IDAC urges data protection to be part of contact-tracing apps

Contact-tracing app developers must put privacy concerns at the forefront of their work and embed privacy where possible, according to the The International Digital Accountability Council (IDAC).

“In particular, we recommend that developers ensure all communications are encrypted, that permissions requested be narrowly tailored, and that developers refrain from including unnecessary third-party SDKs [software development kits],” the council said.

“Additionally, developers must be transparent about how users’ personal data is collected, used, retained, stored and shared.

“By taking these additional steps, as well as other precautionary measures, developers can assure that user data is handled responsibly, and inspire the trust necessary to facilitate public participation in critical pandemic response efforts.”

The IDAC’s recommendations follow its two-month investigation covering 108 coronavirus-related apps in 41 countries.

The council stated: “Although our technical findings did not identify any specific evidence of data misuse in connection with quarantine apps administered by governments, these efforts pose potential concerns about how data collected from those apps will be used and retained, particularly by governments with poor human rights records.”

Launched in April 2020, the non-profit IDAC describes itself as lawyers, technologists and privacy experts wanting to improve digital accountability through investigation, education and collaboration.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.