- StopCOVID NI – Easy Read Privacy Notice
StopCOVID NI – Easy Read Privacy Notice
- This helps explain how the ‘StopCOVID NI’ Proximity app works, what data is collected by the app, and who gets to see it and why.
- You don’t have to use this app. it is provided for free; available from the Apple App Store and the Google Play Store.
- The app runs on iPhones that support iOS 12.5 and higher, and Android phones running Android 6.0 and higher.
- You have to be 11 years of age, or older to us this app. You also have to be living in Northern Ireland. You will be asked to confirm these things.
- This Data Protection Information Notice may change. You should check it each time the app is updated on your phone.
What does the app do?
The purpose of the app is to support the public health response to the COVID-19 crisis in Northern Ireland. The app has the following functions.
If you test positive for COVID-19 you can tell the app. Other app users that you’ve been close to, and might have spread the infection to, will then get an alert. The alert will advise them to self-isolate, meaning that they will have to stay at home for 14 days (missing school or work, and can’t see friends). They won’t know who it was who tested positive, when or where the close contact happened. There is guidance on this :
Self-Isolation Guidance (Age 11-15)
Household Self-Isolation Guidance (Age 11-15)
Household Self-Isolation Guidance
If you test positive for COVID-19 you will get a code by SMS text message from ‘HSCresult’. When you put your test code into this app you will be asked to share the random IDs that your phone has been swapping with other app users over the last 14 days. This will allow us to tell those people that they have been exposed to COVID-19.
We will never ask you to reply to the SMS text message. Please ignore any message if it asks you to reply or send information.
How is my privacy protected?
If you tell the app you have COVID-19, nobody else will know. It never knows your name or where you are, so it’s completely private.
The app only collects general information such as the number of app users, the number of people who add their test result, and the number of people who get a close contact alert. We need this information to prove the app works, and make it a medical device.
For all this to work, you have to allow ‘COVID-19 Exposure Notification Services’ on your phone. You can also allow notifications so that you get an alert on your phone if you are exposed to someone who has tested positive for COVID-19. You can turn these off, if you change your mind, in the app settings page.
To protect your privacy, and tell you as soon as possible if you’ve been near someone with COVID-19, we use automated processing. This means that computers, not people, make some decisions, including whether or not you get a close contact alert. Some people are unhappy with this. To be able to use the app you will be asked to agree to the automated processing, as the app cannot work without it.
You will also be asked to give your consent to these alerts (exposure notifications) by clicking “I agree” on a consent screen. In this way you are letting the app know that you are aware this is happening and the result may mean that you will have to self-isolate, if you are in close contact with someone who has COVID-19.
All the app data stored on your phone is encrypted (hidden by mixing it up in a code). Data is also encrypted when it is being uploaded to our servers. The App does not store or send any data that can identify you. The App does not access GPS functionality on the phone and never tracks your location.
None of your personal data is collected or stored when you use the App. The anonymous data that is collected and used by the App is protected by using IT security. The IT security used includes encryption (scrambling in a code), modern firewalls and intrusion prevention (barriers to stop people getting in and causing harm).
When the pandemic ends, the App will be shut down. Users will be told to delete it from their phone. All data on our servers will be deleted.
The app is only designed to alert people if they are risk of infection. We are not planning to get it to do other things in the future. We may update it from time to time with newer versions that improve how it works.
Getting an Alert
Alerts (‘Exposure Notifications’) happen when you have been close to someone who tests positive for COVID 19.
Because you might be infected, the app tells you to self-isolate (stay at home and not go out, even to work or school), and get a test if you get COVID symptoms, (new cough, or a temperature, or change in your sense of smell or taste). This helps you to know when you might be infected, before you get symptoms, so that you can stay at home and not pass on the infection to others. Younger App users who receive an alert should talk to a trusted adult (e.g. parent/ guardian).
To work the app collects some data. We do not collect personal data that can be linked to you. The app protects your privacy.
1. Regional data
For all people using the app in Northern Ireland, we can see a total number of certain things
- The total number of app users
- The total number of times where someone with a positive test has let the app know
- The total number of times in Northern Ireland where people using the app have had an alert to self-isolate
We need to collect this data so we can prove the app works and get an approval called Cϵ accreditation:
2. Data made by the app on your phone
So app users let each other know when one of them has tested positive, and other users are at risk of infection, the apps (on each phone) swap random (anonymous) IDs – strings of letters and numbers. Your phone keeps the IDs you send, and the ones you collect for 14 days. If you, or another app user gets a positive test, you release the random IDs you have been sending out, and other app users’ phones will compare them with the IDs of contacts they have been collecting. If there is a match, the app gives an alert to self-isolate.
