EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking App

Europe’s data protection tsar has called for a pan-EU COVID-19 health tracking app to avoid fragmented member state approaches which may not follow privacy-by-design principles.

European data protection supervisor (EDPS), Wojciech Wiewiórowski, said his team is already cooperating with other EU institutions to create a joined-up approach in line with GDPR.

He argued that even the strict EU data protection regulation makes some allowances for use of personal data in exceptional circumstances like the current pandemic.

“GDPR states that the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality,” explained Wiewiórowski.

“Legality of processing the personal data – even so called sensitive data like data about health – can be achieved when processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued.”

To that end, even if specific data processing during the crisis may interfere with privacy rights, it may be necessary. However, an EU-wide approach as advocated by the EDPS will ensure any measures are temporary, and limited in purpose and data access.

There must also be a clear “way back to normality” – i.e. organizations must know what they will do with any data collected after the crisis is over, said Wiewiórowski.

“The EDPS is aware that a number of EU member states have or are in the process of developing mobile applications that use different approaches to protect public health, involving the processing of personal data in different ways. The use of temporary broadcast identifiers and Bluetooth technology for contact tracing seems to be a useful path to achieve privacy and personal data protection effectively,” he added.

“Given these divergences, the EDPS calls for a pan-European model ‘COVID-19 mobile application,’ coordinated at EU level. Ideally, coordination with the World Health Organisation should also take place, to ensure data protection by design globally from the start.”

The statement should go some way to assuaging the fears of global rights groups, which signed an open letter last week warning that efforts to contain the virus mustn’t be used as cover to usher in a new era of online surveillance.

They claimed that telecoms-based tracking is already underway in 23 countries, while 14 have deployed tracking apps.

Tracking infection rates and movement across the populace is seen as an essential step to helping prevent the spread of the pandemic and a key pillar of any lockdown exit strategy.

What’s Hot on Infosecurity Magazine?