Well, it is actually not that difficult to explain. SAVITAS essentially builds on three pillars to preserve privacy:
SAVITAS is a solution that only works in the user’s web browser, requiring no app to be installed on the user’s phone. It cannot run in the background of the device but only activates when the user scans a QR code or deliberately visits the SAVITAS website. That is also the only time it can tell you something because it does not know your phone number of email address.
When a user chooses to scan a QR code, SAVITAS uses a well-known secure hashing function (*) to generate a unique string of characters which relate only to a QR code and a time period. Nothing in this string relates to any user characteristics. Nonetheless, since this single string may be unique for a user, we ensure that it is kept only on the user’s phone.
When the QR code is installed, it will be scanned for the very first time: it will then use the location information of the phone, hash that into an abstract number unusable for location purposes, hash the QR code as well, upload both abstract numbers to the server. At every scan, those numbers will be used for verification that the QR code has not been moved or reproduced, to avoid erroneous results and false conclusions.
The only time the unique string is shared, is when a user, after authorization by a medical professional, decides that the string should be shared to inform others. You will therefore only find a list of strings on our servers, with all strings totally mixed up, which tell us that at a certain place within a certain time there was someone who tested positive for COVID-19. We do not know who. All similar lists are then sent (incrementally) to a user’s phone whenever a QR code is scanned or when that user visits our webpage. The comparison of a user’s strings with those incoming “reported-positive” strings only happens on the user’s phone. We have no way to receive the unique string of a user unless that user decides to share it when having tested positive.
As a consequence, if the outcome of the comparison brings up a match, ONLY the user will be informed as that information never leaves the phone.
As recommended by data protection authorities in Europe (**), we have chosen for an approach which:
In short, our solution is built from the ground up with privacy in mind. We are continuously performing assessments throughout the entire cycle of conception, development and roll-out, so that any privacy threat which may emerge, is tackled as soon as it is detected.
Document produced in close cooperation with Timelex. As a member of SAVITAS’ advisory board, European leading niche law firm in data protection & privacy Timelex provides the framework and guidelines to ensure that the privacy of all SAVITAS’ users is preserved at all times. This includes a.o. a formal Data Protection Impact Assessment.
(**) EDPB Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 April 2020: https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-042020-use-location-data-and-contact-tracing_nl.