Apple, Google release new privacy principles, appearance of coronavirus (COVID-19) proximity alert apps

Apple, Google release new privacy principles, appearance of coronavirus (COVID-19) proximity alert apps

The makers of the world’s two most commonly used smartphone operating systems said in releasing a series of privacy principles for public health authorities that the use of proximity notification apps must be voluntary, and that the apps will be blocked from trying to access sensitive data that could trigger privacy worries, such as location data.

Apple and Google are writing the application programming interfaces (APIs)—a kind of socket that allows apps to plug into a phone’s operating system—in a way that the APIs will require individual users to provide a series of permissions before the apps will work. The apps will be prohibited from asking to access sensitive location data on iPhones or Android smartphones, and they will not be able to be used to target advertising, the companies clarified today in a background briefing call for journalists.

To spur adoption of the apps, only one health authority from each nation will be allowed to use the APIs released by Google and Apple, the companies said. However, if a national health authority opts for different regionalised systems, the system can support that, the companies said. If there is too much ‘fragmentation’ of different proximity alert systems within and between countries, it will become too hard to do coronavirus contact tracing at scale, the companies said today in a background briefing.

Apple and Google also released the user interface (UI) for the exposure notification APIs, providing the first view of how the apps will look to users. The UI makes clear that users will have to provide a series of permissions before the apps will work, such as to share the results of a positive coronavirus test with health authorities.

After being told how the Bluetooth system works, users who have a positive coronavirus test, will have to tap on a ‘Share Positive Results’ button before going to later screens that will ask questions such as the date of the test, and whether the user agrees to share their identifying ‘keys’ with other people’s phones—the step that would signal those other people to know they are at risk of being infected if they come too close to the user with the positive test.

Around the world, privacy worries are increasingly conflicting with the effort to use technology to battle the spread of the virus.

In South Korea, for example, the government asked contact-tracing apps, portal websites, government websites and individual social media accounts to delete personal information collected for the purpose of contact tracing, amid concerns about possible privacy violations.

And in France, there is growing uncertainty about whether the government’s coronavirus tracing app will be deployed, with France having pushed for a centralised system in which users’ data would be stored in a central server.

The Apple-Google system, in contrast, would have individual phones swap randomised identifying ‘keys’, storing identifying data on the phones, rather than storing data on a central server. A Google privacy engineer said in today's background briefing that the companies make a foundational decision to keep as much data as possible on the phones themselves.

The app will signal a phone’s user that he or she has come too close, for too long, to someone who has become infected with the novel coronavirus. The companies chose Bluetooth technology because it offers the greatest degree of privacy, hopefully spurring adoption by phone users who might otherwise hesitate to share health data with large technology companies and governments.

The success of the system will also hinge on whether people trust the big tech companies to protect privacy; 56% of Americans say they don’t trust the companies on privacy ‘too much’ or ‘all’. A poll in the US last week found that just 43% of Americans trust Apple and Google ‘a great deal’ or a ‘good amount’.

Google and Apple say they will never know the identities of people using the system, and the companies say they will disable the system on a regional basis once the pandemic is over. Apps will be required to collect the minimum amount of data necessary to make the apps work, the companies said.

This article by Mike Swift was first published by MLex, a LexisNexis® company, on 4 May 2020 and is published with permission.

Visit  MLex for more information and to request a free trial.

Related Articles:
Latest Articles: