Norway’s contact tracing app Smittestopp has been temporarily banned in response to privacy concerns from the Norwegian Data Protection Authority (NDPA). The Norwegian Institute of Public Health (NIPH), which developed the app with Simula research laboratory, expressed its disappointment with the NDPA’s decision, underlining that any setbacks with the app will only stall the country’s continued response to the COVID-19 pandemic.
As of Tuesday (16th June), the app is no longer collecting data and any personal data stored in the central database will be deleted. Users are encouraged to keep the app on their phones but to disable it for the meantime.
WHY IT MATTERS
Norway was one of the first countries to release a contact tracing app to citizens in a bid to relax societal restrictions whilst still monitoring the progress of the disease. The app, which uses both Bluetooth and GPS technologies, has been downloaded 1.6 million times and, as of 3rd June, had almost 600,000 active users sharing personal data with NIPH.
However, on Friday, 12th June, the NDPA sent a 20-page document to the NIPH outlining concerns that Smittestopp could not justify the extent of its invasion of user privacy, particularly in relation to the decreasing infection rate of COVID-19. As such, they implemented a temporary but immediate suspension of services until they can be satisfied with improved security measures, necessitating the deletion of all personal data heretofore collected by the app.
Smittestopp, which was designed to track transmissions and alert users if they may have come into contact with the virus, was tested in three municipalities; however, the low number of confirmed cases made it difficult to test whether alerts were indeed sent to those potentially exposed.
The NIPH acknowledged the speed at which the app was created and subsequent issues but declared that “we were now in a phase where we believed that Smittestopp would be a useful tool for both contact tracing and control of the infection situation.”
THE LARGER PICTURE
There has been constant debate around the safeguarding of privacy in contact tracing apps, particularly those that – as in the case of Smittestopp – utilise a centralised database. In Qatar, for example, Amnesty International exposed a weakness in their tracing app that could have left personal user information vulnerable to attack.
Nevertheless, contact tracing has been understood globally as an important means of tracking the virus as lockdown restrictions ease up.
ON THE RECORD
Professor Camilla Stoltenberg, director general at the NIPH, responded to the NDPA’s ban: “We do not agree with the NDPA’s evaluation, but now we will delete all data and put work on hold following the notification. This will weaken an important part of our preparedness for increased transmission because we are losing time in developing and testing the app.”
She continued: “Meanwhile, we have a reduced ability to combat ongoing transmission. The pandemic is not over. There is no immunity in the population, no vaccine, and no effective treatment. Without the Smittestopp app, we will be less equipped to prevent new local or national outbreaks.”
In its letter, the NDPA stated: “The Data Inspectorate wants to clarify that we do not want to stand in the way of using a digital solution that is a real contribution in the effort to limit the spread of COVID-19 infection in the population.”