[ad_1]
The Norwegian Data Inspectorate has sent a notice to the Institute of Public Health (FHI) regarding the Infection Stop app. The documents they request will be in effect long before the deadline, according to FHI.
The background is that the Danish Data Protection Agency believes that there are deficiencies in the treatment protocol and the analysis of risks and vulnerabilities that have been carried out in relation to the application solution.
They believe that FHI has not been accurate enough when they have stated the purpose of the application as “digital infection tracking” in the treatment protocol.
When it comes to risk and vulnerability analysis, the Norwegian Data Inspectorate believes it lacks evaluations for the key parts of the solution: public warning of coronary infection, anonymisation of personal data, and analysis.
– We asked for these documents because we thought they were simply not good enough. Having clear descriptions of what type of data they collect is the foundation of all good data processing, Bjørn Director of Data Inspection Erik Thon, told VG.
– No problem
FHI Acting Assistant Director Gun Peggy Knudsen says they will be able to meet the Data Inspection requirements.
– When the Danish Data Protection Agency believes that the purpose of the treatment protocol, where we have written “digital infection detection”, is too general, we have no problem writing more about it, Knudsen tells VG.
According to the FHI leader, they have the documentation that the Norwegian Data Inspectorate requests in the notification of orders, both in terms of risk and vulnerability analysis and treatment protocol.
also read
Infection application lacks more than 1.3 million users to achieve FHI goals
“We have already submitted some documents, and we will send more, in time for the May 21 deadline,” says FHI Acting Assistant Director Gun Peggy Knudsen.
Currently, FHI has received no comments on whether the documentation they have submitted to the Data Inspectorate is satisfactory.
Thon is pleased that FHI says they will provide the documentation that the Norwegian Data Inspectorate has requested.
– They have responded and say they will get to what we have asked for, and that is fine, he says.
The control case will continue
The Data Inspectorate will continue with the control case to analyze issues related to the purpose, usefulness, collection and storage of personal data, as well as security in the solution.
This means, among other things, that they will take a closer look at using location data in addition to Bluetooth to track down the infection.
– The use of both to track the infection is contrary to the recommendation of the European Data Protection Agency. You shouldn’t anticipate anything, but it’s something we’ll study, he says.