The European Commission is monitoring the use of mobile applications used in the fight against the coronavirus pandemic to make sure that the bloc’s “values and rules” are not being infringed upon, Internal Market Commissioner Thierry Breton said on Thursday (2 April).
His comments come a day after a contingency of European stakeholders launched a digital contract-tracing project that purportedly respects EU privacy standards.
Speaking via videolink to MEPs from European Parliament’s Internal Market Committee, Breton responded to a question from German MEP Anna Cavazzini on whether the executive would be looking into the use of various tracking applications across EU member states.
“Europe is a specific continent where we have to be careful that in this very situation, we maintain what is important to us, we maintain our values,” he said.
“We are investigating to see what is really happening,” Breton continued. “We will make sure that it doesn’t infringe with our rules, including our values.”
Breton also reiterated a previous statement with regards to a request the Commission made for Europe’s telecommunications providers to share user data, in a bid to track the progression of the coronavirus on the continent. Breton said the data collected by the Commission will be anonymised, “non-personal data.”
Towards the end of March, the executive had asked telecom firms to hand over “anonymised mobile metadata to help analyse the patterns of diffusion of the coronavirus,” following talks between Breton, several CEOs of European telecommunication companies and GSMA, the association of mobile network operators.
On Thursday, Breton also stated that the Commission has consulted the European Data Protection Supervisor (EDPS) on the legality of the move, which prompted the EDPS, Wojciech Wiewiórowski, to pen a letter to the chief of the Commission’s DG Connect, Roberto Viola.
The EDPS highlighted the legality of the Commission’s move, saying that “data protection rules currently in force in Europe are flexible enough to allow for various measures taken in the fight against pandemics.”
However, the EDPS did ask the Commission to be transparent on the specific type of data that it is looking to obtain from telecommunications firms. “The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstandings,” Wiewiórowski said.
Earlier this week, a coalition of European stakeholders launched a new contact-tracing proximity technology, dubbed Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), which uses bluetooth signals to trace contacts between those infected with the coronavirus and people who have come into close proximity with them.
The technology broadcasts over a short distance a “temporarily valid, authenticated and anonymous identifier (ID) that cannot be connected to a user,” the company says. Despite this claim, some in the privacy community have criticised the company’s claims of anonymity, with Austrian activist Max Schrems calling such claims “false.”
The technology borrows from various initiatives worldwide, including Singapore’s TraceTogether application, which has come to influence other national projects in the West seeking to clamp down on the spread of the virus.
In terms of other public contact tracing initiatives underway in Europe, Ireland’s Health Service Executive announced earlier this week plans to roll out a similar application
In an attempt to assure privacy activists that reading bluetooth registrations is the way to go, a survey published on Wednesday by the Irish Computer Society shows that 87% of the Irish public are willing to share their personal data for the cause of stemming the spread of the coronavirus.
[Edited by Zoran Radosavljevic]