Europe needs a unified approach to COVID-19 digital contact-tracing
The COVID-19 pandemic has put a great strain on European health systems and is having far-reaching effects on the economy. Digital technologies have proven to be vital in these testing times, both in combatting the virus itself and easing its negative impact on our daily lives. Internet-based technologies and services have been essential in maintaining dialogue and commercial activity, while public life has been restricted. They will also play an essential role in our exit strategy.
DIGITALEUROPE strongly supports the development of digital contact-tracing solutions to help mitigate the spread of the virus and to allow the lifting of lockdown restrictions. They must be considered an essential part of the solution to getting the economy up and running again whilst keeping our citizens safe.
COVID-19 does not respect national borders. We need solutions that work across our continent whilst protecting our citizens’ privacy. Europe must act as one. Whilst we welcome the initial guidance from the European Commission and the European Data Protection Board, this is only a first step. We therefore call on the European Commission and Member States to bring together the various approaches and drive forward a common vision that can get us out of this crisis quickly and safely.
To get there, DIGITALEUROPE has outlined five key principles that a pan-European contact-tracing solution must adhere to:
It is important that EU Member States encourage their citizens to use these mobile applications but on an absolute voluntary basis without any kind of discrimination. The more citizens use contact-tracing mobile applications, the more effective they will become. However, citizens should have the final decision on whether they will use these mobile applications, must be in control of their data, and must be able to turn them off at any time.
All solutions must clearly state the limited purpose of their data collection. Collected data should not be used for any other secondary processing. However, we would also like to highlight that for longer term efforts to contain the virus, such as vaccine research, increasing the scope of purposes of these solutions would be pivotal.
Privacy by design, and data & storage minimisation
In adherence with one of the core principles of the GDPR, these solutions should be based on privacy by design and should not process more data than what is strictly required to function accurately and effectively. It should not be based on or require the collection of location data.
Interoperability across Europe
Solutions should be interoperable and made available across all European countries. Political and technical approaches should enable cross-border freedom of movement of citizens and workers.
Protect the identity of users
Solutions should utilise, where possible, anonymisation, pseudonymisation and aggregation techniques – such as temporary or rotating identifiers – to make it impossible to track or identify individual citizens. In addition, solutions should use state-of-the-art cryptography techniques to ensure further protection of users’ data.