Should I use the Norwegian covid-19 tracking app "smittestopp"?
Monica Verma
Top #3 CISO in EMEA | Board-certified leader (QTE) | Founder | Helping you accelerate your career & business in AI, Leadership & Cybersecurity | Open to board positions | Subscribe to my newsletter
In the last days and weeks, new apps have been popping up in different countries, launched by their government and/or national health agency or in some cases by the technology giants. Recently, Norway got added to the list by launching a corona tracking app to help track the infection and more importantly to help the society to come back from the "new" normal to our "old" but hopefully better normal, sooner than later. Norwegian Prime Minister Erna Solberg said at a press conference that this app represents "a step forward for our greater freedom".
One of the biggest questions, I have heard and seen over the last hours is "Should I be using the coronavirus tracker app: Smittestopp?" A lot of people have been positive to it and have started using it to help and support the society in this "Dugnad". Being paranoid by profession and German, I took the liberty and time to read the Privacy Policy while I was already at it. Here are some snippets of some of the key (imho) info that can help alleviate concerns regarding use of the app.
Processing of Data
The app will process and use personal data including GPS-locations (to track movement patterns), bluetooth data of the same app on the nearby phones that are within your range (to be able to track if you have been in contact with someone who is infected), mobile number, age, etc. The main purpose of collecting and processing this personal data is to help identify and track infection spread and assess the affect of infection control measures. But the good news is, as per FHI, mobile phone numbers and other direct personally identifiable information about users will not be processed for this purpose.
Personal data is processed, stored and deleted automatically after 30 days. In case of extension of storage you, as the app user, should be notified. The data will not be sent to police, insurance companies or used for any other purposes other than tracking the covid-19 spread and assessing the impact of infection control measures.
By default, data is only processed automatically without manual intervention, however there can be situations whereby authorised personell may access data. All personal data processed and stored should be logged, along with who is accessing what personal data and when. You would have the right to get information on GPS-data that is stored connected to your mobile number by logging on to www.helsenorge.no/smittestopp or by contacting directly [email protected]. Honestly, I am kind of curious to test this part, whilst I support the initiative and the society.
Oh, and since data will be stored outside Norway (ref. next para below), as per the policy terms, all data will be processed within EU/E?S in accordance to GDPR. Many might still be skeptical about there personal data being stored in MS Azure in Ireland! But then most of your GPS and other personal data is probably already stored on Facebook, Google and Amazon servers in U.S. and other parts of the world.
Storage of Data
FHI uses the following data processors as of today:
- Simula Research Lab AS (company that made the app)
- MS Ireland (storage of data in MS Azure in Ireland)
- Norsk Helsenett
Deletion of Data
You can always delete your own data via the app any time you wish and it will be removed from the app as well as centrally. After that you can delete the app itself.
If you just delete the app the data will be removed automatically after 1 week.
Conclusion
On one hand, you can choose to not download the app. You can also download it and still go out/move anywhere without your mobile (obviously that defeats the whole purpose of the app). And you can always delete your data and the app itself. On the other hand, you can read the above and realise that
a) The benefits that this app might bring, the data seems to be handled responsibly and transparently.
b) You are most certainly already being tracked by hundreds of other social media and productivity apps that come no where close to the intention and purpose that this app is designed to solve for our community and society.
Are you still worried of using the app?
Founder and CEO RevolSource, IT consultant, Ambassador of the Information Security Institute | Business tools to improve business efficiency and protect business.
1 年??
Thank you Monica. The app poses serious concerns due to the use of GPS and its closed source nature (both the app and the backend systems). There is vast expert consensus that using GPS data is not the way forward and the EU commission has strictly forbidden it in their recommendations just like they excluded the use of closed source. Furthermore, the use of decentralised situations (instead of cloud-based ones) is also the preferred approach in the EU (see PEPP-PT initiative). That puts the Norwegian app quite at odds with what everyone else has done and without satisfactory explanations. Other then that, the app can be a positive approach to dealing with the crisis, if implemented correctly.
Senior IT Consultant & Project Manager | Specializing in Digital Transformations & Microsoft Solutions | Experienced in ERP Implementations and Azure Cloud Migrations
4 年How does the app work?
Zero Trust soldier, working solo to change and enhance security for customers. Start with the mindset. Successful attacks occur in allowed traffic on technology. gorantomte.no/ zerotrustsoldier.com/
4 年Litt relatert til Roar Thon sin fine.
Director WW Tech Strategy @ Microsoft | Microsoft SaaS Academy Co-Founder
4 年Thanks for bringing more clarity around such an important topic Monica Verma . In particular, i liked that you call out the amount of personal data already shared out there on SM or other forums. In this case its all about the future of our society, so as said before privacy should take as step back in favour of the well being of us all