
Coronavirus tracking app privacy – an introduction - theogoodman
https://medium.com/nymtech/coronavirus-tracking-app-privacy-an-introduction-d2950857598c
======
ko3us
Great run down. Australia just released their version of a COVID-19 tracking
app with a very similar approach.

[https://www.abc.net.au/news/2020-04-26/coronavirus-
tracing-a...](https://www.abc.net.au/news/2020-04-26/coronavirus-tracing-app-
covidsafe-australia-government-covid-19/12186130)

The privacy policy: [https://www.health.gov.au/using-our-
websites/privacy/privacy...](https://www.health.gov.au/using-our-
websites/privacy/privacy-policy-for-covidsafe-app)

So apparently when you sign up you provide: When you register for COVIDSafe We
will ask you to consent to the collection of your: mobile phone number – so
that you can be contacted if needed for contact tracing name – so the relevant
health officials can confirm they are speaking to the right person when
performing contact tracing. This will be easiest if you provide your full
name, but you can use a pseudonym or fake name if you prefer age range– so
health officials can prioritise cases for contact tracing, if needed postcode
–to make sure health officials from the right State or Territory who work in
your area can contact you, and to prioritise cases for contact tracing, e.g.
hotspot areas

When you use COVIDSafe Your app will only record the following contact data:
(1) the encrypted user ID, (2) date and time of contact and (3) Bluetooth
signal strength of other COVIDSafe users with which you come into contact.
This information will also be recorded on the other users’ devices. An
encrypted user ID will be created every 2 hours. This will be logged in the
National COVIDSafe data store (data store), operated by the Digital
Transformation Agency, in case you need to be identified for contact tracing.
No location data (data that could be used to track your movements) will be
collected at any time. No user will be able to see the contact data stored on
their device as it will be encrypted. Any attempt to decrypt contact data is
an offence. Contact data stored on a device will be automatically deleted
after 21 days. We cannot access any contact data stored on a device, or share
this with health officials, unless and until a COVIDSafe user consents to
upload the data to the data store.

I’ll be very intrigued to see how it goes.

