The European Union’s privacy commissioner has called for the coordinated use of COVID-19 contact tracing apps to ensure privacy is upheld as much as possible.
European Data Protection Supervisor Wojciech Wiewiorowski this week raised concerns that a number of countries in Europe are developing their own versions of coronavirus contact tracing apps, with differing functionalities and levels of privacy.
These apps generally use temporary identification numbers and Bluetooth technology to identify the contacts of someone who has tested positive for COVID-19.
The Singapore government’s TraceTogether app is regarded as the leader in the space.
Launched about a month ago, users of the app voluntarily allow their Bluetooth technology to record other users that they come into close contact with. If a user is later diagnosed with COVID-19, they give permission for the government to get a record of the other users they have been in contact with recently, who are then notified and quarantined if necessary.
The use of such an app is a “useful path to achieve privacy and personal data protection effectively” while combating the spread of COVID-19, Mr Wiewiorowski said, and the EU’s General Data Protection Rule would not stand in the way of the use of such a technology.
“The GDPR permits processing of sensitive data when it is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health,” Mr Wiewiorowski said.
“Let me stress again this law is neither an obstacle for being active nor an excuse that we are not efficient as this law was written with consultation of experienced specialists in extraordinary use of new technologies serving mankind.”
The Supervisor is working with the European Commission to make sure the use of any surveillance technology or tracking apps is temporary and limited and include a “clear way back to normality”.
It is working with the European Data Protection Board and other European Union Data Protection Supervisory authorities on the creation of a “pan-European model COVID-19 mobile application”, which would be coordinated at the EU level. This will likely also include coordination with the World Health Organisation.
Mr Wiewiorowski said he is also in “close consultation” with counterparts around the world, from “the United Kingdom through…till New Zealand”, likely including Australia.
The Australian government is understood to be considering the use of a contact tracing app locally, and a number of developers are working on a version of the technology. It is believed to be reviewing the Singapore app, which will be made available open-sourced.
The Digital Transformation Agency would likely be tasked with building the app and working with private developers on it. The DTA recently posted a series of job openings on its digital marketplace for a mysterious “national citizen facing digital platform”, but it’s clear if this is related to COVID-19 or contact tracing.
The federal government has said it is “assessing the role of technology” in combating the spread of COVID-19.
Such a contact tracing app would likely become important when movement restrictions are lifted, potentially later in the year.
A number of cryptography experts and academics have argued that the Singapore model should not be directly applied in Australia due to privacy concerns, but suggest only a few small tweaks are needed.
They argue that the Singapore model puts too much reliance and responsibility on the government, which has access to who has been in contact with who and notifying close contacts.
The Australian version instead could be built without this reliance, instead hiding the identification numbers from the government entirely.
In this model, a user diagnosed with COVID-19 would allow their list of identification numbers they’ve been in contact with to be published publicly, with other users then able to check if they are on the list and identify themselves.