Print this page
Published in News

Government COVID-19 apps skimp on the privacy

by on12 October 2020


Council of Europe warns

A report published today by the Council of Europe identifies a number of shortcomings in the protection of privacy and personal data in some of the legal and technical measures adopted by governments to prevent the spread of the COVID-19 pandemic.

The report “Digital solutions to fight COVID-19” looks into the impact on the rights to privacy and data protection of the legislative framework and policies adopted by governments as well as an in-depth and technical review of digital contact tracing applications and monitoring tools.

It calls on governments to ensure transparency of digital solutions in order to ensure respect of the rights to privacy and data protection. It also regrets that in spite of numerous calls for coordination and interoperability of digital solutions to prevent the spread of the COVID-19 pandemic, countries have individually implemented widely diverging systems, limiting the efficiency of the measures taken.

While aiming to assess how the measures adopted comply with the data protection convention, the report also contains recommendations on how to ensure the efficiency and resilience of the data protection framework.

In most countries, governments adopted emergency measures that gave governments extensive powers, usually only for a limited period of time.

The report identifies shortcomings in a number of countries concerning compliance with the principles of “Convention 108” with regard to issues such as the requirement for a legal basis of the measures adopted, their proportionality and aspects such as their justification by public interest and the consent of the data subject for data processing.

A particularly challenging aspect is the limitation of the purposes for data processing – the report points out that in some countries the boundaries between healthcare and police enforcement purposes have been sometimes blurred. The report also points to data protection risks related to the security, storage and sharing of data, which has led to the withdrawal of certain measures in some countries.

When examining compliance with the principle of privacy by design, the report notes that out of 55 Parties to “Convention 108”, 26 jurisdictions have chosen a decentralised approach for proximity and contact tracing apps whilst 14 have chosen a centralised approach. Five countries have decided not to use apps at all.

The report contains the findings of a survey among the states Parties to “Convention 108” on the use of digital solutions to control the dissemination of the virus. Out of the 47 respondents participating in the survey, 36 use apps for contact tracing or proximity alerts (77 percent), 20 for self-diagnosis (43 percent), 11 for quarantine enforcement (23 percent)  and eight for mapping travel patterns (17 percent). Only two countries used apps for crowd control and another two for immunity passports.

The report welcomes that 20 countries participating in the survey have published the apps' source codes, a measure that can contribute to building the trust of users and to make the apps effective. To further strengthen this trust, the reports recommends involving civil society and the general public in the development of digital solutions and transparency measures.

Last modified on 12 October 2020
Rate this item
(0 votes)