This report forms part of the project The Role of Good Governance and the Rule of Law in Building Public Trust in Data-Driven Responses to Public Health Emergencies, a COVID-19 Rapid Response research project funded by the Arts and Humanities Research Council on behalf of UK Research and Innovation (grant AH/V015214/1).
Venue check-in apps are a type of smartphone app that emerged alongside the 'contact tracing' or 'proximity' apps. Venue check-in apps focus on presence at a particular location or venue, to which individuals actively 'check in', and are typically aimed at public or hospitality venues. When an individual enters a venue, they scan an NHS QR code and their information is logged. In the event of an outbreak being linked to that venue, those who were there within the relevant timeframe can be notified. Following the introduction of regulations, it became mandatory for certain venues in England, Wales, and Scotland to ask visitors to check-in by providing their contact information. This could be done through the NHS provided QR codes or manually - in England and Wales, it was mandatory for venues to display NHS QR codes. Venue check-in apps gave rise to a number of good governance and rule of law concerns:
1) Transparency, legitimacy and scrutiny
• Democratic deficit in design. Technical design decisions made in Scotland and England were largely not subject to any public debate and yet have significant potential to impact on privacy, autonomy, assembly and security. The absence of such debate was notable after the furore around contact tracing apps privacy in the first six months of the pandemic.
• Deficits in public scrutiny.
o In both jurisdictions there was no primary legislation enabling venue check-in apps (or other Covid-19 technologies, such as vaccine passports) and little or no parliamentary oversight before issuing the apps.
o Regulator involvement (e.g. the ICO) was largely restricted to (voluntarily submitted) scrutiny of Data Protection Impact Assessments (DPIAs).
o In Scotland scrutiny by civil society was explicitly sought as well as that of the Scottish Human Rights Commission.
o Public scrutiny by civil society is mainly based on impact assessments, especially DPIAs. These documents have come to fulfil a critical quasi-"freedom of information" purpose even though they were never designed for this and there is no legal requirement to publish, nor always, to create one.
2) Human rights and proportionality
• Privacy v effectiveness for social benefit. As with contact tracing apps, a debate exists for presence apps about whether privacy should be traded off against effectiveness. As with contact tracing apps (see WP3-D1), this expressed itself in the UK in decisions over whether to build a centralised system (as in Scotland) vs a decentralised system (as in England). There is no clear evidence these choices were data-driven, nor what objective metrics should be used to decide these kinds of balances.
• Resources v effectiveness. There is evidence that what primarily impeded the effectiveness of the venue check in schemes, at least at first, was resources. Public Health Authorities (PHAs) did not have the resources to send out many manual alerts that venues were loci of infection: in neither jurisdiction was alerting automated, and the reasons for this - technical, privacy-preserving and social - are unclear and need scrutiny.
• Safeguards. If data is collected centrally by Covid-19 technology, as with the Check In Scotland app, there need to be safeguards to prevent data breaches if the app is to be deemed a necessary and proportionate measure. The Scottish example gives us examples of a number of good safeguards: clear deletion schedules, encryption, control on who has access to central datastores.
• Privacy vs digital inclusion. Both the English and Scottish solutions took account of the risks of digital exclusion, for those without smartphones or confidence to use them, by mandating non-digital alternative means. However, the shortfalls of non-digital check-in methods mean there is a privacy trade off with inclusion.
