Aspectes de privadesa de les aplicacions de rastreig de contactes a Europa i recomanacions per al seu ús futur

Autors/ores

Resum

La primera pandèmia global a l'era de la digitalització va indicar que hi podria haver nous tipus de riscos de privadesa, derivats de les activitats de processament que tenen lloc dins l'abast de les activitats de rastreig de contactes digitals. Si bé cal protegir principalment el dret a la vida de totes les persones que viuen a la comunitat, també s'ha de considerar el seu dret a la privadesa. Per això, tant els reguladors com els controladors de dades han d'assolir un equilibri entre la privadesa i la salut pública. El propòsit d'aquesta revisió és analitzar els esforços de compliment dels controladors de dades a Europa, amb les regulacions i les guies de protecció de dades existents a la UE i extreure lliçons per a l'ús d'aplicacions de rastreig de contactes, dins l'abast d'escenaris de desastres potencials que puguin sorgir en el futur, mitjançant la revisió de la literatura existent i de les polítiques de privadesa de les aplicacions.

Paraules clau

Llei Europea de Privadesa, Dret de la Unió Europea, Pandèmia, Seguiment de contactes digitals, Protecció de dades

Referències

Bengio, Y. (et al.) (2020). A. The need for privacy with public digital contact tracing during the COVID-19 pandemic. Lancet Digit Health, 2(7), p. e342-e344. https://doi.org/10.1016/S2589-7500(20)30133-3

Blasimme, A.; Ferretti, A. and Vayena E (2021). Digital Contact Tracing Against COVID-19 in Europe: Current Features and Ongoing Developments. Frontiers in Digital Health, 3:660823. https://doi.org/10.3389/fdgth.2021.660823

Calzolaio, S. (2016). Digital (and privacy) by default. Constitutional identity of e-government. Giornale di Storia Costituzionale, 31, p, 185. http://www.storiacostituzionale.it/doc_full-text/GSC_31_full-text.pdf

Hatamian, M., Wairimu, S., Momen, N. & Fritsch, L. (2021). A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empirical software engineering, 26, 36. https://doi.org/10.1007/s10664-020-09934-4

Hernández-Orallo, E.; Calfate, C.T.; Cano, J.C.; Manzoni, P. (2020). Evaluating the effectiveness of COVID-19 Bluetooth-Based smartphone contact tracing applications. Applied Sciences, 10 (20). https://doi.org/10.3390/app10207113

Hintze, M. (2019). Privacy Statements under the GDPR. Seattle University Law Review, 42(3). https://digitalcommons.law.seattleu.edu/sulr/vol42/iss3/7/

Hobson, S.; Hind, M.; Mojsilovic, A. and Varshney, K.R. (2020). Trust and transparency in contact tracing applications. arXiv:2006, 11356. https://doi.org/10.48550/arXiv.2006.11356

Legendre, F.; Humbert, M.; Mermoud, A.; Lenders, V. (2020). Contact tracing: An overview of technologies and cyber risks. arXiv:2007, 02806. https://doi.org/10.48550/arXiv.2007.02806

Mbunge, E (2020). Integrating emerging technologies into COVID-19 contact tracing: Opportunities, challenges and pitfalls. Diabetes & Metabolic Syndrome, 14(6). https://doi.org/10.1016/j.dsx.2020.08.029

O'Connell, J. (et al.) (2021). Best practice guidance for digital contact tracing apps: a cross-disciplinary review of the literature. JMIR mHealth and uHealth, 9(6). https://doi.org/10.2196/27753

Scantamburlo, T. (et al.) (2021). Covid-19 and tracing methodologies: A lesson for the future society. Health and Technology, 11,.pp. 1051–1061. https://doi.org/10.1007/s12553-021-00575-1

Ventrella, E. (2020). Privacy in emergency circumstances: data protection and the COVID-19 pandemic. ERA Forum, 21, pp. 379–393. https://doi.org/10.1007/s12027-020-00629-3

