Article – Covid-19 tracing apps: ensuring privacy and data protection

Dedicated mobile apps could play a key role in the fight against Covid-19 and the EU has been working with member states to develop effective solutions. As apps could expose sensitive user data, Parliament has underlined the need to ensure they are designed carefully.

The European Commission has recommended a common EU approach towards contact-tracing apps, designed to warn people if they have been in contact with an infected person.

In a resolution adopted on 17 April, Parliament stressed that any digital measures against the pandemic must be in full compliance with data protection and privacy legislation. It said the use of apps should not be obligatory and that they should include sunset clauses so that they are no longer used once the pandemic is over.

MEPs stressed the need for anonymised data and said that to limit the potential risk of abuse, the generated data should not be stored in centralised databases.

In addition, MEPs said It should be made clear how the apps are expected to help minimise infection, how they are working and what commercial interests the developers have.

Check out the timeline of EU action against Covid-19

Tracing apps in the EU

The EU and many member states have been putting forward various digital tracking measures aimed at mapping, monitoring, and mitigating the pandemic.

Contact tracing apps that alert people who have been in proximity to an infected person for a certain time have emerged as the most promising from a public health perspective. The added value of these apps is that they can record contacts that a person may not notice or remember, thus enabling more accuracy and limiting further spread of the disease.

Apps could also provide accurate information to individuals on the pandemic, provide questionnaires for self-assessment and guidance, or provide a communication forum between patients and doctors.

Apps might prove effective, but could also expose sensitive user data, such as health and location.

The guidelines and toolbox for developing any Covid-19 related apps, prepared by the Commission in cooperation with member states, European Data Protection Supervisor, and European Data Protection Board aim at guaranteeing sufficient protection of data and limiting intrusiveness.

Guidance on data protection is an essential part of the Commission guidelines, stressing that the apps must fully comply with EU data protection rules, most notably the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

The Parliament will keep monitoring

Juan Fernando López Aguilar, chair of Parliament’s civil liberties committee, noted the important role apps could play in mitigating the crisis and welcomed the introduction of the toolbox, but stressed that fundamental rights and data protection must be maintained.

“We´ll keep a close eye that EU law principles and rules are respected throughout the fight against Covid-19. That includes apps and technologies to control the spread patterns of the pandemics.”

In the civil liberties committee meeting held on 7 May, members will exchange views with the European Data Protection Supervisor and the European Data Protection Board on the use of personal data in the fight against Covid-19. MEPs will also discuss the use of contact tracing apps in the fight against the coronavirus during the plenary session on 13-16 May.

Read 10 things the EU is doing to fight Covid-19 and reduce its impact