The European Data Protection Supervisor calls for a pan-European model “COVID-19 mobile application”, coordinated at EU level and in coordination with the World Health Organisation, to ensure data protection by design globally from the start.
The mobile app would track the spread of the new coronavirus instead of the current apps used in various EU countries which could breach people’s privacy rights.
A number of EU Member States have or are in the process of developing mobile applications that use different approaches to protect public health, involving the processing of personal data in different ways. The use of temporary broadcast identifiersand bluetooth technology for contact tracing seems to be a useful path to achieve privacy and personal data protection effectively.
EDPS calls technology developers currently working on effective measures in the fight against the coronavirus pandemic to ensure data protection from the start, e.g. by applying data protection by design principles.
The EDPS and the data protection community will assist technology developers in this collective endeavour.
"Legality, transparency and proportionality should accompany any measures designed to fight the covid-19 pandemic. In our endeavor, we shall recall the words of the President of the Court of Justice -judge Lenaerts when he stated that the law “restricts the authorities in the exercise of their powers by requiring a balance to be struck between the means used and the intended aim (or result reached)”", said Wojciech Wiewiórowski, the head of the EU privacy watchdog.
The European data protection authorities have formulated a list of requirements for surveillance mechanisms that interfere with the right to privacy and data protection. Four relevant pillars of accepted activity at the time of rising insecurity – known as ‘European Essential Guarantees’ – have been described. They consist of:
a.the requirement that the processing should be based on clear, precise and accessible rules;
b.demonstration of the necessity and proportionality with regard to the legitimate objectives pursued;
c.existence of an independent oversight mechanism as well as
d. availability of effective remedies to the individual
SDPS says that solutions that will be prepared – both technological, organizational and legal – "have to serve the principle that personal data may only be processed for specified legitimate purposes, where necessary for these purposes, and not used in a way incompatible with those purposes."
Germany threw its weight behind a proposed technology platform, unveiled last week, that would make it possible to roll out apps that can help trace the path of infection across borders while preserving privacy.
The initiative, called Pan-European Privacy Preserving Proximity Tracing (PEPP-PT), brings together more than 130 researchers from eight countries and broadly follows the approach taken by Singapore’s TraceTogether app.
PEPP-PT is expected to launch its platform this week with a German coronavirus contact tracing app.
Austria’s Red Cross has already launched a Stop Corona app that makes use of Bluetooth connections between smartphones and has been downloaded by hundreds of thousands of people.
Ireland and Poland have announced similar national initiatives, adding to the impression that EU-wide coordination is lacking.