内容简介:I was hesitant to speak about contact tracing apps because so many people speak on the subject and the ratio of repeating the same cliches over and over is also high. Little insightful things are left to be said in this rather simple problem. But recently
I was hesitant to speak about contact tracing apps because so many people speak on the subject and the ratio of repeating the same cliches over and over is also high. Little insightful things are left to be said in this rather simple problem. But recently it emerged that a particular contact-tracing app is using an approach that triggers a potentially controversial issue.
Covid-19 contact tracing is a sensitive area. Not only concerns the health data of millions of users. It is also about tracking proximity and contacts between those people, and about installing state-supplied apps. The topic is so big that Google/Apple updated operating systems to deliver a special API. Until now most controversies in contact tracing revolved about the collection of geolocation data, or the architectural approach - centralized or decentralized . Now there is another case in point.
A particular contact tracing app, ProtegoSafe (developed for Poland as an official state-supported app) is dynamically loading (like, from the internet) some logic of its operation using Progressive Web Application approach (documented here: 1 , 2 ).
Progressive Web Applications( PWA ) is a design method that allows building rich web applications that from a user point of view behave (look and feel) just like native apps. PWA allows a simple way of updating the app. When used in mobile apps, PWA could provide faster updates than through the official Android or iPhone app stores.
The way it works is that when an application is using the PWA model, some of its parts must be downloaded from remote servers . In case of a web browser this is typically about downloading a file called Manifest , with definitions describing the app configuration (look also at my privacy analysis of Progressive Web Applicationshere). This happens for example when the app is first installed or when PWA is updated dynamically. In practice, this is an HTTP(s) request to the site. Meaning - the IP address of the application user is communicated to the server controlled by authorities (here in the case of this particular app, the Ministry of Digital Affairs ).
But because the Ministry is a public institution and so it has authority over resolving the IP address to the actual identity of the user , IP addresses in this context may potentially be regarded as personal data, singling out individuals .
This means that the already sensitive data processed in contact tracing app would be even more sensitive because they - if so happens - would be of identified persons . This then would make the case of the system being even more sensitive and forms a fascinating GDPR case study . In line with EDPB opinion , this should of course be reconciled in the privacy impact assessment (which is advised to be made public, as of this day this did not happen).
But this is also a much broader and so more interesting issue.
Is the use of Progressive Web Applications by public institutions in line with data protection or does it violate user’s privacy? Court of Justice of the European Union has ruled that indeed IP addresses are in some cases personal data . It’s the influential Breyer case :
IP address registered by an online media services provider when a person accesses a website that the provider makes accessible to the public constitutes personal data within the meaning of that provision, in relation to that provider, where the latter has the legal means which enable it to identify the data subject with additional data which the internet service provider has about that person.
Which, one could imagine that it may apply to the particular situation of using Progressive Web Applications by public institutions, in general ?
But if in some contexts the use of PWAs brings certain consequences that may be different than in some native standalone applications, the issues must be tackled. In general, systems (so apps) should always ensure that the right grounds for data processing exist. The particular point described in this note may in certain cases need to be taken into consideration by the development teams.
Did you like the assessment and analysis? Any questions, comments, complaints or offers? Feel free to reach out: me@lukaszolejnik.com
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
算法导论
[美] Thomas H. Cormen、Charles E. Leiserson、Ronald L. Rivest、Clifford Stein / 高等教育出版社 / 2002-5 / 68.00元
《算法导论》自第一版出版以来,已经成为世界范围内广泛使用的大学教材和专业人员的标准参考手册。 这本书全面论述了算法的内容,从一定深度上涵盖了算法的诸多方面,同时其讲授和分析方法又兼顾了各个层次读者的接受能力。各章内容自成体系,可作为独立单元学习。所有算法都用英文和伪码描述,使具备初步编程经验的人也可读懂。全书讲解通俗易懂,且不失深度和数学上的严谨性。第二版增加了新的章节,如算法作用、概率分析......一起来看看 《算法导论》 这本书的介绍吧!