This Bill attempts to provide safeguards in relation to the symptom tracking and contact tracing apps that are currently being rolled out in the UK; and anticipates minimum safeguards that will be needed if we move on to a roll out of “immunity certificates” (commonly known as passports) in the near future. It does not mandate any particular technological approach to building apps nor does it attempt to duplicate the GDPR and ePrivacy Directive. Instead it suggests some basic safeguards that need to be placed on top of what these laws already supply.Although no one wants to delay or deter the massive effort to fight coronavirus we are all involved in, there are clear reasons to put a law like this in place sooner rather than later:(a)The portion of the population which is already digitally excluded needs reassurance that apps will not further entrench their exclusion(b)Uptake of any contact tracing app, crucial to its success will be improved if the app is both trusted and trustworthy. Voluntary use is crucial to this. Accordingly we suggest a principle of non-compulsion which includes making sure that no-one such as employers or service providers can, as a way of compulsion, discriminate against those who have not installed or used the app.(c)Connectedly, data quality will be much higher if people use these apps with confidence and do not provide false information to them, or withhold information, for fear of misuse or discrimination (d)Both uptake and quality will also be improved if citizens feel they have rights to police these apps and the data gathered via them, via a robust and swift complaints mechanism(e)Public trust will also be enhanced if an independent body whose remit is wider than just data protection has a watching brief to report on the whole scheme in relation to not just privacy but discrimination, freedom of movement, due process et alAccordingly this draft Bill makes it clear that(a)No one shall be penalised for not having a phone (or other device), leaving house without a phone, failing to charge phone, etc (b)No one is compelled to install a symptom and contact tracing app, or to share messages of their status on such an app (eg to an employer or insurer or university)(c)Personal data collected by an app, or contained in an immunity certificate, shall not be shared beyond the NHS and coronavirus researchers unless securely anonymised.(d)What is true, secure, verifiable, anonymisation needs to be certified by a stringent Code of Conduct(e)Personal data collected by apps or immunity certificate must be deleted or anonymised as soon as possible, or at latest immediately after the emergency period has expired.(f)“Immunity passports” must not become novel and uncontrolled internal passports, nor used by either state or private sector to discriminate in ways not necessary or proportionate to the legitimate social goal of controlling COVID-19.