Care19 app amends privacy policy after security company finds data being shared

CLOSE

The contact tracing app that the states of both North Dakota and South Dakota have urged citizens to use has updated its privacy policy after a security review showed it was sharing user location data with a third party.

Care19 was made available for download in early April through a partnership with North Dakota. Gov. Kristi Noem and other state officials have repeatedly asked citizens to download the app, which as of Friday afternoon had over 18,000 participants but had yet to help track the coronavirus in the state.

The app (if given permission) tracks the user’s location, and if they are later diagnosed with COVID-19, the app can help the state health department determine other people who may have been in contact with the infected person through the use of an anonymous code.

The Care19 privacy policy previously stated that “This location data is private to you and is stored securely on ProudCrowd, LLC servers. It will not be shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.”

But according to a security review by Jumbo Privacy, that’s not true — the user location data, along with the anonymous code, is shared with Foursquare, a company that deals in location data for marketers and developers.

Tim Brookins, the app’s creator, told The Washington Post that the app uses Foursquare to turn location data into the names of nearby places and businesses, saying that “The Care19 application user interface clearly calls out the usage of Foursquare on our ‘Nearby Places’ screen, per the terms of our Foursquare agreement,” although he said the app’s privacy policy would be amended to make this more clear.

Jennifer Yu, a spokeswoman for Foursquare, also said in the article that the company does “not use the data in any way and it is promptly discarded.”

In a Friday morning press conference, state health secretary Kim Malsam-Rysdon said that Noem had stated that use of the app was voluntary, and that the data was not being stored by Foursquare and therefore the app’s privacy policy had not been violated.

“We will be continuing to promote the Care19 app,” she said.

As of Friday morning, the app’s privacy policy had been amended, stating that “Third parties that we use (Foursquare, Google Firebase and Bugfender) may have temporary access to aspects of your data for their specific data processing tasks. However, they will not collect this data in a form that allows themselves or others to access or otherwise use this data.”

Read or Share this story: https://www.argusleader.com/story/news/2020/05/22/care-19-app-amends-privacy-policy-after-security-company-finds-data-being-shared/5244592002/

Leave a Reply

Your email address will not be published. Required fields are marked *