Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The PEPP-PT consortium was not doing what it promised and sharing the protocols, the code and the thinking, particularly of the German research team.”
– Michael Veale, Lecturer in Digital Rights & Regulation at UCL to EURACTIV.
Decentralised or centralised? The divergent approaches of EU member states in their privacy protocols for coronavirus contact tracing apps are about to be laid bare, as nations adopt different technologies with different standards, despite the EU attempting to harmonise guidance on the use of such apps. This week EURACTIV digs deeper into the controversy surrounding the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project consortium and attempts to find out why there is such an uproar over the different approaches.
Digital Brief: PEPP-PT The Inside Story
*Also this week*
Ferrari joins the privacy debate, Breton & Apple, personal data in Slovenia, Ericsson cautious about 5G, Huawei & Qwant, Neo-Nazis on Instagram, Copyright in Germany, Digital Services Act IMCO report, Press freedom index, Czech cyberattacks, and much more.
Over the last week, a vicious split has opened up within researchers of PEPP-PT project, which had been hailed as a potential solution to building a singular architecture for an EU contact-tracing app to contain the spread of the coronavirus.
Last week, PEPP-PT came under fire for a lack of transparency in their software operations, after reports emerged that the consortium erased text on their website that had highlighted its commitment to using a decentralised protocol in the technology, which is widely regarded as having higher privacy protections.
Since then, following one of the leaders of the consortium, Swiss epidemiologist Marcel Salathé, a number of members of the consortium have decided to withdraw from the project and establish their own project based on a decentralised protocol.
Earlier this week, I caught up with one such member of the new outfit, Michael Veale, lecturer in Digital Rights & Regulation at UCL. The full interview is available in our podcast.
Veale had some tough words to say against the lack of transparency of the PEPP-PT consortium, of which he had been previously involved.
“We found that as an umbrella organisation, it appeared to be becoming a front for pushing only the approach from industrialist Hans Christian Boos and different Fraunhofer institutes that had been working closely with high members in German politics,” Veale told EURACTIV.
“This was concerning because we began to find that the regulators such as the German Data Protection Authority were not being given the data protection documents about our approach that we had been making, and in fact, they appear to have the scientific alternatives to a highly centralised database, misrepresented in meetings with them.”
Meanwhile, at an online event earlier this week, Carmela Troncoso, assistant professor at the Swiss Federal Institute of Technology, who had been part of the PEPP-PT project before recently pulling out, said it became evident that full ‘transparency’ was not possible within the PEPP-PT consortium.
I followed up with PEPP-PT’s contracted PR agency, the Hering Schuppener Consulting firm, to hear their side of the story. I was informed that “bad communication” had been the result of the fallout within the consortium, and I was also forwarded the statement that PEPP-PT is, in fact, open to working with both decentralised and centralised protocols.
“There must be enough flexibility to tailor the technology to the respective requirements of individual countries – while maintaining its interoperability,” the statement from the consortium read.
“We believe that this flexibility also applies to contact tracing in the event of a positive coronavirus test. For this case, there are two approaches – a centralised, low-data approach and a decentralised approach. PEPP-PT is open to both, and will thus offer both models in the future,” the statement read.
Moreover, earlier this week, the EPP, the European Parliament’s largest political group, said in a statement that the PEPP-PT project provides a good example of how an EU COVID-19 mobile app should function, drawing criticism from other parties.
This comes despite the European Parliament adopting a join resolution on a coordinated response to the coronavirus crisis, in which MEPs highlighted their preference for a ‘decentralised’ model for storing data as part of the use of contact tracing apps.
“I’m not actually surprised by the EPP’s stance,” Renew MEP Sophie in’t Veld told EURACTIV over the phone. “Axel Voss is a big believer in collecting as much data on citizens as is possible. The fact that he is advocating a large, singular repository of data doesn’t surprise me.”
