skip to content

Centre for Law, Medicine and Life Sciences

Faculty of Law

LML is pleased to announce that the Journal of Law and the Biosciences has published ‘COVID-19 Contact Tracing Apps: A Stress Test for Privacy, the GDPR and Data Protection Regimes’ by Laura Bradford, Mateo Aboy and Kathy Liddell.

Digital surveillance has played a key role in containing the COVID-19 outbreak in China, Singapore, Israel and South Korea. Google and Apple recently announced the intention to build interfaces to allow Bluetooth contact tracking using Android and iPhone devices. One such contract tracing app was trialled in the Isle of Wight in May 2020, and is expected to be launched to the rest of the UK in June 2020.

This article assesses the compatibility of the proposed Apple/Google Bluetooth exposure notification system with Western privacy and data protection regimes and principles, including the General Data Protection Regulation (GDPR). It finds, somewhat counter-intuitively, that the GDPR’s expansive scope is not a hindrance, but rather an advantage in conditions of uncertainty such as a pandemic. Its principle-based approach offers a functional blueprint for system design that is compatible with fundamental rights. By contrast, narrower, sector-specific rules such as the US Health Insurance Portability and Accountability Act (HIPAA), and even the new California Consumer Privacy Act (CCPA), leave gaps that may prove difficult to bridge in the middle of an emergency.

The full article is available here, and a summary of some of LML’s work on Covid-19 can be found in the Faculty of Law’s Covid-19 compilation.