One Move Ahead

COVID-19 Updates

COVID-19 Tracing Apps Must Respect Privacy and Civil Rights

Publication: ZRVP

Various digital apps could help reduce and prevent the spread of coronavirus. Such apps are particularly useful as more and more countries are preparing to ease lockdown restrictions. However, attention must be paid to avoid breach of privacy regulations and make such apps compatible with the EU’s strict data privacy rules.

On April 8, 2020, the Commission presented a list of general principles and non-binding rules for European countries for the use of mobile applications, as data collection can be essential to understand and respond to the COVID-19 emergency.

The Recommendation adopted by the Commission focuses on the following key principles for the use of these apps and data as regards data security and the respect of EU fundamental rights such as privacy and data protection:

National health authorities or other public authorities irrespective of their field of activity should be designated data controller

These entities are responsible for ensuring compliance with the GDPR and watch over citizens’ fundamental rights such as human dignity, protection of personal data, the freedom of movement, and respect of private and family life. A working framework controlled by a public authority that protects people’s rights and offers guidance builds trust and acceptance among users, making such apps more efficient.

Individuals remain in control of their personal data

Every person is given the choice to install such app(s), with the possibility to uninstall the program once the pandemic is under control. Moreover, the app(s) are automatically deactivated after the COVID-19 crisis is overcome.

Coronavirus tracking apps comply with the strict privacy rules required at European level

Legal basis that allow such apps to store information or get access to already stored information contained by users’ personal devices might only be based on the freely given, specific and informed consent of the users.  The Commission also encourages to set strict temporary limits to data storage.

Only relevant and adequate user information will be processed

Data minimization principle should be kept in mind when processing such sensitive information. For instance, telemedicine apps do not need to gain access to the contact list of the user in order to properly function.

Data Protection Authorities supervise the development and usage of these digital tools

The objective is to secure the preservation of fundamental rights and compliance with privacy laws. Many of the technologies that are being developed in Europe – movement tracker, contact tracing, symptoms checker, telemedicine – are complying with and not revealing details of private data. Any measures infringing upon privacy must be temporary, limited in purpose and have restricted access to data.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.