Those making apps that help trace coronavirus need to have the right privacy measures in place if they are to convince the public to use them, a report from BCS, The Chartered Institute for IT has found.

A number of companies, including the NHS, have started making such apps, which alert smartphone users if they are in – or have been – in close contact to someone who has developed Covid-19 symptoms.

However concerns have been raised about data and privacy.

In response, The Chartered Institute for IT has published its new policy position paper drawing on its members’ experience.

The paper backs the technology, along with extensive testing and a strong communications campaign to increase public confidence in the technical and ethical aspects of the app.

In the report, BCS makes several recommendations that the government, public health authorities and developers should consider when developing contact-tracing apps.

They include:

  • Facilitate mass levels of Covid-19 testing to work in tandem with the contact tracing app, “you cannot ‘big data’ your way out of a ‘no data’ situation”
  • Engage and work strategically across the UK’s devolved administrations, with civil society to develop and implement a wide-ranging, inclusive communication programme regarding app installation and use, including guidelines on what is needed for maximum compliance and how the public can appropriately seek recourse
  • Ensure minimum interference with people’s personal ‘data’ lives and that data isn’t sold or shared beyond its intended stated purpose

Kathy Farndon, vice president at BCS, said: “The biggest threat to the success of the contact-tracing app is that perceived ‘Big Brother’ elements of the implementation, for example the use of a centralised database, may have a negative effect on uptake from the public and minimise the chance of reaching the 60% uptake implementation target.

“BCS considers that a sustained campaign to increase public confidence in IT, supported by assurances of real safeguards, open and ethical data governance and protection by design is fundamental.

“Contact tracing apps must be founded on ‘privacy by design, privacy by default’ principles and government must set a high bar for transparent and ethical data governance as its future legitimacy and trust with public data is at stake.”

You can read the full report here.