European Data Protection Services (EDPS) considers a European wide mobile tracking app for COVID-19

The EDPS has called for a pan European mobile app to track the spread of COVID-19The initiative called Pan European Privacy Preserving Tracing (PEPP-PT) a coalition of EU scientists from eight countries. Led by Franhoufer Heinrich of Hortz Institute for Telecoms. Keeping the usual course of activities within a company during COVID-19 represents a challenge. The measures taken during this period by companies must comply with the provisions regarding the protection of personal data. According to Hans Christian founder of Arago, the app will collect no location data, no movement profiles, no contact information and no identifiable of end devices. 

 Proposed Approach 

 The PEPP-PT approach means apps would generate temporary ID`s to prevent identification and retain privacy. However, Wojciech Wiewiórowski the European data protection supervisor, argued that ”even the strict EU data protection regulation makes some allowances for use of personal data in exceptional circumstances like the current pandemic.”  

 The PEPPT website , wants to continuously improve their approach and therefore needs to be open to new ideas which adhere it the goals of supporting: roaming/interoperability (“Pan European”) adheres to GDPR (“Privacy-Preserving”) and deliver epidemiological data to fight the pandemic (“Proximity Tracing”). I accordance with the recently published EU toolbox, PEPP-PT currently considers two privacy-preserving approaches – “centralised” and “decentralised” and continues to be open to further ideas for improvement that support PPEP-PT goals.  

 Variations by Country 

 At a European level, the strategy is not unified and varies from onemember state to another. On one hand France, Netherlands and Belgium have strict rules that prohibit systematic testing of employees for both temperature and checking for COVID-19 whereas, Germany and Spain have a more relaxed approach, giving employers the opportunity to test employees, the data must be deleted at the end of the pandemic period. 

 Therefore, the processing of personal data of the employees regarding the health status can be considered justified and legitimate during this period, but only in certain limited situations, related to the industry in which the company operates, the recipients of the information, as well as the content of the personal data. 

 Taiwan, South Korea, China, Italy are some of the countries that have implemented or are on their way to do, systems that use smartphones apps of tracking people via GPS. 

 Challenges 

 Unfortunately, there are some surveillance companies which are taking advantage of this global crisis.  The United State’s Federal Bureau of Investigations (FBI) is looking into  potential  hacking actions from spyware firms that may be attacking US residents, companies as well as collecting information on different governments.   

  Scott-Railton, a Senior Researcher at The Citizen Lab noted that “long after the last community transmitted case of this pandemic, my fear is that these surveillance mechanisms that are being pitched by unscrupulous companies will stay on our networks and continue to track our phones.” 

 Although times of crisis require exceptional measures to protect ourselves as a whole, we should keep a close watch on these measures to ensure they are only temporary and will not affect, or limit, our rights and privacy in the long term.