Photo: Pixabay
Author profile picture

On Wednesday the 8th of April, the European Commission sent out a press release announcing that the governments of all Member States were expected to start with preparations for two digital apps this month. They have also been called upon to work together on collecting the mobility data of their citizens.

The aim is to gain an understanding of how European citizens circulate through their countries and perhaps across national borders. Analysis of this data should reveal which routes the spread of the coronavirus is taking.

Two apps

One of the two apps that need to be installed on everyone’s mobile phone is designed to alert its owner of a potential infection caused by someone who is or has been in their vicinity. The other app is supposed to keep track of a phone owner’s symptoms and progression of their illness. (Provided they have become ill). This disease data must be shared with medical institutions such as hospitals, As well as be shared on a European level as well. This applies to the Member States that are members of the  Europese eHealth Network, which includes The Netherlands.

The European executive body that will process this patient data is the European Centre for Disease Control in Stockholm. The aim is to find out as much as possible about the virus and its containment as soon as possible.

Everyone understands that the newly announced digital strategy for containing the coronavirus can only be done if people are prepared to relinquish phone data that they believed only belonged to themselves.

China-light?

So the question remains: is the EU going to monitor its citizens using a China-light approach? Data technology experts who advised the European expert group headed by French European Commissioner Thierry Breton say that this is definitely not the case. All data which is used can be processed anonymously. Otherwise, the European Commission would not be in a position to implement this kind of strategy. After all, it must abide by the GDPR (General Data Protection Regulation). That’s the EU law which prevents misuse of personal digital data.

Even if this is true, it is still curious that this package of European measures has barely received any publicity. In the ‘recommendation‘ document for the Member States, the European Commission explains which articles of law it may use as a basis for this policy. The Treaty on the Functioning of the European Union (TFEU) and the Euratom Treaty that all Member States have signed, both stipulate that the European Commission, acting on behalf of the Member States, must safeguard the safety of its citizens. This includes protecting citizens from the threat of fatal diseases such as the one caused by COVID-19.

In order to be able to roll out the digital strategy, European Commissioner Thierry Breton had already held talks with the telecommunications companies in Europe almost three weeks ago. The purpose of these talks was to get access to their mobility data. This must all be anonymized and aggregated prior to being handed over to the Member States. Accordingly, this kind of data will not enable any reference to be made to the private owner of a mobile phone, iPad or any other cellular device.

No Dutch plan

Back in The Netherlands, the Minister of Health, Hugo de Jonge (CDA), presented a Dutch version of the European plan at a press conference on Tuesday, April the 7th. One day before it was released. Except that he did not mention that the entire plan had stemmed from the European Commission.

There are going to be two apps, among other things, and yes, maybe citizens would be legally required to install these he suggested when a journalist from the Dutch RTL media outlet asked him about that. Because if not enough members of the public use the app, not enough data would be produced.

De Jonge was also unable to clearly explain how the data would now be made anonymous. That’s pretty logical given that IT is a profession in its own right. And that you almost have to be a data engineer to be able to explain it properly. But ultimately he sent journalists who wanted clarity on this pressing question back into the fray without any answers.

Information on privacy policy by mid-April

The European Commission’s document issued on April 8th states that Member State governments should immediately start formulating their plans in order to provide mobility data and roll out the two apps. This will be followed in mid-April by another EU document. This time to be drawn up in cooperation with the Member States in order to set out the strategy for safeguarding the privacy of everyone’s data.

Read also: EU expert on the European response to the virus: ‘Telecom data for tracking corona can be made anonymous’

Some aspects of it have already been established, according to the European Commission. The European Data Protection Authority will oversee the whole process. All data collected must be deleted within 90 days or after the virus crisis. The strategy must be up and running as of June 1st. So, that is actually fairly soon.

Exit strategy

This is inevitable in light of the fact that the virus is spreading further. Additionally, the European Member States will need to get back to work at some point. This is necessary in order to emerge from the lockdown situations that vary from country to country. Even then, you need digital data analytics to see where the virus flares up again, for instance, when a school reopens, and where it does not. This is one of the reasons why all the apps in the Member States have to be ‘interoperable’ so that all of the data can be jointly analyzed in the future.

These analytics will subsequently be presented not only on a national level but also on a European level. We will then see very clearly which areas in which countries are safe and which are not. That will be very interesting.

What is notable, however, is that this data strategy was developed without any interference from the democratically elected parliaments. Perhaps it can’t be helped in this dramatic situation. But it would have done no harm to point that out as a government. This is not a national policy against corona. This is a European policy that Dutch citizens have no influence on at present. It would have been the right thing to do to explain this to them.