Brussels, 16 April 2020 – The European Commission’s proposal for a common exit strategy in individual Member States envisages, among other things, various types of monitoring of the movement of persons by using mobile applications. Unfortunately, it is not clear from the document how the data will be protected. In fact, it raises even more questions than last week’s Commission recommendation.
“Even though, the fundamental questions are still unanswered, there are new emerging ideas that raise doubts about adequate protection of privacy and security of European citizens’ data,” said European Parliament Vice-President Marcel Kolaja. According to him, previous questions, how exactly the Commission intends to protect data that should be used by smart quarantine applications, were not answered. “I asked questions to Commissioner Didier Reynders and I was more or less told that everything would be all right, referring to GDPR and the European Data Protection Board. That really did not calm me down,” Kolaja adds.
According to Kolaja, it is essential that smart quarantine applications are Free Software, i.e. Open Source.
“Only when the application code is open, the developer community can check if the application collects only the necessary data. If the software is closed, we have to blindly trust the application developers, and that is a completely unnecessary risk,” he comments on the main concerns.
Another point is to secure the system against external attacks. “So far, it was not clarified, not even by the Commissioner, how the systems will be secured for example against false alerts – that is a situation where an attacker intentionally sends false messages to users that they were potentially in contact with infectious person. Such messages could cause panic,” Kolaja gives another example.
However, this is not the end of doubts about the mobile app plan. “The proposal includes data collection of all potential contacts of infected patients, which I perceive as unprecedented and unjustified. There are no clear criteria to end the data collection as much as the project itself, nor does it include precise application interoperability requirements… All these points lead to great uncertainty,” Kolaja adds to the proposed document. “I will continue to monitor all points and push the Commission to consider my comments because despite all the imperfections of the proposal, I believe that a good common solution can speed up the transition to a normal post-coronavirus regime,” Kolaja added.