Norway halted the use of its mobile phone tool for tracking the spread of Covid-19 after the country’s data privacy watchdog raised flags that it’s too invasive now that infection rates have slowed.
The Norwegian Institute of Public Health stopped gathering information and deleted all data from its mobile app after the Data Protection Authority warned that it will temporarily ban the processing of personal information associated with the Smittestopp application.
“Smittestopp is a very invasive measure, even in an exceptional situation where society is trying to fight a pandemic,” the Data Protection Authority said in a statement. “The legality of Smittestopp depends on the social benefits.”
Norway has largely escaped the large-scale infection rates seen elsewhere in Europe after closing its borders early and going into lockdown. It now has only 16 people hospitalized with the virus, with just 4 in intensive care.
European privacy watchdogs have been surprisingly flexible during the pandemic on the collection of data to protect people’s health and stem the infection’s spread. Still, regulators have warned that contact tracing apps can’t store data for longer than needed.
Smittestopp, or infection stop, uses bluetooth and GPS tracking to detect and warn users when they may have come into contact someone who has tested positive for the coronavirus. It has been downloaded 1.6 million times, but the number of active users has dropped to about only 600,000 since being released mid-April, at the height of the pandemic.
The watchdog questioned how useful the app is given its low usage and also warned that pairing bluetooth for contact detection with location data for analysis went too far. The Public Health Institute said that the pandemic isn’t over and banning the app weakens the country’s ability to fight its spread.
Since their inception, contact-tracing apps have raised concerns about their potential to infringe on people’s rights to privacy by collecting sensitive data about location, health and information about who people interact with. While not a member of the European Union, Norway still has to implement the so-called General Data Protection Regulation.
The national health institute has until June 23 to respond to the data watchdog’s decision.
To contact the reporter on this story:
To contact the editors responsible for this story:
Anthony Aarons, Peter Chapman
© 2020 Bloomberg L.P. All rights reserved. Used with permission.