Last week, Renew’s in’t Veld was a signatory on a Renew Europe letter addressed to PEPP-PT’s founder, Hans-Christian Boos, calling for the consortium to be more transparent in its operations.
More generally on contact-tracing apps, Carmela Troncoso also said earlier this week that if the code for Google and Apple’s coronavirus contact-tracing app can’t be open source, then it should at least be audited.
In terms of the auditing of app code, this was also something picked up on by the European Data Protection Board earlier this week, who issued their guidelines for the use of location data and contact-tracing apps amid the coronavirus outbreak.
With regards to the PEPP-PT debate, according to the EDPB, the principle of “data minimisation” outlined in the EU’s general data protection regulation would favour a decentralised model of data storage – even though centralised architectures would also be permissible from a legal standpoint.
Speaking at a Brussels event on Wednesday evening, the EDPB’s Anna Buchta highlighted her general concerns for the future of such apps. “Whatever solutions are considered necessary and proportionate under the current circumstances should not necessarily stay with us after the current crisis is over,” she said.
Vestager weighs in. In the EU executive, the EU’s digital chief Margrethe Vestager has sought to allay privacy fears over the use of certain mobile applications in the fight against the coronavirus.
“You don’t have to choose between fighting the virus and protecting privacy,” she told EURACTIV in a recent telephone interview. “You can do something that also makes very good sense with privacy and at the same time get a digital tool that will be very useful.”
Ferrari app. In Italy, Ferrari staff are set to be given an app which will alert them if they’ve been in close contact with any colleagues using the same system who have contracted COVID-19. The technology was developed by Milanese organisation Bending Spoons, who have also been contracted by the Italian government to create national tracking software. The technology is reportedly based on PEPP-PT designs.
UK developments. Elsewhere, the UK’s National Health Service has begun testing a mobile application designed to trace the spread of the coronavirus outbreak.
Austria open source & voluntary app. While Austria’s corona-tracing-app is, in its current form, purely based on voluntary use, a senior conservative politician of the governing ÖVP suggested making it mandatory, prompting Chancellor Sebastian Kurz – of the same party – to confirm that it would stay voluntary.
EURACTIV’s Philipp Grüll reports that NGO Epicentre.Works concluded that it follows a “privacy-by-design” approach, but also demanded that its source code be made public. Austria’s Red Cross, which administers the app, has promised to do that in the coming days.
Lichtenstein bracelets. Liechtenstein will provide citizens with biometric bracelets to contain coronavirus, according to BioMetricUpdate.com.
Belgian shopping app. A Belgian mobile app called Shop Safe is the next app in line helping users amid the pandemic, while also raising questions about data use. The app checks the quantity of people shopping in nearby supermarkets using location data and the data provided by the Belgian telecoms, and then provides information whether the shops are “quiet” or “busy,” EURACTIV’s Kalina Angelova reports.
Breton & Apple. EU industry chief Thierry Breton on Wednesday (22 April) told Apple Chief Executive Tim Cook to make sure that mobile apps to limit the spread of coronavirus work on its iPhones and other devices, amidst the company’s ongoing spat with France on its privacy safeguards. Meanwhile, Bloomberg reports this week that France is asking Apple to remove a technical obstacle it says is delaying a government contact-tracing app.
Slovenian personal data. The Slovenian government has adopted a decision allowing the exchange of personal data related to prescribed self-isolation, quarantine and mandatory treatment for COVID-19 between the national public health institute and police, reports EURACTIV’s Zoran Radosavljevic.
IAPP tech vendor report. The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor Report, which provides information on 304 vendors which offer tech solutions for privacy professionals in data legislation compliance.
Data exploitation in sexual and reproductive rights. A new report from Privacy International documents 10 data exploitative technologies being developed to curtail access to reproductive healthcare globally.
‘Superpower.’ Mark Zuckerberg wrote in the Washington Post this week about the ‘superpower’ of data sharing to stifle the spread of the virus.
