Norway Halts COVID-19 Phone App Over Privacy Worries, Will Delete Data

Smittestopp.jpg

Citing privacy concerns from the country's Data Protection Authorities, Norway's public health agency stopped using a COVID-19 track and trace app and deleted all the data collected to date.

The software for the app, called Smittestopp, was one of the first to be launched in Europe but the privacy agency said it posed a disproportionate threat, including by continuously uploading users’ locations, said Tech Crunch.

Before the European Data Protection Board had put out guidelines for COVID-19 apps, Norway moved to a centralized scheme in which user data is uploaded to a central server controlled by the Norwegian Institute of Public Health (FHI) instead of being stored locally on the device.

That raised flags with critics: While many other COVID-19 apps in Europe use Bluetooth signals to estimate user proximity as a means of calculating exposure risk, Norway’s app also tracked real-time GPS location data.

After the country's data privacy board cited its concern, the public health agency ceased use of the app on June 15 instead of a June 23 deadline, all the while disputing the findings.

“We do not agree with the Data Protection Agency’s assessment, but now we have to delete all data and pause work as a result of the notification,” said FHI director Camilla Stoltenberg in a statement.

“With this, we weaken an important part of our preparedness for increased spread of infection, because we lose time in developing and testing the app. At the same time, we have a reduced ability to fight the spread of infection that is ongoing,” she said.

“The pandemic is not over. We have no immunity in the population, no vaccine, and no effective treatment. Without the Smittestopp app, we will be less equipped to prevent new outbreaks that may occur locally or nationally,” she added, the site said.

Europe’s data protection framework allows for personal data to be processed for critical health reasons such as the pandemic and Norway's privacy agency initially agreed an app could be a workable tool but wasn't consulted during development.

With the country having a low rate of infection and 600,000 of 5.4 million residents using the app on a voluntary basis, the privacy board said Smittestopp was no longer needed, the data essentially irrelevant.

“We have no immunity in the population, no vaccine, and no effective treatment. Without the Smittestopp app, we will be less equipped to prevent new outbreaks that may occur locally or nationally,” she said, according to MIT Technology Review. Furthermore, the university states that Norway opted against using privacy-focused technology developed by Google and Apple, and its app failed on marks of data minimization and transparency in the MIT’s Covid Tracing Tracker assessment.

 

Previous
Previous

Spanish Congress blocks "insufficient" whistleblowing protection law

Next
Next

Blueprint publishes Op-Ed in Spanish media on proposed whistleblower protection legislation