On April 15th, the e-Health Network branch of the European Commission published the EU toolbox: “Mobile applications to support contact tracing in the EU’s fight against COVID-19”. This communications aims at guiding Member States on how to best use mobile apps to tackle COVID-19 while safeguarding data privacy.
The
common approach aims to exploit the latest privacy-enhancing technological
solutions that enable at-risk individuals to be contacted and, if necessarily,
to be tested as quickly as possible, regardless of where they are and the app
they are using. It explains the essential requirements for national apps,
namely that they be:
- voluntary;
- approved by the national health authority;
- privacy-preserving - personal data is securely encrypted; and
- dismantled as soon as no longer needed.
Mobile
apps have potential to bolster contact tracing strategies to contain and
reverse the spread of COVID-19. EU Member States are converging towards
effective app solutions that minimise the processing of personal data, and
recognise that interoperability between these apps can support public health
authorities and support the reopening of the EU’s internal borders.
Member
States agreed on April 16th that COVID-19 mobile applications should not
process the location data of individuals, because "it is not necessary nor
recommended for the purpose of contact tracing".
"Collecting
an individual's movements in the context of contact tracing apps would create
major security and privacy issues," states the EU
toolbox adopted by EU countries and supported by the
European Commission.
The
EU toolbox was delivered following the European Commission’s recommendation,
released on April 8th, on apps for contact tracing. This recommendation
reflects on a common Union toolbox for the use of technology and data in order
to combat and exit from the COVID-19 crisis, in particular concerning mobile
applications and the use of anonymised mobility data.
The recommendation sets
out a process towards the adoption with the Member States of a toolbox,
focusing on two dimensions:
- A pan-European coordinated approach for the use of mobile applications for empowering citizens to take effective and more targeted social distancing measures and for warning, preventing and contact tracing; and
- A common approach for modelling and predicting the evolution of the virus through anonymised and aggregated mobile location data.
Additionally,
on April 16th, the Commission published the EU
approach for efficient contact tracing apps to support gradual
lifting of confinement measures. Also on April 16th, the European Commission
published guidance on
the development of new apps that support the fight against coronavirus in
relation to data protection.
Since
the outbreak of the coronavirus pandemic, Member States, backed by the Commission,
have been assessing the effectiveness, security, privacy, and data protection
aspects of digital solutions to address the crisis. Contact tracing apps, if
fully compliant with EU rules and well coordinated, can play a key role in all
phases of crisis management, especially when time will be ripe to gradually
lift social distancing measures.
The
Commission guidance sets out features and requirements which apps should meet
to ensure compliance with EU privacy and personal data protection legislation,
in particular the General Data Protection Regulation (GDPR) and
the ePrivacy Directive. However, the guidance is not legally binding. It
is without prejudice to the role of the Court of Justice of the EU, which is
the only institution that can give authoritative interpretation of EU law.
The
present guidance addresses only voluntary apps supporting the fight against
COVID 19 pandemic (apps downloaded, installed and used on a voluntary basis by
individuals) with one or several of the following functionalities:
- Provide accurate information to individuals about the COVID-19 pandemic;
- Provide questionnaires for self-assessment and for guidance to individuals (symptom checker functionality);
- Alert persons who have been in proximity for a certain duration to an infected person, in order to provide information such as whether to self-quarantine and where to get tested (contact tracing and warning functionality);
- Provide a communication forum between patients and doctors in situation of self-isolation or where further diagnosis and treatment advice is provided (increased use of telemedicine).
This
guidance does not cover apps aimed at enforcing quarantine requirements
(including those which are mandatory).
By
the end of April 2020: Member States with the Commission will seek
clarifications on the solution proposed by Google and Apple with regard to
contact tracing functionality on Android and iOS in order to ensure that their
initiative is compatible with the EU common approach.
No comments:
Post a Comment