Ericsson cautious about 5G future. On announcing the company’s Q1 results this week, Ericsson CEO Borje Ekholm struck a disconcerting tone for the future of the bloc’s 5G networks. “While we have been successful in improving our position in Europe, we are concerned that 5G investments in Europe are delayed,” he said.
EURACTIV’s Kalina Angelova reports this week that Spain, Austria, Portugal and the Czech Republic have all delayed their 5G spectrum auctions, due to the COVID-19 outbreak. Poland is the last one to postpone the bid, as it was set for 23 April and now is pushed back indefinitely. Last month Slovenia stopped the implementation of 5G in the country.
Qwant. Huawei’s new P40 handset comes pre-installed with French operating system. The handset will come with the French search engine Qwant pre-installed, a high-level official at the company recently informed EURACTIV.
Does the name Qwant ring a bell to Brussels-bubbles folk? If so, it’s probably because the EU’s digital czar Margrethe Vestager told a Brussels audience earlier this year that she prefers using the search engine to others.
Big Tech lobbying. Tech giants Facebook and Amazon led firms in lobbying spend in the first quarter of 2020, according to documents filed with the federal government this week, CNBC reports.
Instagram harmful content. Researchers from the Counter Extremism Project report this week that they have unearthed pro-ISIS and neo-Nazi accounts advocating for violence on the Instagram platform. Staying with the platform, Instagram founders Kevin Systrom and Mike Krieger have teamed up to launch a coronavirus tracking platform.
Copyright in Germany. A year ago, EU copyright law was reformed under strong protest and with a narrow majority in the EU Parliament. Germany is still working on implementation, but civil society is already preparing to fight the directive in court. EURACTIV’s Philipp Grüll reports.
Digital Services Act
IMCO draft report. Rapporteur for the Internal Market’s initiative report on the Digital Services Act, MEP Alex Agius Saliba, has released his draft on the plans. He recommends maintaining the central elements of the e-Commerce directive as well as establishing a “central regulatory authority.”
Staying in the Internal Market, the Parliamentary committee has released tentative IMCO debate and voting schedules for a range of reports, including on the Digital Services Act and Artificial Intelligence & Ethics files.
Industry recommendations. The Information Technology Industry Council (ITI) have released their recommendations to the European Commission and Parliament for the upcoming Digital Services Act. A statement from the organisation stated thy they “support the goals of the Digital Services Act to increase legal certainty, clarify roles, and define responsibilities for actors in the online context.”
Digital rights group joins the debate. Elsewhere, Poland’s Panoptykon Foundation are looking to weigh in on the upcoming Digital Services debate, with a study on Facebook and their position of influence when it comes to political advertising.
Culture MEPs speak out. More EU action is needed to make sure EU help reaches the ailing media and culture sectors, European Parliament Culture Committee members said earlier this week. Meanwhile, writing in EURACTIV, more than 40 MEPs called in an open letter to EU leaders for immediate actions to support Europe’s news media sector.
Bulgaria Press Freedom. Bulgaria has the lowest standards of press freedom in Europe and is ranked 111th globally in terms of press freedom for a third consecutive year in the Reporters Without Borders annual edition of the World Press Freedom index, which called the country “the black sheep of the EU”. EURACTIV’s Georgi Gotev reports.
Poland ranks lowest in World Press Freedom Index’s 18-year history. “The authorities’ efforts to subjugate the judicial system”, as well as “the growing tendency to penalise defamation” justified Poland’s spot in the ranking, according to Reporters Without Borders.
EURACTIV’s Natalia Pazura reports that the group also wrote that “state media are full of hate speech,” adding that public service media “have become a propaganda tube for the government”. Since being ranked 18th in 2015, Poland has since been dropping each year.
Serbia falls. Serbia dropped three places in the 2020 World Press Freedom Index, according to the ranking published by the Reporters Without Borders (RSF) on Tuesday (21 April). After the country ranked 90th in 2019, it has now slid to the 93rd spot among the 180 countries in this year’s report with a score of 31.62, which, except for Montenegro, is the lowest ranking in the region. Read more.