3. Data collected from your phone:
So your phone can connect, by the app, to alert other app users it has to use an internet protocol (IP) address. An IP address is usually made up of 4 sets of numbers (e.g. 126.96.36.199) and is given to you by your mobile phone or Wi-Fi service provider. Under the GDPR (data law) your IP address is thought of as your personal data.
While your data (the random IDs) travels with the IP address it is said to be personal data. The Department of Health does not use your IP address to identify you; the IP address is removed and deleted at the ‘front door’ of the HSCB AWS account (the place where we have the app backend servers), and the information becomes anonymous again and cannot be linked back to you. We do not store the IP addresses.
The Legal stuff
We need to have a good reason to use your personal information. It’s called the ‘lawful basis for processing’. We have looked at the law, and have taken advice from experts.
In some cases, we will process your data on the basis that you click ‘yes’, or ‘agree’ to what will happen to your data by using the app. When you download the app and open it up for the first time, the app will explain some things to you and ask you for you to give your permission to do those things. If you check out the section ‘how is my privacy protected?’ you can read about the things the app asks you to say yes to.
Saying yes is sometimes called ‘giving consent’. Under the ‘what data?’ section you can find details about random IDs, (we call diagnosis keys), your phone swaps with other phones so that the app can work. In the app, we ask you to give your permission (consent) to share these random IDs if you test positive for COVID-19, and tell the app.
We also ask you to agree to the Automated Decision Making that is carried out by the app. More information about how Automated Decision Making works in the app is covered under the, ‘How is the app making decisions’ section.
Because this app is helpful to you and helps to protect everyone in the community, (by reducing or preventing the spread of infection), the law allows us to provide this service to people aged 11 or older, as it is seen as a ‘preventative service’. Anyone aged 11 or older can easily spread infection to others, without knowing they are infected. Getting a warning that you might be infected helps you to avoid passing the infection on to others. Helping to stop infection spreading helps everyone:
- it lowers the number of people needing to go into hospital
- it lowers the number of people dying
- it can help keep schools open
- it can help avoid the need for another lockdown where everything stops again and people lose jobs or money.
This helps younger people and adults.
Because this is a preventative service (preventing the spread of infection), younger people can decide to use the app for themselves. However, we do think that younger people should talk to a parent/guardian, or a trusted adult, if you have any worries about anything in the app; if you don’t understand anything; or you would just like some help. If you are a younger person and you are given advice to get a test or self-isolate, you are going to need someone to help you, so again, we would ask you to talk to your parent/guardian, or an adult you trust. Because this is a preventative service (helping prevent infection spreading), young people can choose to use the app without the need for permission from an adult, but because of the need for help to self-isolate or get tested, it is a good idea to involve an adult you trust in doing these things.
We also have duties under the law as a public body that enable us to use your information for other parts of the app such as metric data for collecting stats, this is seen as our ‘public task’, or duties that we carry out in the ‘public interest’ (for the good of everyone). We are also allowed to process information in order to protect public health. More information about how your data is used for our public duties and tasks is covered under the ‘What Data’ section. If you would like to read more detailed information regarding how we process your information lawfully, with specific references to data protection law, you can read the legal section of the more detailed privacy notice for the app here.
Apps used for health reasons have to be good enough to use and be safe to use. The MHRA is the regulator (the people who help decide) if this app is good enough and safe enough to use. They have said that they think it is. They want the app to pass a standard – Cϵ accreditation – to prove that it is in the next 6 months. If you check out the ‘What data?’ section, it will tell you the data we are collecting to prove that the app works.
How is the app making decisions?
Let’s look at each feature in the app in detail.
How Contact Tracing works
The manual contact tracing managed by the Public Health Agency (PHA), service (where people talk to people on the phone to find out who might have the infection and ask them to stay at home) needs you to able to remember who you have been in contact with recently, and for how long. Often you may not even know those people (for example, if the contact happened on a bus or train, at a concert, a restaurant or some other public place).
