One topic that has been increasingly discussed in recent days and weeks in the discussions about containing the COVID 19 crisis is the creation and use of mobile apps and the use of anonymizsed mobility data.
On 8 April the Commission recommended steps and measures to develop a common EU approach to the use of mobile apps and data from mobile devices in the fight against the coronavirus pandemic. The recommendation sets out a process for the adoption of a toolkit with Member States focusing on two areas:
a coordinated, pan-European approach to the use of mobile apps to enable citizens to make effective and more targeted social distance management arrangements and to enable alerting, prevention and follow-up of contacts; and
a common system for modelling and predicting the evolution of the virus through anonymised and aggregated mobile phone location data.
The Recommendation sets out the main principles for the use of these apps and data in terms of data security and respect for EU fundamental rights such as privacy and data protection. In particular, recital 10 and Articles 18 to 20 address the use of mobility data. The Commission would like to stress that the development of the tools should be guided by the principles of privacy and data protection.
However, the Member States agreed already on 16 April with the Commission and in consultation with the European Data Protection Committee that mobile applications should not process location data of persons, as this is neither necessary nor recommended for the purpose of contact tracing.
The EU toolbox, adopted by EU countries and supported by the European Commission, emphasises that recording a person's movements in contact tracing applications would pose major security and data protection problems. These apps should also be both temporary and voluntary, ensuring that no user knows the identity of infected persons or of close contacts of infected persons. According to the report, the storage of such data should also be limited in time in order to increase security and privacy.
Furthermore, in a plenary resolution adopted on 17 April, the European Parliament stressed that national and EU authorities must fully comply with data protection and privacy legislation and that mobile location data can only be processed in accordance with the ePrivacy Directive and the GDPR.
- Recommendation of the Commission. - Common EU-Toolbox for Member States. - Press release of the European Parliament. - EAC Position Paper: Connected Cars - Uniform Rules for the Handling of Vehicle Data for the sake of Consumer Protection and Welfare.