Famous journalist killed in car crash. Meanwhile, Georgi Gotev also writes this week that Milen Tsvetkov, a familiar face from TV screens for all Bulgarians, was killed in a car accident on Easter Sunday (19 April) in Sofia. Tsvetkov’s car had stopped at a red light when an SUV hit it from behind at very high speed.
Roma at risk in Hungary. The leading Roma TV Dikh TV – which caters to the largest ethnic minority in Hungary – was taken over by people close to the ruling Fidesz party this week. Zeljko Jovanovic, director of the Open Society Roma Initiatives Office, raised concern about the acquisition. “We should see the purchase of Dikh TV by the Fidesz-propaganda network in a larger picture,” she said.
“In the short-term, Fidesz is worried about the recent losses in the local elections in Budapest and other major cities as well as increasing strength among the Roma activists who encourage Roma not to sell votes. In this way, they can control the Roma voters because this TV was highly popular.”
Slovenia. The new government of Slovenia’s conservative Prime Minister Janez Janša has so far kept the coronavirus under control — but critics fear he will exploit the crisis to bring to heel the media he brands “presstitution”.
In other news, the health secretary of Serbia’s Vojvodina province, Zoran Gojkovic, said on Monday (20 April) that reporters’ questions were not the reason why journalists had been banned from attending news conferences on the COVID-19 pandemic in Serbia, as their safety was the government’s prime concern. Reporters can attend the conferences as of Tuesday (21 April), he added. EURACTIV Serbia takes a closer look.
Green Deal could use available technologies ‘without prejudices’. The much-awaited re-visit of the Renewable Energy Directive (RED II) as part of the new Green Deal should get rid of “prejudices” and take advantage of technologies and products already placed on the market, Ewald-Marco Münzer, CEO of waste-based biodiesel company Münzer Bioindustrie GmbH in Vienna, told EURACTIV.com in an interview. Read the interview by Sarantis Michalopoulos here.
This week, the EEAS have identified 45 new cases of pro-Kremlin disinformation, 30 of these were related to the coronavirus. Read more here.
The UK government has released guidelines on how to be safe online, recommending reviewing security and safety settings, checking facts and guarding against disinformation, being vigilant against fraud and scams, and managing the amount of time spent online.
US Secretary of State Mike Pompeo said on Saturday he was concerned by ‘malicious’ cyber attacks that have recently hit Czech hospitals battling the novel coronavirus. “As the world battles the COVID-19 pandemic, malicious cyber activity that impairs the ability of hospitals and healthcare systems to deliver critical services could have deadly results,” Pompeo said.
MEPs want more funding. Parliament’s Horizon Europe rapporteurs Dan Nica and Christian Ehler have written to EU leaders, urging member states to ensure that the new research programme is duly financed with EUR 120bn as had been requested by the European Parliament. “The lack of budget for Horizon Europe will inevitably lead to the cannibalization of one of Europe’s priorities. We will have to decide between fighting the coronavirus, ensuring economic growth, boosting digitalization or reducing CO2 emissions,” said Ehler.
Commission data-sharing platform. Meanwhile, the Commission has launched a data-sharing service for scientists to publish their coronavirus studies to “enable the rapid collection and sharing of available research data.”
“Researchers will be able to store, share and analyse a wide variety of findings on coronavirus on this platform. From genomic data to microscopy and clinical data, for instance,” a statement from Commission President Ursula von Der Leyen read.
On my radar.
The European Commission will host a pan-European hackathon to connect civil society, innovators, partners and buyers across Europe to develop innovative solutions to overcome coronavirus-related challenges, starting tomorrow and continuing over the weekend.
What else I’m reading this week:
- Twitter will remove dubious 5G tweets ‘that could potentially cause harm’ (TechCrunch)
- Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks (Wired)
- Google criticised by news publishers over coronavirus ad blocking (FT – Paywall)