Bird & Bird releases a White Paper on the privacy implications of contact-tracing apps
Written By
White Paper for governments on the privacy implications of apps supporting the fight against the COVID-19 pandemic.
European countries have responded to the Covid-19 pandemic by bringing in unprecedented measures to limit people’s movements in an effort to contain the outbreak. As governments are now planning how to progressively loosen those restrictions, it is clear that contact tracing-apps should be part of their toolbox. Already rolled out in some countries (e.g. Singapore, China, Taiwan and South Korea), several EU countries have started working on the development of such apps.
When EU governments imposed the lockdown in March 2020, very few commentators questioned how much this decision affected the universal right of free movement, at a time when everyone was concerned with reducing the number of deaths. A month later, when the discussion has moved on to alternative measures that should be implemented after the lockdown to avoid a new wave of the pandemic, one measure − the development of a contact-tracing app – has triggered much discussion about possible infringements to privacy. In this debate, very few commentators try to balance the right to privacy with other rights such as the right of free movement and the right to health, despite the fact that they are all fundamental rights.
In this context, a group of nine lawyers from different Bird & Bird offices have released a European White Paper to explain the need to achieve a balance between these fundamental rights in order to find a way of developing apps that are useful to fight against the pandemic for the benefit of us all. The document also focuses the debate on the necessary safeguards for the rights and freedoms of individuals in compliance with data protection principles, instead of taking for granted that consent from individuals is the only way forward.
This White Paper provides practical suggestions for safeguards in relation to key topics such as transparency, purpose limitation, data minimisation, accuracy, limited retention, methods of storage, design of the app, security, sunset procedures or supervision of the app.