Vergallo, G. M.; Zaami, S. and Marinelli, E. (2021) The COVID-19 pandemic and contact tracing technologies, between upholding the right to health and personal data protection. European Review for Medical and Pharmacological Sciences, 25 (5), pp. 2449-2456. https://doi.org/10.26355/eurrev_202103_25286

Vuokko, R.; Saranto, K. and Palojoki, S. (2021). Features of COVID-19 applications and their impact on contact tracing: results of preliminary review. Finnish Journal of eHealth and eWelfare, 13(4). https://doi.org/10.23996/fjhw.109253

Official documentation

Application #OstaniZdrav. Privacy notice. https://www.gov.si/assets/vlada/Koronavirus-zbirno-infografike-vlada/APP-OstaniZdrav/Privacy-notice.pdf

Apturi Covid Privacy Policy. https://apturicovid.lv/privatuma-politika/#en

Article 8 of the Charter of Fundamental Rights of The European Union (2000/C 364/01), protection of personal data. https://fra.europa.eu/en/eu-charter/article/8-protection-personal-data#:~:text=1.,basis%20laid%20down%20by%20law

Article 29 Data Protection Working Party. Opinion 03/2013, Opinion on Purpose Limitation. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf

Article 29 Working Party Guidelines on Transparency under Regulation 2016/679. https://gdpr-text.com/guidelines/transparency/

Communication from the Commission Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection 2020/C 124 I/01. OJ C 124I, 17.4.2020, p. 1–9. https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1587141168991&uri=CELEX:52020XC0417(08)

Corona Melder. Privacy Policy. https://coronamelder.nl/en/privacy

Corona Warn App. Privacy Notice Version 3.2. https://www.coronawarn.app/assets/documents/cwa-privacy-notice-en.pdf

Decision of the EEA Joint Committee No 154/2018 of 6 July 2018 amending Annex XI (Electronic communication, audiovisual services and information society) and Protocol 37 (containing the list provided for in Article 101) to the EEA Agreement [2018/1022]. OJ L 183, 19.7.2018, p. 23–26. https://eur-lex.europa.eu/eli/dec/2018/1022/oj

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). OJ L 201, 31.7.2002, p. 37–47. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058

Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (Text with EEA relevance). OJ L 337, 18.12.2009, p. 11–36. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0136

eHealth Network. Mobile applications to support contact tracing in the EU’s fight against COVID-19 Common EU Toolbox for Member States. Version 1.0. 15 April 2020. https://ec.europa.eu/health/system/files/2020-04/covid-19_apps_en_0.pdf

eRouska. Terms and Conditions and Privacy Policy. https://erouska.cz/en/podminky-pouzivani#osobni

European Centre for Disease Prevention and Control (28 Jun 2022). Considerations for contact tracing during the monkeypox outbreak in Europe. https://www.ecdc.europa.eu/en/publications-data/considerations-contact-tracing-during-monkeypox-outbreak-europe-2022

European Comission. Mobile applications to support contact tracing in the EU’s fight against COVID-19 Progress reporting June 2020. https://health.ec.europa.eu/system/files/2020-07/mobileapps_202006progressreport_en_0.pdf

European Commission. Purpose of data processing. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/purpose-data-processing_en

European Data Protection Board. Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 April 2020. https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_20200420_contact_tracing_covid_with_annex_en.pdf

European Data Protection Board. Guidelines 05/2020 on consent under Regulation 2016/679. https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en

European Data Protection Board (2022). Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19

https://edpb.europa.eu/news/national-news/2022/temperature-checks-brussels-airport-belgium-part-fight-against-covid-19_sv

European Data Protection Supervisor. TechDispatch #1/2020. Contact tracing with mobile applications. https://edps.europa.eu/data-protection/our-work/publications/techdispatch/techdispatch-12020-contact-tracing-mobile_en

