Commission seeks ‘largest possible participation’ of EU citizens for COVID-19 apps

A smart phone app using Decentralized Privacy-Preserving Proximity Tracing (DP-3T) is pictured before a test with Swiss soldiers at the Swiss Federal Institute of Technology (EPFL) during the state of emergency of the coronavirus disease (COVID-19) outbreak, in Lausanne, Switzerland, 24 April 2020. [EPA-EFE/LAURENT GILLIERON]

The European Commission has said that the ‘largest possible participation’ of EU citizens is required in order for coronavirus contact tracing applications to work effectively.

As part of a package of measures announced on Wednesday (13 May) aiming to coordinate the EU’s travel and transport formalities amid the ongoing COVID-19 outbreak in Europe, the Commission also said that interoperability between apps is also important.

“The largest possible participation of EU citizens is necessary to exploit the full potential of tracing apps,” stated one Commission document addressing a series of questions on the measures announced on Wednesday.

In another document focusing specifically on the importance of interoperability of contact tracing apps, the executive noted how this could be ‘essential’ in opening up Europe’s borders in the future.

“All member states and the Commission consider that interoperability between these apps and between backend systems is essential for these tools to enable the tracing of cross-border infection chains,” the EU guidelines say.

“This is particularly important for cross-border workers and neighbouring countries. Ultimately, this effort will support the gradual lifting of border controls within the EU and the restoration of freedom of movement.”

Further guidance published on Wednesday notes that member states should put measures in place to communicate and receive relevant data keys between themselves, and EU nations should be “informed about possible infected or exposed users,” in terms of potential visitors to the country.

The EU hopes that the interoperable nature of contact tracing applications could also be of global use, noting that “interoperability mechanisms should be made publicly available so that third countries can work to access them in whole or in part, subject to security requirements.”

Contact apps for summer holidays

Last week the EU’s digital tzar Margrethe Vestager fielded questions from members of the European Parliament’s internal market committee on the use of contact tracing applications in the EU.

The Danish official noted that without the use of contact tracing apps, the EU would find it very difficult to “open up to the degree that we would want to.”

“We all hope that summer is not lost and that we will have a vacation,” she said.

In this vein, a readout from this a recent meeting of EU telecoms ministers said that “ministers came to an understanding that the contact tracing apps would have high importance for the gradual relaxation of various national measures, including opening of borders.”

The position of telecoms ministers in this regard comes after EU interior ministers recently noted the importance of coordinating the use of such contact tracing apps, because they “could contribute to easing or abolishing internal border checks and [the] potential lifting of entry restrictions on the external Union borders.”

The call for interoperability comes after both France and the UK opted for centralised data storage protocols for their contact tracing applications – a move which runs counter to the advice of the Commission and the European Data Protection Board, who have recently said that the principle of “data minimisation” outlined in the EU’s general data protection regulation would favour a decentralised model of data storage.

Documents published by the executive on Wednesday build on earlier EU recommendations, including a toolbox for the use of mobile apps, which stated that mobile applications should not use location data in their contact tracing applications and should also be dismantled as soon as they are no longer needed, interoperable and cyber-secure.

Additional Commission guidance on data protection also noted that such apps should be voluntary and abide by EU privacy law, including the GDPR and the ePrivacy Directive. Data should also be stored on an individual’s device and encrypted.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters