Cwa-documentation: Questions about collected telemetry / analytics data

Created on 1 Aug 2020  路  3Comments  路  Source: corona-warn-app/cwa-documentation

Your Question

  • Documentation File: Data Privacy document

Google recently published document about analytics / telemetry data collected when using covid app based on EN framework: https://developers.google.com/android/exposure-notifications/telemetry-design , I have following questions regarding this:

  • Would it make sense to adjust Data Privacy document to include information about data collected by Google? Currently Data Privacy document specifies that "the App deliberately refrains from using tracking tools to record or analyse how you use the App" (link), and that "The data generated when the App is used is processed exclusively on servers in Germany or in another EU or EEA member state." (link). There is obvious legal distinction being introduced that "the App" refers only to the part of the application developed by RKI and excludes "exposure logging functionality" which is provided by Google (link). This would (probably) hold in a court of law, but perhaps could be made more transparent to the user, as we know now exactly what kind of data is collected by Google.
  • In a situation where Google is already collecting analytics of their part of the application, would it make sense to also collect analytics of SAP part of the application? Personally I think it makes sense, as many issues could be resolved much faster, and user data can be properly de-identified (as Google is doing with their logging).
  • Many features logged by Google could be very useful in assessing deployment status (EN module version, whether Bluetooth / Location is enabled, whether there are any issues calling the framework etc.). These features could be used to drive development more efficiently (when to switch to 1.5 API version, whether to encourage users more to keep Bluetooth and Location on etc.). Does SAP have access to these analytics data, or is it planning to ask Google for the access?
question
Source
picture kbobrowski
👍3

All 3 comments

Hello @kbobrowski,

I have forwarded the issue and just wanted to let you know that we are working on it.
Thanks for reaching out to us.

Best,
LMM

Corona-Warn-App Open Source Team

GPclips-zz picture GPclips-zz on 12 Aug 2020
👍1

Hello @kbobrowski,

many thanks again for your constructive questions and suggestions. We have discussed the issues raised in your comment internally with our legal and development teams. As a result, we came to the following conclusions:

We have decided to provide a general notice in future versions of the CWA Apps privacy policy regarding the processing of telemetry data by Google on the side of the operating system. We share your view that although Google is responsible for this processing, a clarification in the CWA Apps privacy policy would improve the overall transparency for our users. However, we will refer interested users for more detailed information on the telemetry-related data processing (e.g. which specific data and for what specific telemetry purposes are processed by Google, data protection rights etc.) to Google's online documentation. This seems appropriate since the telemetry data processing falls under the data protection responsibility of Google and does not specifically concern the CWA App, but the entire Android operating system and all installed apps. Therefore, the privacy policy of the CWA App is in our view not the right place to explain this general topic. Besides, there would be a risk that we provide inaccurate or outdated information.

User confidence and data privacy issues are key factors for the success of the CWA App. For this reason, the German government respective the Robert Koch-Institut (RKI) have deliberately decided from the outset not to collect any analytics data on user behavior in the CWA App, and they continue to hold onto this decision of principle. Only data that is necessarily generated and logged in the CWA backend systems is analyzed to a very limited degree (as described in the privacy policy). Therefore, and in answer to your question, there are no plans to link or combine the telemetry data collected by Google with data processed or logged by the CWA backend systems. Besides, such linking might conflict with Googles COVID-19 Exposure Notification Service Additional Terms, which prohibits the RKI from sharing personal user data with Google (we may share such data with third parties only if the user has given his consent and only as necessary for COVID-19 response efforts).

We do not currently have access to Google's telemetry data and analysis results based on it and have not asked for access so far. But you are right, maybe they could be useful for us and we might consider to ask for access to these data (in aggregated form of course) later. Thank you very much for this tip. However, based on our routine evaluation of user feedback and backend data we assume we have a pretty good understanding of the most important technical issues on the side of the users, so we have no need for Googles telemetry data at present.

Best Regards,
LMM

Corona-Warn-App Open Source Team

GPclips-zz picture GPclips-zz on 20 Aug 2020
👀1 👍1

Hello @kbobrowski,

I will now go on and close the issue. If you have additional questions, please feel free to reach out again.

Thanks,
LMM

Corona-Warn-App Open Source Team

GPclips-zz picture GPclips-zz on 29 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TomTeeJay picture TomTeeJay  路  3Comments
ndegendogo picture ndegendogo  路  3Comments
dreh23 picture dreh23  路  3Comments
kheinz57 picture kheinz57  路  3Comments
stritti picture stritti  路  3Comments