by strict confidentiality obligations and prohibitions on further use as well,” writes Wiewiórowski.
“I would also like to stress the importance of applying adequate measures to ensure the secure transmission of data from the telecom providers. It would also be preferable to limit access to the data to authorised experts in spatial epidemiology, data protection and data science.”
Data retention — or rather the need for prompt destruction of data sets after the emergency is over — is another key piece of the guidance.
“I also welcome that the data obtained from mobile operators would be deleted as soon as the current emergency comes to an end,” writes Wiewiórowski. “It should be also clear that these special services are deployed because of this specific crisis and are of temporary character. The EDPS often stresses that such developments usually do not contain the possibility to step back when the emergency is gone. I would like to stress that such solution should be still recognised as extraordinary.”
teresting to note the EDPS is very clear on “full transparency” also being a requirement, both of purpose and “procedure.” So we should expect more details to be released about how the data is being effectively rendered unidentifiable.
“Allow me to recall the importance of full transparency to the public on the purpose and procedure of the measures to be enacted,” writes Wiewiórowski. “I would also encourage you to keep your Data Protection Officer involved throughout the entire process to provide assurance that the data processed had indeed been effectively anonymised.”
The EDPS has also requested to see a copy of the data model. At the time of writing the spokesman told us it’s still waiting to receive that.
“The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstandings,” Wiewiórowski added in the letter.
Powered by WPeMatico
Consumer messaging apps like WhatsApp are not only insanely popular for chatting with friends but have pushed deep into the workplace too, thanks to the speed and convenience they offer. They have even crept into hospitals, as time-strapped doctors reach for a quick and easy way to collaborate over patient cases on the ward.
Yet WhatsApp is not specifically designed with the safe sharing of highly sensitive medical information in mind. This is where Dutch startup Siilo has been carving a niche for itself for the past 2.5 years — via a free-at-the-point-of-use encrypted messaging app that’s intended for medical professions to securely collaborate on patient care, such as via in-app discussion groups and being able to securely store and share patient notes.
A business goal that could be buoyed by tighter EU regulations around handling personal data, say if hospital managers decide they need to address compliance risks around staff use of consumer messaging apps.

The app’s WhatsApp-style messaging interface will be instantly familiar to any smartphone user. But Siilo bakes in additional features for its target healthcare professional users, such as keeping photos, videos and files sent via the app siloed in an encrypted vault that’s entirely separate from any personal media also stored on the device.
Messages sent via Siilo are also automatically deleted after 30 days unless the user specifies a particular message should be retained. And the app does not make automated back-ups of users’ conversations.
Other doctor-friendly features include the ability to blur images (for patient privacy purposes); augment images with arrows for emphasis; and export threaded conversations to electronic health records.
There’s also mandatory security for accessing the app — with a requirement for either a PIN-code, fingerprint or facial recognition biometric to be used. While a remote wipe functionality to nix any locally stored data is baked into Siilo in the event of a device being lost or stolen.

Like WhatsApp, Siilo also uses end-to-end encryption — though in its case it says this is based on the opensource NaCl library
It also specifies that user messaging data is stored encrypted on European ISO-27001 certified servers — and deleted “as soon as we can”.
It also says it’s “possible” for its encryption code to be open to review on request.
Another addition is a user vetting layer to manually verify the medical professional users of its app are who they say they are.
Siilo says every user gets vetted. Though not prior to being able to use the messaging functions. But users that have passed verification unlock greater functionality — such as being able to search among other (verified) users to find peers or specialists to expand their professional network. Siilo says verification status is displayed on profiles.
“At Siilo, we coin this phenomenon ‘network medicine’, which is in contrast to the current old-fashioned, siloed medicine,” says CEO and co-founder Joost Bruggeman in a statement. “The goal is to improve patient care overall, and patients have a network of doctors providing input into their treatment.”
While Bruggeman brings the all-important medical background to the startup, another co-founder, Onno Bakker, has been in the mobile messaging game for a long time — having been one of the entrepreneurs behind the veteran web and mobile messaging platform, eBuddy.
A third co-founder, CFO Arvind Rao, tells us Siilo transplanted eBuddy’s messaging dev team — couching this ported in-house expertise as an advantage over some of the smaller rivals also chasing the healthcare messaging opportunity.
It is also of course having to compete technically with the very well-resourced and smoothly operating WhatsApp behemoth.
“Our main competitor is always WhatsApp,” Rao tells TechCrunch. “Obviously there are also other players trying to move in this space. TigerText is the largest in the US. In the UK we come across local players like Hospify and Forward.
“A major difference we have very experienced in-house dev team… The experience of this team has helped to build a messenger that really can compete in usability with WhatsApp that is reflected in our rapid adoption and usage numbers.”
“Having worked in the trenches as a surgery resident, I’ve experienced the challenges that healthcare professionals face firsthand,” adds Bruggeman. “With Siilo, we’re connecting all healthcare professionals to make them more efficient, enable them to share patient information securely and continue learning and share their knowledge. The directory of vetted healthcare professionals helps ensure they’re successful teamplayers within a wider healthcare network that takes care of the same patient.”
Siilo launched its app in May 2016 and has since grown to ~100,000 users, with more than 7.5 million messages currently being processed monthly and 6,000+ clinical chat groups active monthly.
“We haven’t come across any other secure messenger for healthcare in Europe with these figures in the App Store/Google Play rankings and therefore believe we are the largest in Europe,” adds Rao. “We have multiple large institutions across Western-Europe where doctors are using Siilo.”
On the security front, as well flagging the ISO 27001 certification the company has gained, he notes that it obtained “the highest NHS IG Toolkit level 3” — aka the now replaced system for organizations to self-assess their compliance with the UK’s National Health Service’s information governance processes, claiming “we haven’t seen [that] with any other messaging company”.
Siilo’s toolkit assessment was finalized at the end of Febuary 2018, and is valid for a year — so will be up for re-assessment under the replacement system (which was introduced this April) in Q1 2019. (Rao confirms they will be doing this “new (re-)assessment” at the end of the year.)
As well as being in active use in European hospitals such as St. George’s Hospital, London, and Charité Berlin, Germany, Siilo says its app has had some organic adoption by medical pros further afield — including among smaller home healthcare teams in California, and “entire transplantation teams” from Astana, Kazakhstan.
It also cites British Medical Journal research that found that of the 98.9% of U.K. hospital clinicians who now have smartphones, around a third are using consumer messaging apps in the clinical workplace. Persuading those healthcare workers to ditch WhatsApp at work is Siilo’s mission and challenge.
The team has just announced a €4.5 million (~$5.1M) seed to help it get onto the radar of more doctors. The round is led by EQT Ventures, with participation from existing investors. It says it will be using the funding to scale up its user base across Europe, with a particular focus on the UK and Germany.
Commenting on the funding in a statement, EQT Ventures’ Ashley Lundström, a venture lead and investment advisor at the VC firm, said: “The team was impressed with Siilo’s vision of creating a secure global network of healthcare professionals and the organic traction it has already achieved thanks to the team’s focus on building a product that’s easy to use. The healthcare industry has long been stuck using jurassic technologies and Siilo’s realtime messaging app can significantly improve efficiency
and patient care without putting patients’ data at risk.”
While the messaging app itself is free for healthcare professions to use, Siilo also offers a subscription service to monetize the freemium product.
This service, called Siilo Connect offers organisations and professional associations what it bills as “extensive management, administration, networking and software integration tools”, or just data regulation compliance services if they want the basic flavor of the paid tier.
Powered by WPeMatico