Tag Archives: Digital Rights Ireland

HSE logo; excerpt from letter that the HSE has sent Digital Rights Ireland; tweet from DRI

In the past hour.

The Irish Times has reported that Digital Rights Ireland has received a response from the HSE, following on from the DRI writing to the HSE about its planned contact-tracing app.

The DRI wrote about the HSE’s “heavy obligation” in relation to the app’s privacy and data protection and asked for any documentation pertaining to the app’s Data Protection Impact Assessment to be forwarded to the DRI. The DRI also offered to assist the HSE.

In its response, the HSE said it will publish the app’s Data Protection Impact Assessment when the app is launched.

Jack Horgan-Jones reports:

Antoin O Lachtain, a spokesman for Digital Rights Ireland, told The Irish Times that according to information given to the group by the HSE, “they are planning to build a ‘super-app’ which will be much more comprehensive thant the contact tracing app which was originally discussed”.

…It will also delete all identifiable data from the app once the pandemic is over, the HSE said in its letter. “We are very keen to ensure that the potentially lifesaving app has public support and would welcome your positive input once we publish the relevant documentation and the app,” the HSE wrote in its letter.

Coronavirus: Privacy advocates say HSE planning a ‘super app’ (The Irish Times)

Meanwhile, on Tuesday…

Broadsheet sent a number of questions to the HSE about the Covid-19 contact-tracing app referred to above and HSE Covid-19 Patient Management app, advertised on the Apple Store.

At 4.18pm today, the HSE responded as follows:

As part of the national response to Covid-19, work is underway to develop a new national mobile app for Ireland that will allow citizens to track their symptoms in real-time, and to digitally trace close contacts.

This will assist in national contact tracing efforts in the weeks and months ahead, as we move forward from the containment and mitigation phases of the public health response to Covid-19. The HSE is carrying out final security and product testing of the CovidTracker Ireland App.

The mobile app is being designed as a key element of the next phase of Irish national public health response. The power of the app lies in its capacity to provide early insight into the spread of Covid-19 and in its ability to enable the health services speed up and improve contact tracing.

The CovidTracker Ireland App will:

• help the health service with its efforts in Contact Tracing for people who are confirmed cases

• allow a user to record how well they are feeling, or track their symptoms every day

• provide links to advice if the user has symptoms or is feeling unwell

• give the user up-to-date information about the virus in Ireland

The Irish app will be designed in a way that maximises privacy as well as maximising value for public health. Privacy-by-design is a core principle underpinning the design of the CovidTracker Ireland App – which will operate on a voluntary and fully opt-in basis. The objective is to put in place a single official national Covid-19 mobile phone App for the population.

The CovidTracker Ireland App will be a vital part of our collective efforts to slow the spread of Covid-19, support our goal to flatten the curve, and hasten the easing of restrictions across the country.

Intensive work is underway in the Health Service Executive and across the Department of Health with direct support from the Office of Government Chief Information Officer and other technical expertise across the public service.

The implementation timeline will be determined by the technical progress and the results from the security and product testing that is underway. When it is ready the Department of Health and the HSE will formally launch the app with clear instructions on how to download and use it.

The questions were:

1. Has the HSE responded to Digital Rights Ireland’s recent letter to HSE CEO Paul Reid about its concerns related to the app/s? What is the HSE’s response? Has the HSE taken up DRI’s offer to help?

2. When will the contract tracing app be rolled out? Has the HSE Covid-19 app been officially launched?

3. What is the purpose of the HSE Covid-19 app which appears to ask for symptoms and users’ location? Does the HSE have any more proposed apps related to Covid-19 in the pipeline?

4. What specific data will be gathered from this app/these apps? How exactly will they work?

5. How will the data be stored?

6. Will there be a time-limit on how long the data will be stored?

7. Will the data be shared with anyone else, any other organisation or any other Government department or agency such as An Garda Síochána?

8. Who would be the controllers and processors of the data collected by this app/these apps?

9. We understand that the HSE has been in contact with the Office of the Data Protection Commissioner about the contract tracing app. Could the HSE outline the extent of these communications? Did the HSE liaise with the DPC in relation to the HSE Covid-19 app? Did the HSE liaise with any other privacy experts/advocates about the tracing app or any other apps?

10. What evidence does the HSE have that such apps contribute to limiting the spread of Covid-19?

11. How will the HSE ensure the app/apps are proportionate, necessary and in line with GDPR rules?

12. Did the HSE carry out a Data Protection Impact Assessment in respect of the app/s and will this/these be published?

Previously: Track And Trace

Dear Mr Reid…

CEO of the HSE Paul Reid, letter from Digital Rights Ireland to the HSE

Yesterday.

Further to a report in the Business Post by Susan Mitchell and Aaron Rogan on March 29 last that the HSE will be rolling out an opt-in “mobile phone tracking and tracing app” that will allow people to be notified if they were in close proximity to people who tested positive for Covid-19…

Digital Rights Ireland has written to the head of the HSE Paul Reid (above) asking to discuss the HSE’s plans for this app “and other digital initiatives” over a videoconference call.

It’s been previously reported that the HSE has been in contact with the Office of the Data Protection Commissioner about the track and trace app.

However, details of the app are not clear in terms of what information will be used, how and where this information will be stored and with whom it will be shared. It’s also not clear if the roll-out of the app will be subject to a time limit.

