England and Wales’ contact tracing app will soon ask users to share details of venues they need to be checked in to if they test positive for the coronavirus.
The update to the NHS Covid-19 app is going to be deployed before shops reopening in both nations on 12 April, also as outdoor hospitality in England.
The authorities are going to be ready to use the knowledge to inform other visitors if they have to be tested for the virus.
But the system has been designed to protect users’ anonymity.
“The app has been designed with user privacy in mind, so it tracks the virus, not people, and uses the newest in data security technology to guard privacy,” said a spokeswoman for the Department of Health and Social Care.
Until now, the QR barcode scanning facility only came into use if local authorities themselves flagged a location as being a virus hotspot by other means.
This would then trigger a process whereby each phone could check if it had been at one among the affected venues on the dates concerned, and send the owner an alert.
But the power has rarely been used, despite quite 106 million check-ins.
In March, Sky News reported that “capacity issues at an area level” were blamed for this, with overburdened health protection teams unclear about what they were alleged to do.
The decision to automate the system via users’ actions could help address this.
People may need reservations about disclosing where they need been and when.
To address this, the Department of Health has said a “privacy-protecting” approach is being taken.
The app will only share venue history data if users are opt-in.
And instead of any names or other personal details being disclosed, the software will simply inform the system when an infected user had visited the locations.
Depending on the thresholds set – for instance what percentage of infected users visited an equivalent place on an equivalent day – other app users can then be told to either monitor their symptoms or immediately get a test, whether or not they feel ill or not.
It is not intended that the check-in tool be used alone to force others to self-isolate.
“People should not be worried about this as effectively they are not being asked where they were, but rather where an unidentified person testing positive with Covid was,” commented Prof Alan Woodward, a security expert from the University of Surrey.
Further details will be revealed in a forthcoming revision to the app’s data protection impact assessment (DPIA) document.