Privacy

EU has set forward a toolbox for contact tracing applications [1]. Here is how Encounter stands as of today regarding compliance to the set guidelines:

Encounter approach and implementation

EU Contact Tracing Guidelines

There is no personal IDs, location logging in Encounter. The user is in full control of the data. All data is stored locally and can be deleted by the user at any time. Encounter complied with GDPR and HIPAA guidelines.

They should be fully compliant with the EU data protection and privacy rules, as put forward by the guidance presented today following consultation with the European Data Protection Board.

> PENDING -> contacted THL, Business Finland

They should be implemented in close coordination with, and approved by, public health authorities.

Encounter is available on Google's Play Store, Apple's App Store (pending) and potentially here on this website (for devices without access to the Play Store, such as Huawei and Xiaomi). The user controls completely the installation or removal of the application.

They should be installed voluntarily, and dismantled as soon as no longer needed.

The contact tracing leverages Bluetooth, WiFi and ultrasound to determine the co-presence of two devices. There is no location logging.

They should aim to exploit the latest privacy-enhancing technological solutions. Likely to be based on Bluetooth proximity technology, they do not enable tracking of people's locations.

All the data is anonymous. A random Universal Unique ID (UUID) is created when the user first installed Encounter. This UUID rotates daily. Using the exported JSON data, health officials worldwide can issue a warning to those potentially exposed, with a custom message depending on the country on how to proceed: test, self-isolate, all without revealing one's identity. Once exported, the UUID is automatically reset to further prevent cross-UUID linking.

They should be based on anonymised data: They can alert people who have been in proximity for a certain duration to an infected person to get tested or self-isolate, without revealing the identity of the people infected.

The JSON format is simple but effective to log, with minimal storage requirements, longitudinal contact tracing. Regardless of the country where the data originated, the data is logged with a timezone-aware human-readable stamp.

They should be interoperable across the EU so that citizens are protected even when they cross borders.

The data is stored in the internal storage and protected by Android's and iPhone's database engines permissions and certificates for package legitimacy.

They should be anchored in accepted epidemiological guidance, and reflect best practice on cybersecurity, and accessibility.

As a serverless storage approach, there is no server to hack to retrieve data. The data is collected solely on the users' smartphones and remains there until exported and shared voluntarily by the user to health authorities.

They should be secure and effective.