Smittestopp(Infection Stop) Norway’s contact tracking App shut down after privacy concerns and for contravention of European data protection rules
Norway has had to shut down its contact tracing App which offered Norweigiens information about the nearest COVID-19 infected patient after being flagged for privacy invasion. Norway is one of the world’s most liberal countries and has very strict rules for privacy. It seems that it’s contact tracing App has fallen prey to its own laws.
Norway had launched its own contact tracing smartphone app called Smittestopp (“infection stop”) for Android smartphones and iPhones with much fanfare. Smittestopp was hailed as a digital solution for detecting and alerting close contact between COVID-19 infected patients. The App was developed under the aegis of Norway’s Institute of Public Health (FHI)and analyzes of anonymous and aggregated information on the population’s movement pattern letting the Norwegians know about the nearest coronavirus patient.
FHI also used the App data to evaluate infection prevention measures and monitor the spread of infection in Norway. Smittestopp collects large amounts of personal information about those who use the app, including tracking their location data and the information about users’ contact with others.
Now, the Smittestopp has been found to be invading privacy by Norway’s privacy watchdog, Data Protection Authority. The DPA gave the FHI until June 23 to allay their privacy concerns however, the FHI had decided to pull the plug on Smittestopp App.
said it will stop uploading data from the country’s Covid-19 contact tracing app, following a warning from the country’s data protection agency (DPA) that the app is too invasive of privacy. The Institute of Public Health (FHI) said it would stop data uploads from Tuesday and would delete all the information held in its databases “as soon as possible”.
FHI director Camilla Stoltenberg said the agency does not agree with the DPA’s assessment but would comply even though doing so would “weaken” the country’s Covid-19 preparedness. DPA also said that the Smittestopp App contravened on the European Data Protection agreement. The DPA gave the FHI the alternative to switch of GPS tracking and use only Bluetooth based tracking. The Privacy Council concluded that it is unnecessary to use location data in coronavirus infection tracking. The DPA was unhappy with FHI’s version of why GPS tracking was needed.
DPA had called a meeting with the FHI on June 19 to discuss the matter further. DPA wants the Apps users’ consent taken for using GPS in COVID-19 infection tracking. It says even if the users’ consent to GPS tracking the FHI must make some anonymization solution for the App data. You can read their notice to FHI here.
However, FHI has decided to pull the plug on the Smittestopp App altogether. This will harm Norway’s prospects of stopping coronavirus infection among its citizens. At present Norway has over 8600 coronavirus infected patients and already 242 Norwegians have died due to the dreaded disease.