Tory Minister in charge of Data Protection laws launches app that breaks Data Protection laws
The Tory Secretary of State for Digital, Culture, Media and Sport, Matt Hancock - the man responsible for overseeing data protection laws in the UK - has just become the first MP to launch their own app. And, in a fitting tribute to the Tories' incredible incompetence when it comes to all things internet-related, the app almost certainly contravenes the very laws that Hancock is responsible for.
Hancock, who is also the Minister responsible for pushing through a new bill designed to strengthen UK data protection laws, launched his new app today to a chorus of disbelief and ridicule. And now, a Data protection & privacy expert on Twitter has revealed, astonishingly, that Hancock's app breaks both Apple policy and UK Law.
https://twitter.com/MattHancock/status/958988393748357121?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.wired.co.uk%2Farticle%2Fmatt-hancock-app-dcms-iphone-android-privacy-data
Even more incredibly is the fact that Hancock has previously said that less than half of businesses are aware of new data protection laws - and it seems that Hancock fits into this category himself pretty snugly.
It is deeply unnerving that the Secretary of State responsible for data protection laws does not appear to understand them.
The app collects details from users including photos, videos, check-ins contact details and "other digital content." This "data slurp" occurs as soon as you begin using the app.
Hancock’s issues stem from several privacy problems with his new app. The first to be noticed was that it does not appear to recognise denial of permissions. Twitter users immediately noticed that the app could access their photos regardless of whether they gave it permission to. This is a major privacy flaw that the developers initially claimed was a bug but are now touting as a feature.
Big Brother Watch called the App "woeful.", adding that "It is quite fitting, given this Government's incompetence on digital privacy issues, that our Digital Minister's app steals a bank of users' personal photographs, even when permission to access them is denied."
However, another major problem stems from the App’s privacy policy. As Privacy Matters explains in an excellent 11-tweet Twitter thread, the app asks you to accept its privacy policy after install, not before. In many cases, this means you will have already accepted the policy on download.
https://twitter.com/PrivacyMatters/status/959016936494522369
The app is also promoted as “the Official App of Matt Hancock MP”, however the seller is listed as Disciple Media. It is clear from the privacy policy that Disciple Media are the ones who will handle your data, and if this is the case, then the promotion is misleading.
The privacy policy grants Disciple Media sweeping powers to aggregate your data and share it with third parties. These third parties may then contact you with marketing, competitions and offers. This raises Data Protection Act questions about fair and lawful processing but also may violate EU statutes on direct marketing.
Fair and lawful processing requires the user’s information to be used in a way they expect and for them to be given “suitable information” about how their data will be used.
The problems extend further as Disciple Media are NOT registered with the Information Commissioners Office (ICO), which, as the data controller, they should be. This is likely because the app and Disciple Media’s handling of data does not appear to meet ICO guidelines. Disciple Media does not have a privacy policy on their website.
However, Matt Hancock is registered with the ICO, suggesting that he shares data control with Disciple Media. This seems at odds with the privacy policy which lists Disciple Media as the sole data controller. This cluttered and unclear approach to data management is clearly at odds with both the PECR guidelines and the data protection act.
Overall it appears that the Matt Hancock MP app has failed to ensure the privacy of its users. As Privacy Matters put it succinctly:
We would expect the Secretary of State responsible for data protection would get privacy right.
Become An Evolve Politics Subscriber
Your subscriptions go directly into paying our writers a standard fee for every article they produce. So if you want to help us stay truly independent, please think about subscribing. We literally couldn't function without the support of our fantastic readers.
[button color="" size="large" type="round" target="" link="http://evolvepolitics.com/support-us/"]Subscribe[/button]
Or a One-Off Donation to Evolve Politics
If you don't want to subscribe, but still want to contribute to our project, you can make a one-off donation via the donate button below. All your donations go directly to our writers for their work in exposing injustice, inequality and unfairness.
[button color="" size="large" type="round" target="" link="https://www.paypal.me/evolvepolitics/"]Donate[/button]