The app uses technology from Apple and Google. Anonymous changing identifiers (random IDs) are swapped between mobile phones. A random and unique ID is made by your phone every 15 minutes. If you are close to someone, who also uses the app on their phone, your identifier will be saved on that person’s phone and you will save their identifier on your phone. All identifiers collected will remain on your mobile but you can’t see them, nor can anyone else. These anonymous IDs cannot identify you to other users, or to the Department of Health.
If a person using the app receives a positive COVID-19 diagnosis, they will get a text message. This gives them permission, using an ‘authorisation code’ so they can let the app know they have had a positive test.
All those with a positive test will also get a phone call from a person working for the PHA on the ‘Test Trace and Protect’ service. On the call, they will be asked if they are using the ‘StopCOVID NI’ app and if yes, if they have not already done so, if they wish to enter an ‘authorisation code’ to the app to allow the upload of ‘random IDs’ from their phone. To do this, the PHA will send them a code by text, which when entered into the app allows the upload of the random IDs. You, as the app user, will make the choice to use the code to enable the random IDs to be uploaded (released). Once they have been released from your phone, the ‘random IDs’ are called ‘Diagnosis Keys’.
How the app warns you
Every two hours, the latest ‘Diagnosis Keys’ (random anonymous IDs for those who have had a positive test), from the app will be downloaded by every user’s phone. These will be used to check for matches against the ‘random IDs’ of the contacts that have been collected by your phone. If there is a match, you will be warned in the app that you were in close contact with a person who was diagnosed with COVID-19; this is called an ‘Exposure Notification’. You will be told to self-isolate in order to avoid passing COVID-19 to others.
For all this to work, you have to allow ‘COVID-19 Exposure Notification Services’ on your phone. You are also asked to choose to allow your phone to show notifications, so that you can also receive an alert on your phone if you have been exposed (close to) to someone who has tested positive for COVID-19. You can turn off this service, if you change your mind, in the settings page of the app.
It is important to know that the app never reveals the identity of any person using the app to other app users, and never reveals who has been diagnosed positive. Also, the PHA and DoH will not know if you get an ‘exposure notification’. They only ever know the total number of people in Northern Ireland getting alerts each day.
The ‘exposure notifications’ or alerts that the app gives telling users to self-isolate (stay at home, and away from others) use ‘automated processing,’ not involving a person (which means that the phone, working with the app, works out whether to send an alert, not a person). The phone uses the coding in the app to work out the risk of being infected. It does this by measuring the strength and timing of Bluetooth signals (form the phones of app users). No human decision is involved. The automated process is carried out using the random IDs that are swapped by the phones of app users, and the measurement of the Bluetooth signals to calculate that app users’ phones have been close enough for long enough to have a risk of spreading infection. Doing this in an automated way (without involving people) keeps your identity secret, and also keeps the identity of other app users secret. When you open the app, and agree to this, you are agreeing to this automated process. If you need to discuss this process, or an alert you have received with someone, you (or a trusted adult) can call ‘0300 200 7896’ Monday-Friday (excluding bank holidays) between the hours of 8:30am – 5:30 pm. App users can give their point of view and disagree with the decision.
What happens to my data?
The Department of Health (DoH) in Northern Ireland is the Data Controller and responsible for your personal data.
Other People Receiving Data
The data collected (described in the ‘What data?’ section, e.g. numbers of app users) does not identify you and can’t be linked to you- this can be described as ‘anonymised’ data. The DoH will share this data, in order for members of the public to see the number of people using the app, and to prove that the app is helping to reduce the spread of infection of COVID-19. Random anonymised IDs, called ‘diagnosis keys’, which are described in the ‘What data?’ section, are shared with DoH in Ireland so that you can use your app in Ireland. These also allow people living in Ireland to use their app if they travel here. As more countries get their own app, we will share these random anonymous IDs with them, so you can use your app travelling there and they can use their app here. We want things to be joined up, as this helps everyone in the fight against Covid.
Where else is data going?
At the moment, no data is planned to go outside Europe. If this changes, we will let you know. We would only share the random anonymous IDs to allow you to use the App when you travel and to support people from other countries travelling here and using their own app. All data will be used in line with Data Protection law, including the General Data Protection Regulation (GDPR).
How long do you keep my data?
How long your personal data is held for?
No personal data is collected or stored, but see ‘What data?’ to find out what data we use and what we use your data for.
We will only retain data for the minimum amount of time necessary. More information on how long we keep the different types of data processed when using the app is provided below.
