On 21 April, the European Data Protection Board (EDPB) issued guidelines concerning key data protection and privacy issues related to the use of certain tools that aim to combat the spread and resurgence of COVID-19. The guidelines address the use of location and contact tracing tools, and an April 14 letter states the EDBP’s views on the use of mobile applications and mobile data.
Guidelines on the use of location data and contact tracing tools. The EDPB emphasized the importance of using anonymized — not personal — data when utilizing location information, which isn’t subject to the European Union’s (EU) data protection law. Anonymization means it’s impossible to:
Letter addressing the use of mobile applications and mobile data. The EDPB’s letter responds to the European Commission’s proposal for a common approach to the use of mobile applications and data to inhibit the spread of COVID-19. Currently, member states are pursuing different approaches. According to the commission, applications can be developed by the public or private sectors and must comply with the EU’s data protection principles. Applications should aim to inform and advise citizens; interrupt infection chains; prevent a resurgence of infection; and help with monitoring and quarantining of individuals. The EDPB supports balancing public interest and individuals’ privacy to fight the pandemic, and emphasized the following considerations: