CEO of the HSE Paul Reid, letter from Digital Rights Ireland to the HSE
Yesterday.
Further to a report in the Business Post by Susan Mitchell and Aaron Rogan on March 29 last that the HSE will be rolling out an opt-in “mobile phone tracking and tracing app” that will allow people to be notified if they were in close proximity to people who tested positive for Covid-19…
Digital Rights Ireland has written to the head of the HSE Paul Reid (above) asking to discuss the HSE’s plans for this app “and other digital initiatives” over a videoconference call.
It’s been previously reported that the HSE has been in contact with the Office of the Data Protection Commissioner about the track and trace app.
However, details of the app are not clear in terms of what information will be used, how and where this information will be stored and with whom it will be shared. It’s also not clear if the roll-out of the app will be subject to a time limit.
In its letter, Digital Rights Ireland, who successfully argued in the European Court of Justice in 2014 that laws requiring ISPs and mobile phone companies to log details of a phone user’s location, their texts, emails, internet use, and to store that information for up to two years, was a breach of privacy, also asked for Mr Reid to provide it with the app’s Data Protection Impact Assessment.
It’s also not clear if such an assessment has been carried out.
Meanwhile, last night…
So it absolutely is processing special category data. Privacy policy? Apparently the app doesn’t have one, just the developer’s generic one. Not the HSE, the developer, who has another app. And their policy talks about “PII”. 🚩 https://t.co/mFesvxgmQ6 pic.twitter.com/GuIsDVX4N5
— Katherine O’Keefe (@okeefekat) April 6, 2020
OK so patientMpower have an FAQ for the COVID19 app, but it’s still not a privacy policy for the app. It does salve some of my concerns regarding symptom tracking apps. It’s specifically for remote monitoring of diagnosed patients using sensors, AFAICT. https://t.co/TvrPYB9Jdo
— Katherine O’Keefe (@okeefekat) April 6, 2020
The idea of the app actually looks really good. Remote monitoring using clinical grade pulse oximeters and spirometers supported by clinicians looks sensible and hospital avoidance sounds like a really good idea. https://t.co/mmW3OSUMQr
— Katherine O’Keefe (@okeefekat) April 6, 2020
Also, why is an Irish tech company based in a Dublin tech incubator and distributing an app through the HSE referring to HIPAA? And then it throws in a reference to Rights under GDPR with “You have a right to complain to the EU’s Data Protection Authority (DPA)”🤦♀️ pic.twitter.com/yqXv5fKKOJ
— Katherine O’Keefe (@okeefekat) April 6, 2020
Then there’s the mysterious https://t.co/YCEtIcPE60
— Karlin Physically Distanced Lillington (@klillington) April 6, 2020
Previously: Track And Trace
DRI GFY
Castlebridge vested interest mouthing off about GDPR processes again.
This is a pandemic, a public health emergency and they want to whine as if its 2019?
Get off the stage or prepare to be steam rolled fools.
nothing like a good pandemic to steamroller everyone’s rights, eh baz?
so is this thing time limited? how long to they get to keep the data for and what happens to it after the pandemic ends?
I wonder what they’d be doing if they had real jobs?
GDPR will be the death of us. Literally.
Tech rapidly has become the most toxic activity employing the least popular people in Ireland.
Full of it.
FO DRI.