Mobile apps used by EU countries to contain the spread of the coronavirus should comply with the bloc’s privacy rules and seek people’s consent to use personal data, but exclude location data, the European Commission said on Thursday.
The EU executive’s recommendations are part of a unified European approach for using technology to combat COVID-19 and come after several EU countries rolled out a variety of apps, prompting criticism from data privacy activists.
“Strong privacy safeguards are a pre-requisite for the uptake of these apps, and therefore their usefulness,” European digital chief Thierry Breton said in a statement.
The Commission said the mobile apps should be approved by public health authorities, installed voluntarily and deleted once they are not needed.
The apps should be based on anonymised data and work with other apps in other EU countries.
“Location data is not necessary nor recommended for the purpose of contact tracing apps, as their goal is not to follow the movements of individuals or to enforce prescriptions,” the Commission document said, citing security and privacy risks.
To date, 28 countries around the world have launched their own contact-tracing apps, including 11 European countries, while another 11 are developing apps based on GPS or Bluetooth data, according to an analysis by law firm Linklaters.
“Contact tracing apps are by no means a ‘magic bullet’ however. Having the tools in place to track and trace those with coronavirus is an important step, but there is also the challenge of widescale adoption in order for these apps to work effectively,” said Linklaters lawyer Sonia Cisse.
About two-thirds of a country’s population would need to be involved for contact tracing to be effective, a study by researchers at Oxford University’s Big Data Institute said.
The Commission said public health authorities will assess the effectiveness of such apps by the end of the month, with EU countries expected to share the feedback in May and the EU executive to put out a progress report in June.