, ,

EDPB letter on contact tracing App privacy issues

The European Data Protection Board has shared its view on contact tracing app privacy issues.

Following a request for consultation from the European Commission, the European Data Protection Board adopted a letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic. This Guidance on data protection and privacy implications complements the European Commission’s Recommendation on apps for contact tracing, published on 8 April and setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis.

Key takeaways:

💡 no one-size-fits-all solution applies envisaged technical solutions need to be examined in detail, on a case-by case basis

💡 EDPB believes that it is a step in the right direction to highlight the essential need to consult with data protection authorities

💡 development of the apps should take into account Privacy by design and Privacy by Default mechanisms, and the source code should be made publicly available for the widest possible scrutiny by the scientific community

💡 EDPB strongly supports the Commission’s proposal for a voluntary adoption of such apps, a choice that should be made by individuals as a token of collective responsibility

💡 Legal Basis for the processing? the mere fact that the use of the contact tracing takes place on a voluntary basis, does not mean that the processing of personal data by public authorities necessarily be based on the consent; The enactment of national laws, promoting the voluntary use of the app without any negative consequence for the individuals not using it, could be a legal basis for the use of the apps; it appears that the most relevant legal basis for the processing is the necessity for the performance of a task for public interest

💡 Contact tracing apps do not require location tracking of individuals users. Collecting an individual’s movements in the context of contact tracing apps would violate the principle of data minimisation. In addition, doing so would create major security and privacy risks

💡 the main function of such apps is to discover events (contacts with positive persons), such events can be stored both at local level (within the device of the user) and centralized level; according to the EDPB the decentralised solution is more in line with the minimisation principle

💡 these apps are not social platforms for spreading social alarm or giving rise to any sort of stigmatisation. a mechanism should ensure that whenever a person is declared as COVID-positive, the information entered in the app is correct, since this may trigger notifications to other people concerning the fact that they have been exposed

💡 once this crisis is over, such emergency system should not remain in use, and as a general rule, the collected data should be erased or anonymised.

For more info drop me a line via Twitter –  Fb or Telegram  

If you think this information is valuable, repay my effort and share it on your #SocialMedia, Be Influent! 

Also don’t miss my Telegram channel @TechnoLawgy for the latest #Privacy and #LegalTech news!

, ,

⚕️#Health&Privacy: i dati sulla pelle sono dati sensibili?

I dati sulla tipologia di pelle sono dati sensibili sulla salute che necessitano di un apposito consenso privacy ai sensi del GDPR? Non sempre. Continua a leggere