BROADCASTS.com

The first version of \u201cSmittestopp\u201d, the Norwegian Institute\nof Public Health\u2019s (NIPH) contact tracing application, centrally stored\ndata about the population\u2019s contact patterns with reference to a static\npersonal identifier, a decision that has been widely discussed and criti-\ncised. After the Norwegian Data Protection Authority had temporarily\nforbidden further data collection and processing in June 2020, NIPH an-\nnounced to discontinue the app and stated that all data related to the\napplication would be deleted. Nevertheless, in October 2021, researchers\nfrom an institution involved in the development of the app published\na paper called \u201cNationwide rollout reveals e\ufb00icacy of epidemic control\nthrough digital contact tracing\u201d. In their paper, they analysed a de-\nrived dataset based on the Smittestopp data that was announced to be\ndeleted. The authors claim that this derived dataset was anonymised and\ntherefore does not include any personal data. We challenge this assump-\ntion by explaining how different external sets of personal data can be\nmatched with the dataset, which potentially leads to a re-identification\nof persons and a disclosure of their private contacts. We conceptually\nshow how some of these methods can be applied on an example case\nusing publicly available information on Erna Solberg, Norway\u2019s former\nprime minister. We conclude that it appears reasonably likely that indi-\nviduals can be re-identified and that the dataset should not be considered\nanonymised.\nabout this event: https://cfp.ccc-p.org/rtc22/talk/3SS7L8/