The European Data Protection Board (EDPB) has released recommendations for the use of location data and communication tracing software to reduce the COVID-19 pandemic’s effects.
Europe’s data security policy covers all these technical initiatives, ensuring that EU countries and agencies are expected to establish tracing software or request data for a purpose specific to coronavirus.
‘These recommendations describe the criteria and standards for the proportionate use of location data and contact tracking methods for two different purposes: to use location data to promote pandemic response by modeling the dissemination of the virus to determine the general efficacy of prevention measures; [and] to map communications aimed at notifying individuals that they have been infected.
The European Commission and the EU parliament have already weighed in with their guidelines in this area, including a toolbox to help direct app developers tracing contacts. The Commission also encouraged the Member States to follow a shared approach to the development of these applications and leaned on local telcos to include “anonymized and aggregated” metadata to model the dissemination of the virus across the EU.
The EDPB guidance paper — an agency made up of members from EU national data protection authorities that help manage the implementation of EU-wide data protection legislation —Brings further specialist guidance to those designing new approaches to tackle the coronavirus pandemic as part of a public health solution.
“The EDPB typically states that data and technologies used to help counter COVID-19 can be used to encourage people rather than to supervise, stigmatize, or repress them,” it says. “Also, data and technologies can be important instruments; they have innate limits and can only maximize the effectiveness of other interventions for public health. The basic principles of efficacy, obligation, and proportionality will direct any action taken by Member States or EU agencies that requires personal data processing to counter COVID-19.
Also Read: How Software Development can be the Favorite Choice of Startups in COVID-19 Outbreak
Among the body’s clear guidelines is that where location data are used to model coronavirus dissemination or determine the efficacy of national lockout initiatives, it is better to anonymize the data — with the EDPB stressing that it is not possible to properly anonymize.
It also advises consistency around the anonymization technique used despite the inherent uncertainty. A further highlighted aspect is the aim constraint. Apps must comprise purposes that are “reasonable enough to prevent more testing for non-COVID-19 health disaster response uses (e.g., industrial or law enforcement uses),” it states.
And, in other words, no feature creeping — and no mass monitoring of EU people through a backdoor pandemic.
The EDPB further notes that “the concept of data minimization and data security should be carefully understood through nature and default”—specifically stating that contact tracing apps “may not include monitoring of individual users’ locations.”
Conclusion:
Having outlined the advantages and drawbacks of centralized vs. decentralized approaches to monitoring communications; the EDPB also advises that the analytical process of device creation ‘will also provide an in-depth analysis of both principles closely evaluating the respective implications on data protection/privacy and potential impacts on human rights.