European Data Protection Supervisor. Orientations on manual contact tracing by EU Institutions in the context of the COVID-19 crisis, 2 February 2021. https://edps.europa.eu/data-protection/our-work/publications/guidelines/orientations-manual-contact-tracing-eu_en

European Data Protection Supervisor. Glossary. https://edps.europa.eu/data-protection/data-protection/glossary_en

European Parliament resolution of 17 April 2020 on EU coordinated action to combat the COVID-19 pandemic and its consequences (2020/2616(RSP)). https://www.europarl.europa.eu/doceo/document/TA-9-2020-0054_EN.html

France. MinIstère de la Santé et de la Prévention (2022). TousAntiCovid. https://bonjour.tousanticovid.gouv.fr/privacy-en.html

Gobierno de España. Privacy policy of the Radar Covid Application. https://radarcovid.gob.es/en/privacy-policy

Gov. Poland. Stop Covid Documenty. https://www.gov.pl/web/protegosafe/dokumenty

GRC World Forums. Data masking: Anonymisation or pseudonymisation?. https://www.grcworldforums.com/data-management/data-masking-anonymisation-or-pseudonymisation/12.article

Health Service Executive. COVID Tracker App: Data Protection Information Notice (DPIN). https://www2.hse.ie/services/covid-tracker-app/data-protection-information-notice.html

HOIA Phone Application Privacy Policy. https://koodivaramu.eesti.ee/tehik/hoia/app-web/-/blob/master/content/privacy.en.md

IAPP. Layered Notice. https://iapp.org/resources/article/layered-notice/

Information Commissioner’s Office (ICO). Guide on Principle (a): Lawfulness, fairness and transparency. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/lawfulness-fairness-and-transparency/

Immuni App. Privacy. https://github.com/immuni-app/immuni-documentation#privacy

Korona Stop LT’ Privacy Policy. https://koronastop.lrv.lt/uploads/documents/files/corona-stop-app/Privatumo-politika-korona-stop-en.pdf

Privacy Statement. Contact Tracing App – Belgium. Corona Alert, 14 April 2022. https://coronalert.be/en/privacy-statement/

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679

Smitte stop (Denmark). Processing of Personal Data. https://smittestop.dk/en/data-protection/

Stop Covid-19 Exposure notifications. Privacy notice. https://stopcovid19.zdravlje.hr/html/privacy-policy.html

The Association of Schools of Public Health in the European Region (ASPHER). Contact Tracing Apps for COVID-19. An Overview of the European Region. October 2020. https://www.aspher.org/download/521/contact-tracing-apps-for-covid-19-an-overview-of-the-european-region.pdf

World Health Organization (2021). Contact tracing in the context of COVID-19. Interim guidance. https://apps.who.int/iris/bitstream/handle/10665/339128/WHO-2019-nCoV-Contact_Tracing-2021.1-eng.pdf?sequence=24&isAllowed=y

World Health Organization (2022). Surveillance, case investigation and contact tracing for mpox (monkeypox): interim guidance. https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_402e2db4-d306-4ff6-a386-e990da186971

Biografia de l'autor/a

Raif Baran Tombul, Universitat Autònoma de Barcelona

Doctorant de la Universitat Autonoma de Barcelona, al camp de Dret i Tecnologia a la Facultat de Dret. El seu interès de recerca rau a la Llei Europea de Protecció de Dades. Abans dels seus estudis a la Universitat Autonoma de Barcelona, va completar un diploma de postgrau a la Universitat de Londres, al camp de l'administració, i va acabar el programa de mestratge del Màster Europeu en Dret i Economia a la Universitat d'Hamburg i la Universitat d'Aix-Marseille, respectivament. A més, va completar la seva llicenciatura a la Universitat de Baskent al camp del dret.

Publicades

28-07-2023

Descàrregues

Les dades de descàrrega encara no estan disponibles.