In May, we wrote about a new Covid-19 tracking app that the UK government was trialing on the Isle of Wight. The app’s launch has been plagued with problems after the government initially spent $13.5 million building a product earlier in the summer, only to find it didn’t work properly on iPhones.

The UK government is preparing to roll out its long-awaited coronavirus tracking app, called NHS Covid-19 and costing £35 million, on September 24.

The UK initially rejected a model of the app proposed by tech giants Apple and Google, which advocated for a model where tracking between people happened on the phones themselves. The tech giants said this approach would safeguard citizens’ privacy.

Under the government’s previous plan, the data from the health tracking apps would have been shuttled into a centralized system, potentially open to surveillance from police and intelligence agencies. 

“That would have been disastrous,” said Jim Killock, executive director of Open Rights Group, a UK organization advocating for digital rights. “But the government has sidestepped that they’ve done it a different way.”

On top of the privacy concerns, it was discovered that the UK-built app was incompatible with iPhones. In June, the UK abandoned the app it had tested on the Isle of Wight and partnered with tech giants Apple and Google to build a new app. 

The data culled from the tracking app, set for launch on September 24, will be stored locally on users’ phones and not shared with a central database. When arriving at restaurants, pubs, hair salons and cafes, people will be obliged to check in with the app so that they can be contacted later if a fellow patron turns out to be infected — and can do this by scanning the business’s QR codes, which the government have encouraged managers to display in their venues. 

“We need to use every tool at our disposal to control the spread of the virus – including cutting-edge technology,” the UK’s Health Secretary Matt Hancock said in a statement. “The launch of the app later this month across England and Wales is a defining moment and will aid our ability to contain the virus at a critical time.”

So far in the UK, manual sign-ins which have preceded the launch of the digital app have led to a more analogue form of data abuse – with bar staff reportedly using womens’ details to harass them via phone call and text. “Ultimately, if you’ve got a smartphone you’ll get a better privacy policy,” said Killock. “With the app, it’s unproblematic – I think people should be assured it works well.”

However, the app is just a small slice of the UK’s coronavirus contact tracing system. The wider system, called Test and Trace, which works via a website, is still a black hole when it comes to people’s data, according to Killock. 

According to a campaign spearheaded by the Open Rights Group, UK’s data protection regulator, the Information Commissioner’s Office, has not put serious pressure on the government when it comes to privacy concerns about the test and trace program. The Open Rights Group has drawn attention to the fact that there is no way of knowing if the public’s Test and Trace data is being handled safely. 

Last week, it emerged that the details of more than every coronavirus patient in Wales — 18,000 patients — were leaked online for 20 hours. In a statement, Public Health Wales said the names were published “in error.”

“Nobody can responsibly say that you should not engage with Test and Trace because it’s a medical emergency,” said Killock, “but at the same time – can I advise that it’s safe? I cannot.”