In its letter, Digital Rights Ireland, who successfully argued in the European Court of Justice in 2014 that laws requiring ISPs and mobile phone companies to log details of a phone user’s location, their texts, emails, internet use, and to store that information for up to two years, was a breach of privacy,  also asked for Mr Reid to provide it with the app’s Data Protection Impact Assessment.

It’s also not clear if such an assessment has been carried out.

Meanwhile, last night…

Phone tracking app set to be used as next step to fight Covid-19 (Susan Mitchell, Aaron Rogan, Business Post)

Previously: Track And Trace

G’Wan De Digital Rights

Public Services Card; from the Digital Rights Ireland’s website

Ciannan Brennan, in the Irish Examiner, reports:

A digital rights advocacy body is to bring the country’s first “mass action” against the State regarding alleged infringements of the EU’s General Data Protection Regulation (GDPR) in the case of the Public Services Card (PSC).

Digital Rights Ireland (DRI) has launched its #no2psc campaign, which will see the group make a complaint to the Data Protection Commissioner on behalf of citizens that cardholders’ rights have been breached en masse under GDPR.

In order to sign up for the action, people who either have or have had a PSC can give their details, including PSC number, via DRI’s campaign portal online. They also must give their PSC number.

Rights group to bring ‘mass action’ against State over PSC (Ciannan Brennan, The Irish Examiner)

#No2PSC (Digital Rights Ireland)

ecjdigital

[From top: The European Court of Justice in Kirchberg, Luxembourg and Digital
Rights Ireland logo]

In 2006, Digital Rights Ireland took a case against in the State, challenging the legality of the retention of data by phone companies and internet service providers.

DRI argued that laws which require ISPs and mobile phone companies to log details about a person’s location, text messages, emails, internet use and to store that information for up to two years is a breach of the right to privacy. This information didn’t include the content but rather the matter of who called who, when and for how long; where a person was at a given time (via a mobile), who emailed or texted and when.

In 2012, the High Court referred the case to the European Court of Justice for an opinion on the validity of the EU data-retention directive (2006/24/EC).

Today, the ECJ found the directive invalid, stating:

“…entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data” and that it “entails an interference with the fundamental rights of practically the entire European population”.

And:

The fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance.”

In a statement TJ McIntyre, Chairman of DRI,  said:

“This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ’s judgement finds that untargeted monitoring of the entire population is unacceptable in a democratic society.”

McGarr Solicitors, who represent Digital Rights Ireland, said:

“This case is a profound statement of European values by Europe’s top court. The court has rejected the principle of mass surveillance of EU citizens without suspicion as incompatible with the Charter of Fundamental Rights. It will be up to individual member states to now ensure their domestic law is in compliance with the ECJ’s judgment.”

Read full text of the judgement here

Digital Rights Ireland

European court declares data retention directive invalid (Irish Times)

Related: Tomorrow’s ECJ judgement Q&A

Previously: Fight For Your Digital Rights

G’wan De Digital Rights

Thanks Eoin

DRI

Earlier this month DRI [Digital Rights ireland] faced closure if it couldn’t raise the money needed to pay legal costs [incurred following a failed application for a right to speak in a court case whereby record companies were demanding internet blocking].

Well…

 “We’ve been overwhelmed by the support we’ve received and we’ve more or less hit our target and will be able to cover the costs.”

Co-founder of Digital Rights Ireland, TJ McIntyre, speaking in yesterday’s Sunday Business Post [behind paywall].

Yay.

Previously: Fight For Your Digital Rights

digital

Digital Rights Ireland claims it may be shut down if it can’t raise the money needed to pay the legal costs it has incurred, following a failed application for a right to speak in a court case last year whereby record companies were demanding internet blocking.

The group wanted to tell the court that internet blocking is futile and how overblocking can harm internet users.

It writes:

“2013 was a big year for digital rights and for Digital Rights Ireland in particular. We had a major success with our case against mass surveillance which led to an Advocate-General’s opinion that the Data Retention Directive is incompatible with the European Charter of Fundamental Rights – and we are confident that this will lead in a few months to a judgment from the European Court of Justice which will give greater privacy rights for all Europeans. Don’t take our word for it – here’s MEP Jan Philipp Albrecht in the Wall Street Journal describing this as a “breakthrough for civil liberties“. We also appeared before the Irish Parliament to argue against kneejerk reactions to “cyberbullying” which could damage free speech online.”

“But after a financial setback we need your help to be able to keep up this work. Here’s why.

“In February we took another important court case. We applied to be an ‘amicus curiae‘ in a case brought by record companies demanding internet blocking in Ireland. This would have given us the right to speak in court – to explain why blocking is futile and how overblocking affects other websites and harms internet users. Otherwise the Irish courts can order blocking based only on the say so of the music industry – without anyone to challenge their case.”

“The judge gave a detailed decision. However, the upshot was that we did not succeed in our application. What’s more, costs were awarded against us. This meant that we had to pay the bills of the other parties to the case. The ISPs did not pursue costs against us, but the music industry did – demanding that we pay them €26,658.15 for what was, in effect, a single day in court. We challenged that bill and it was reduced to €13,700 – but we had to pay further costs of €1,900 to do so.”

“You might think that litigation in Ireland is outrageously expensive. You might think that this favours industry over the rights of the individual and cripples civil society. We wouldn’t quibble. Be that as it may, we now need to raise money to cover these costs.”

“The alternative is that the music industry could shut us down.”

“We need your help to make sure this doesn’t happen.”

We need your help to keep working for European digital rights in 2014 (Digital Rights Ireland)