Covid19 Symptom Tracker Application: A Take on their Privacy Policy


In an influential move, King’s College London along with contemporaries TwinsUK, Guy’s and St Thomas’ NHS Foundation Trust, the National Institute of Health Research, Guy’s and St Thomas’ Biomedical Research Centre and ZOE Global LTD, a health science company, developed and launched a much-appreciated application Covid19 Symptom Tracker. An overnight success, the application has amassed over 2 million downloads.

The research-based app is intended to provide scientists and health professionals with more data on the novel coronavirus, to identify hotspots in the country and the rapidity of the virus in spreading as it monitors the users who log information about the changes/symptoms in their health. In other words, the app resorts to our personally identifiable information (PII). According to the lead study researcher of the app and Director of TwinsUK, Professor Tim Spector, the more the users the app have better are the chances of tracking the whereabouts and intricacies of the virus.

Despite being a good Samaritan prospective, the application’s privacy policy is dubious. The Privacy Notice published on the website details how the data stored in the application is used and processed by the founders and also shared with people doing research in the health line. It says the users’ data is protected under the European Union’s General Data Protection Law (GDPR) and can only be used for purposes pertaining to research. This stretches to all the participating bodies (Hospitals, NHS, Universities, Health Charities and other research institutions). However further into the notice, there is a fuzzy statement that calls for our attention.

 “Sometimes, when we share data with researchers we export it to countries such as the USA, which have very different kinds of rules on data protection that may not protect your data in the same way as, or as well as, under GDPR. We are permitted to do this, because you consent to our doing it.” –

This statement trumps the faith (initially requested by the group) to be put in the application. With such direct contradiction, it is inevitable that we rethink downloading the app since it requests permission to so much of our personal data. The team does speak of shying away from the research if we are not comfortable with how the application is panning out but it doesn’t take away the possibility exposed by the dubious statement.

Theertha Dhanesh
A novice in cybersecurity aiming to promote discussions in privacy and security related areas, and helping users to understand the intricacies of this world a little better.

Cloudflare dumps reCAPTCHA as Google plans to charge its use

Previous article

Zoom for Government Purposes: Yes or No?

Next article

You may also like

More in Privacy


Leave a reply

Your email address will not be published. Required fields are marked *