Open AccessCOVID-19 contact tracing apps: a stress test for privacy, the GDPR, and data protection regimes
Author(s) -
Laura Bradford,
Mateo Aboy,
Kathleen Liddell
Publication year - 2020
Publication title -
journal of law and the biosciences
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.904
H-Index - 18
ISSN - 2053-9711
DOI - 10.1093/jlb/lsaa034
Subject(s) - computer security , internet privacy , health insurance portability and accountability act , bluetooth , data protection act 1998 , android (operating system) , business , general data protection regulation , covid-19 , computer science , medicine , telecommunications , confidentiality , infectious disease (medical specialty) , disease , pathology , wireless , operating system
Digital surveillance has played a key role in containing the COVID-19 outbreak in China, Singapore, Israel, and South Korea. Google and Apple recently announced the intention to build interfaces to allow Bluetooth contact tracking using Android and iPhone devices. In this article, we look at the compatibility of the proposed Apple/Google Bluetooth exposure notification system with Western privacy and data protection regimes and principles, including the General Data Protection Regulation (GDPR). Somewhat counter-intuitively, the GDPR’s expansive scope is not a hindrance, but rather an advantage in conditions of uncertainty such as a pandemic. Its principle-based approach offers a functional blueprint for system design that is compatible with fundamental rights. By contrast, narrower, sector-specific rules such as the US Health Insurance Portability and Accountability Act (HIPAA), and even the new California Consumer Privacy Act (CCPA), leave gaps that may prove difficult to bridge in the middle of an emergency.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom