Member Services

01 23 777 88

or complete our Contact Form

Training

01 23 777 23

or complete our Contact Form

  NEWS

EU Covid-19 tracing apps: ensuring privacy and data protection

Phone apps could play a part in the fight against Covid-19, but raise privacy and data protection issues. Discover what the EU is doing.

Data protection: tracking coronavirus, not you

Dedicated mobile apps could play a key role in the fight against Covid-19 and the EU has been working with member states to develop effective solutions. As apps could expose sensitive user data, Parliament has underlined the need to ensure they are designed carefully.

The European Commission has recommended a common EU approach towards contact-tracing apps, designed to warn people if they have been in contact with an infected person.

In a resolution adopted on 17 April, Parliament stressed that any digital measures against the pandemic must be in full compliance with data protection and privacy legislation. It said the use of apps should not be obligatory and that they should include sunset clauses so that they are no longer used once the pandemic is over.

MEPs stressed the need for anonymised data and said that to limit the potential risk of abuse, the generated data should not be stored in centralised databases.

In addition, MEPs said It should be made clear how the apps are expected to help minimise infection, how they are working and what commercial interests the developers have.

Tracing apps in the EU

The EU and many member states have been putting forward various digital tracking measures aimed at mapping, monitoring, and mitigating the pandemic. (Read more about Ireland's app development here).

Contact tracing apps that alert people who have been in proximity to an infected person for a certain time have emerged as the most promising from a public health perspective. The added value of these apps is that they can record contacts that a person may not notice or remember, thus enabling more accuracy and limiting further spread of the disease.

Apps could also provide accurate information to individuals on the pandemic, provide questionnaires for self-assessment and guidance, or provide a communication forum between patients and doctors.

Apps might prove effective, but could also expose sensitive user data, such as health and location.

The guidelines and toolbox for developing any Covid-19 related apps, prepared by the Commission in cooperation with member states, European Data Protection Supervisor, and European Data Protection Board aim at guaranteeing sufficient protection of data and limiting intrusiveness.

Guidance on data protection is an essential part of the Commission guidelines, stressing that the apps must fully comply with EU data protection rules, most notably the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

The Parliament will keep monitoring

Juan Fernando López Aguilar, chair of Parliament’s civil liberties committee, noted the important role apps could play in mitigating the crisis and welcomed the introduction of the toolbox, but stressed that fundamental rights and data protection must be maintained.

“We´ll keep a close eye that EU law principles and rules are respected throughout the fight against Covid-19. That includes apps and technologies to control the spread patterns of the pandemics.”

In the civil liberties committee meeting held on 7 May, members will exchange views with the European Data Protection Supervisor and the European Data Protection Board on the use of personal data in the fight against Covid-19. MEPs will also discuss the use of contact tracing apps in the fight against the coronavirus during the plenary session on 13-16 May.

View the list of Coronavirus apps here.

EU toolbox

  • National health authorities should approve apps and be accountable for compliance with EU personal data protection rules
  • Users remain in full control of personal data. App installation should be voluntary and they should be discontinued as soon as no longer needed
  • Limites use of personal data: only data relevant to the purpose in question, and should not include location tracking
  • Strict limits on data storage: personal data should be kept for no longer than necessary.
  • Security of data: data should be stored on an individual's device and encrypted.
  • Interoperability: apps should be usable in other EU countries as well
  • National data protection authorities should be fully consulted and involved

Share this article!