EDMONTON -- Alberta’s contact-tracing app has received an "excellent" grading from the provincial privacy commissioner, except for a few flaws when it comes to Apple devices.
In her report published Thursday, commissioner Jill Clayton congratulates Alberta Health for developing ABTraceTogether as one part, alongside human oversight and public health expertise, of the province’s contact-tracing approach.
The app was revealed at the beginning of May as a method of tracking the spread of COVID-19 in the province.
Officials have since urged Albertans to download the free app, which uses Bluetooth to identify people who may have been exposed to a carrier of the coronavirus.
In a 66-page report, Clayton writes she found the app collects less data than its similar counterparts around the world, and that its use is voluntary helps address risk of over-collection.
However, the commissioner said certain risks were increased for Apple owners, due to safeguards needed to run the app that are "out of its control."
For example, Apple requires ABTraceTogether to run in the foreground, which leaves devices unlocked and potentially more susceptible to theft.
"We recognize the challenges [Alberta Health] has faced in this regard, since the safeguards required are out of its control. Nonetheless, given the need to run ABTraceTogether in the foreground on Apple devices, there is a security risk," Clayton wrote.
It means employers in the public, private and health sectors have an increased obligation to safeguard information under the province's privacy laws, she said.
"We have asked AH to update us on progress towards resolving this problem, and to provide a [Privacy Impact Assessment] amendment if a solution is implemented."
The report also points out some inconsistencies in how long the app retains Bluetooth encounter logs.
Information provided on the Google Play Store and Apple App Store say encounter logs are retained for 14 days, but Alberta Health said in its initial privacy assessment that contacts are logged for 21 days.
The report also concluded that users might not be aware they have to contact the Health Information Act Helpdesk to remove their phone number from the app's database.
"The FAQ and privacy statement inconsistently state what information is deleted upon withdrawal of participation," the report said. "In one document, AH states that both phone number and user ID are deleted. In another document, it states that only a user’s phone number is removed."
Clayton also found that in order to properly protect the privacy of all app users, the app must be eventually dismantled.
The OIPC has asked Alberta Health to let it know when it becomes time to dismantle ABTraceTogether and provide a public update on its decommissioning plans.