Your IP Address:
If you get a positive test and share random anonymous IDs through the app, your phone uploads this data with your IP (Internet Protocol) address to AWS servers (the app backend). The IP address is deleted at the ‘front door’ never reaching the application layer (the bit that supports the app. IP addresses are needed to have your phone connect to the app server (backend), to be able to communicate with other app users anonymously. It is impossible for any app to connect with a server without an IP address. The IP address is removed at the ‘front door’ in order to protect your privacy, and it is not stored anywhere.
Gov.UK Notify SMS Service (our text message server)
All SMS texts and phone numbers, used by the server, are deleted once a SMS text message has been sent to you. This ‘server’ is totally separate from the servers supporting the backend of the app. Different service teams will be used to make sure that any identifiable information (mobile phone numbers and test results) are kept separate from the app backend servers, preventing any person’s information being joined up with anonymous information from the app, in order to prevent an app user from being identified.
The Public Health Agency manual Contact Tracing service will also be telephoning all people with a positive test (including app users). They will ask of you have been sent a SMS text message; if not they can send you one.
DoH / HSCB / PHA- Regional Summary Level Information
The Department of Health / Health and Social Care Board / Public Health Agency will keep regional data about the total number of app users / the total number of people with a positive test who shared their random anonymous IDs / the total number of people getting a warning to self-isolate.
This regional level data (see the section ‘What data?’ will be stored (for as long as it is useful) to support research and to help us plan for the future if we have another pandemic. This does not involve any data that could identify an individual.
When the pandemic is over, the app will be stood down (removed). Users will be told to delete it from their phone. Any anonymised data present, at that time, in the AWS servers (on behalf of the DoH to support the app function) will be deleted. Nothing will be kept.
How are my rights respected? Users have rights under GDPR when their personal data are processed by data controllers.
- Right to information – a Data Protection Privacy Notice (Notice) is provided in the app. This has all the details of how your data is managed.
- Right to rectification – no personal data is collected or stored by us, so we cannot do anything if you request rectification.
- Right of access – no personal data is collected or stored by us, so we cannot do anything if you request access.
- Right to erasure – you can choose ‘Leave’ in the app, delete the app, and delete ENS data from your device settings. No personal data is collected or stored by us, so we cannot do anything if you request erasure.
- Right to restriction – you can change you mind and not allow ENS and exposure notifications. You can also decide not to upload random IDs. you can choose ‘Leave’ in the app, delete the app, and delete ENS data from your device settings. No personal data is collected or stored by us, so we cannot do anything if you request restriction.
- Right to portability – you cannot move your app data to another device and because we don’t store your data, we cannot move it either. No personal data is collected or stored by us, so we cannot do anything if you request portability.
- Right to object – you can use the ‘Leave’ function, delete the app, and delete ENS data via device settings.
- Right not to be subject to solely automated decision-making including profiling – Computers, not people, make some decisions, including whether or not you get a close contact alert. The app relies on this to work properly. If you want to speak to someone about an alert from the App, call 0300 200 7896 (weekdays 8:30am – 5:30pm) and select the ‘exposure notification’ option. The person you speak to will not know who, where or when the close contact happened, but they will try to explain and answer your questions. You can disagree with the app’s decision and decide for yourself whether to self-isolate to stop infecting others. If you are still not satisfied you should speak to your doctor.
Who is the Data Controller (owner of the app)?
The Department of Health (DoH) in Northern Ireland is the Data Controller and responsible for your personal data. The DoH has worked with the Health and Social Care Board and Public Health Agency (PHA) to deliver the app.
Details for the Data Controller and Data Protection Officer are below. If you wish to complain about the app you can contact the Department using those details.
If you have a question about how your data is used you can also call the ‘0300 200 7896’ Northern Ireland’ Helpline, Monday-Friday (excluding bank holidays) between the hours of 8:30am – 5:30 pm.
Data Controller Contact Details
Department of Health (DoH)
Contact- Chief Digital Information Officer Group
Can I leave?
You can select the leave function, delete the app at any time, and delete ENS data via device settings – erasing all data processed on the phone. Since no personal data is collected or retained by DoH, there would be nothing that the DoH would need to do to help you leave.
How can I complain?
If you are unhappy with any of this, please contact:
Data Protection Officer
If you are still not happy, you can make a complaint to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: Information Commissioner’s Office