Covid-19 apps: Side effects on personal data protection should be avoided

In a joint statement, the Chair of the Council of Europe’s data protection “Convention 108” committee, Alessandra Pierucci, and the Council of Europe’s Data Protection Commissioner, Jean-Philippe Walter, warn about the possible side effects of digital contact tracing applications in the prevention of the COVID-19 pandemic and call for adequate safeguards to be put in place to prevent risks to personal data and privacy.

Since the start of the pandemic, governments and stakeholders involved in the fight against the virus have been relying on data analytics and digital technologies to address this threat. Mobile applications have been used in some countries and are being considered in others as a complementary response to the need to rapidly perform contact monitoring.

Aiming to contribute to the reflections currently underway in many countries, the statement has been issued in order to recall that, wherever such solutions are chosen, strict legal and technical safeguards would need to be in place to mitigate the risks to the protection of personal data and privacy.

If these applications are deployed, it should be for a limited duration only and solely on a voluntary basis. These applications should include specificities "by design" to prevent or minimise risks, e.g. to ensure that location data of individuals are not used, that no direct identification is possible or that re-identification is prevented.