Norway health officials will delete all data gathered from its contact-tracing app called Smittestopp, or Infection Stop, after the nation’s data protection authority raised concerns over user privacy.
The app was downloaded by more than 1.6 million users in the Scandinavian country of over 5 million people over privacy concerns. Smittestopp had around 600,000 active users, which is nearly 10 percent of the country’s population.
Many countries have launched contact-tracing apps to help combat the spread of the coronavirus, which causes severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). Also called COVID-19, SARS-CoV-2 has affected more than 8.2 million people and killed over 444,000 people so far.
In Europe, Smittestopp is one of the first national coronavirus contact-tracing apps to be launched. And now the suspension of the app comes after Norway’s Data Protection Authority (DPA) raised concerns over threats it imposes on user privacy since it can track people’s movements.
The Institute of Public Health (FHI) received a notice of the temporary suspension on processing personal data on the Smittestopp app. It plans to stop uploading data on June 18.
FHI Director Camilla Stoltenberg said, “We do not agree with the Data Protection Agency’s assessment, but now we have to delete all data and pause work as a result of the notification. With this, we weaken an important part of our preparedness for increased spread of infection, because we lose time in developing and testing the app.”
“At the same time, we have a reduced ability to fight the spread of infection that is ongoing. The pandemic is not over,” she added. “We have no immunity in the population, no vaccine, and no effective treatment. Without the Smittestopp app, we will be less equipped to prevent new outbreaks that may occur locally or nationally.”
The DPA believes that the Smittestopp app is no longer an appropriate tool to monitor the spread of the coronavirus in Norway.
The Smittestopp app uses real-time GPS location data along with Bluetooth to track a person’s potential exposure to COVID-19, unlike other apps in Europe, which use only Bluetooth signals.
The DPA said that health authorities had not demonstrated that it was strictly needed to collect location data. It also said that the app users cannot choose to grant permission only for COVID-19 contact tracing. The app users must also agree to provide personal information for research purposes, which is against the EU data protection principle.
Meanwhile, the FHI has urged people to keep the app on their phones if the ban is lifted in the future. “I want to thank everyone who has downloaded the app and sent data to FHI,” Stoltenberg said. “We hope they will keep the app in readiness on their phones. This means that we can quickly reactivate the app if we find a solution that the Danish Data Protection Agency is satisfied with.”