Coronavirus Tracing Apps Must Not Be Used For Surveillance, Says EU

Tom Jowitt,
coronavirus Image credit: World Health Organisation

EU officials warn member states that Covid-19 tracing apps must not be used for ‘mass surveillance’ and need to be deactivated when pandemic ends

European Union officials have reacted to privacy and surveillance concerns about the use of Covid-19 tracing apps during the Coronavirus pandemic.

They warned that contact-tracing apps must only be used during the pandemic and will need to be automatically de-activated once the crisis is over, EU justice commissioner Didier Reynders was quoted by Reuters as saying on Thursday.

The move comes after the UK government published the source code its NHS Covid-19 tracing app, amid concern over the app’s privacy and effectiveness.

No surveillance

That app is currently is currently being trialled on the Isle of Wight, after it was initially tested on an RAF base in North Yorkshire.

The UK is not the only country to rushing to develop mobile tracing apps, in an effort to avoid the spread of the virus and help avoid a second wave later in the year.

“Apps cannot be used for mass surveillance. Individuals will keep control on their data,” Reynders was quoted by Reuters as telling EU lawmakers in a plenary sitting.

“Apps should be only used during the crisis and be deactivated at the latest when the pandemic is over,” Reynders said, adding the de-activation should occur even if users forget to uninstall the applications.

App concerns

When someone tests positive for Covid-19, the apps tend to track down whom the patient has been in contact with and isolate them.

The UK’s NHS app for example uses Bluetooth signals to detect and log other phones with a compatible app in the vicinity. When a person develops a confirmed case, the app alerts those who have come into contact with the individual.

But the NHS’ “centralised” approach has come under fire for exposing users to privacy risks and, as a result, potentially making people less willing to use the software.

Matters were not helped for privacy campaigners when it was confirmed that GCHQ (Government Communications Headquarters) had been granted extra powers to obtain security data from NHS systems, in order to better protect it from outside threats.

The NHS app processes anonymised data on a central server, allowing the NHS to track trends in the way the virus is spreading and to detect hotspots.

That approach contrasts to the “decentralised” approach adopted by many other countries, where all data processing is carried out on the devices themselves.

Apple and Google are developing a decentralised technology that is to be built into iOS and Android devices, and the method has been widely adopted across Europe and elsewhere.

France and Japan are two notable exceptions, with both countries opting to employ centralised servers.