This week the Government confirmed that the NHSX app being developed as a response to the Covid-19 pandemic is using a centralised contact matching system. This means the app is more invasive in data collection than the alternative decentralised models such as the Apple/Google API and will store all data in a centralised system, rather than on each individual phone. ORG and a growing number of digital tech and digital rights experts are raising questions about both the invasive data gathering of the centralised approach, as well as the technical workability of the NHSX app (blog).
We have also already written about some of the key concerns that vulnerable people, including migrants, may face such as the lack of access to mobile phones, social exclusion and marginalisation. There is also the major issue of the lack of trust and concerns about data sharing between the NHS and the Home Office.
These concerns stem specifically from the current hostile environment policyof the Home Office introduced by Theresa May in 2011 and upheld with minor linguistic changes until today. It gave the Home Office sweeping powers and the mandate to access personal data such as addresses collected by GPs, hospitals, schools, and job centres and use it to track down individuals for immigration detention or deportation. Over the last decade this policy hascaused immeasurable injustice and suffering, including Britain’s biggest immigration scandal – Windrush. It has also served to erode the overall trust between ethnic minorities, migrant communities and the Home Office and has made people fearful or reluctant to seek medical help or contact the police if they have been the victim of a crime, for fear that they will be deported or detained.
Directly, these concerns affect a relatively small number of people whose immigration status is irregular. But it can also include a much wider set of people who have every legal right to be here but simply do not trust the Home Office and will be reluctant to entrust it with their private data.
This mistrust has become very dangerous in the time of the Covid-19 pandemic, where public trust and mass participation and use of the NHSX app are fundamental to its success.
For these users, a decentralised model would be likely to address concerns more effectively by reducing data sharing risks. This approach has been found to be more likely to comply with both human rights and data protection laws.
However, in case the government persists with the centralised approach, there is a need for strong legal safeguards that the Home Office will not be able to access the data collected through the NHSX app.
The adoption of such safeguardscan take the form of legal protection, such as the ones proposed in the Coronavirus Safeguards Bill, or a technical “firewall” around the data collected. These safeguards need to also extend beyond the lifetime of the app so as to ensure that the data will not be passed on to government or non-governmental actors once the pandemic is over.
If such safeguards are not built into the NHSX app, or any future technology deployed in the context of containing the Covid-19 pandemic, it is unlikely that this technology will be used by large sections of the migrant population who after a decade of being treated in a hostile manner simply do not trust the Home Office with their privacy and data.
Equally important is that in the case such safeguards are put in place, they need to be accompanied by a clear and targeted communication from the government and the NHS to create much-needed trust and confidence in the NHSX app.
For these reasons and others, we believe very strongly that the Joint Committee on Human Rights is pushing in the right direction when asking for a Safeguards Bill. We hope that organisations working with migrants will support this call as well.