• Decentralized architecture keeps contact data on device, reducing central data exposure. • Uses Bluetooth Low Energy (BLE) for proximity detection, no GPS or location tracking. • Data encryption at rest and in transit, employing AES-256 and TLS 1.3. • Anonymous identifiers rotate frequently, preventing long-term user profiling. • Minimal data collection: only temporary IDs, no personal identifiers or health status. • Consent is explicit, with clear opt‑in and opt‑out mechanisms. • Regular security audits and open-source code review enhance transparency. • Compliance with UK GDPR and NHS Digital data protection standards.
Article Summaries:
- The NHS has released a high‑level overview of the privacy and security architecture underpinning its COVID‑19 contact‑tracing app. The document details how the app uses decentralized data storage, anonymised identifiers, and end‑to‑end encryption to protect user information. It explains the role of the NHS Digital team in overseeing data governance, the use of secure servers, and compliance with UK data protection regulations. The release also outlines the app’s permission model, emphasizing that no personal data is shared with third parties and that users can delete their data at any time. The NHS stresses that the design balances public health needs with individual privacy rights.
Sources: