As technology takes centre stage in Covid-19 response, GRA issues privacy guidance
Technology has played a major role in the Covid-19 response, from organising volunteer deliveries to possible contact tracing, but with these ‘rapid developments’ unfolding the Gibraltar Regulatory Authority has issued guidance highlighting the potential for privacy risks.
The lockdown has seen Gibraltar and many countries across the globe rely heavily on technology now that daily tasks cannot be done like before.
Hundreds of volunteers locally have signed up to deliver goods to the elderly and vulnerable via the app OrderLord, allowing them to be tracked as they complete these requests.
In keeping with data protection rights, all those on the app had accepted to be tracked when approving the Terms of Service during enrolment.
“The use of this technology meant that the Volunteer Support Group were able to make best use of the willing volunteers that had signed up to help, and increase the efficiency and speed of the deliveries to those in need,” a Gibraltar Government spokesman said.
“The simplicity of it all is - someone in need calls the helpline, the Volunteer Support Group Leader assigns the task to a volunteer remotely and in an instant - and then ensures assistance is immediate from the side of the volunteer.”
The spokesman explained that after volunteers are vetted, they are issued with instructions and log in details.
“Volunteers only become visible when they are logged into the system,” the spokesman said.
“They are required to log out when they are not available to assist and thus ‘disappear’ from the dashboard.”
Volunteers who do not want to use the app are instead tasked via a telephone call.
Recognising privacy concerns, the spokesman added that the dashboard, including the locations, are only viewed by the Volunteers Support Group Leader and her deputy, and volunteers “disappear” from the app as soon as they log off.
Separately, the GRA published a guidance note on Wednesday offering information and guidance on the use of contact tracing applications and location data in the fight against Covid-19.
The Gibraltar Government is still in discussions with companies, including Apple, as to which system it will choose once contact tracing is implemented, and is leaning to a decentralised system that does not store user data in a central server. Rather, the system works anonymously and relies on user handsets and Bluetooth technology.
But the GRA is urging caution and has issued guidance.
“As with any emerging technology, it is important to recognise the data protection and privacy risks that may arise as a result,” the GRA said in a statement.
“Applications should adopt robust security including the use of encryption, and covering each stage of the data processing, data minimisation, transparency and user control, and any supporting technology, including centralised processing to support contact tracing, should follow the same principles.”
This guidance note is available on the data protection section of the GRA’s website: https://www.gra.gi/data-protection/general-data-protection-regulation.