EU interior ministers have hailed the potential of contact tracing technologies to curb internal border checks and travel restrictions related to the current public health pandemic. But a lack of congruity between member states over the technical details of such apps could limit their effectiveness.
During an e-meeting on Tuesday (28 April), ministers noted the importance of coordinating the use of such technologies, as they “could contribute to easing or abolishing internal border checks and [the] potential lifting of entry restrictions on the external Union borders,” according to a statement from the Croatian Presidency of the EU.
However, for this to happen, member states may have to use the same application or at the very least similar applications, one EU source informed EURACTIV. The source added that countries in Europe’s South and Mediterranean regions had been pushing for a single EU app.
EU coordination could end up being affected by divergent approaches to data storage and processing, as a standoff between two different models has emerged across the bloc.
A centralised protocol – whereby data retrieved from the contact tracing process is stored on a central server – is currently backed by France and the United Kingdom, while other EU countries including Austria and now Germany have opted for a decentralised model, where the data is processed on users’ mobile handsets.
Germany had until Sunday backed the work of the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project, which had adopted a centralised methodology.
However, Berlin changed tack following swathes of criticism for the PEPP-PT approach, resulting in Chancellery Minister Helge Braun and Health Minister Jens Spahn saying over the weekend that the country would support a decentralised model instead.
Elsewhere in Europe, the French government has recently called upon Apple to downgrade its privacy protections to allow data to be siphoned from user devices.
Digital Minister Cédric O pressed the company over the weekend to modify technical restrictions on its devices that would allow for data to transferred from an application when not in operation by the user. Apple and Google’s parent firm, Alphabet, support a decentralised protocol in data processing architectures, which they believe to be more cyber-secure.
In the UK, a project led by the NHSX – the digital innovation branch of the national health service, is at odds with Apple and Google, due to its preference for a centralised approach.
The head of NHSX, Matthew Gould, informed MPs on the House of Commons science and technology committee on Tuesday (28 April), that the app would be in use “in the next couple of weeks,” in a controlled, localised environment.
A spokesperson for NHSX said recently that their application would use a centralised model and would function effectively “in the background” while users are not directly operating the app.
Council of Europe weighs in
The news comes as the Council of Europe on Tuesday (28 April) warned about the negative side effects of using certain mobile applications, saying that impact assessments of the effectiveness of such technologies should be carried out before they are employed. The rights organisation also joined calls for a decentralised approach to be implemented.
“Digital contact tracing systems should be based on an architecture which relies as much as possible on the processing and storing of data on devices of the individual users,” the CoE wrote but added that vulnerabilities still exist in both protocols.
Moreover, on Tuesday, a legal briefing was published by the office of Green MEP and lawyer Sergey Lagodinsky, who concluded that from an EU legal standpoint, these types of contact tracing technologies “can only be supported if data are gathered with user’s consent, earmarked for specific purposes, for a limited time only, and if such data are stored in a decentralised manner.”
Yesterday, EU health ministers convened with Health Commissioner Stella Kyriakides, Internal Market Chief Thierry Breton and Justice Commissioner Didier Reynders over video conference to discuss how digital solutions could be leveraged in tracing the spread of the virus, in a bid to ‘de-escalate’ the confinement measures.
“Whilst some Member States already have functioning applications in place, in most Member States they are still under development,” a Commission readout said, adding that nations have called on the bloc to ensure interoperability in the contract tracing applications put into place.
As part of a recent set of guidelines agreed between the Commission and member states, dubbed the ‘Common EU Toolbox for Member States for Mobile applications in the fight against COVID-19’, the bloc has has warned against the processing and storage of location data.
The document also recommended that technologies should be only be used on a voluntary basis and must implement privacy-friendly technologies using only anonymised data.
[Edited by Sam Morgan]