Aspectes de privadesa de les aplicacions de rastreig de contactes a Europa i recomanacions per al seu ús futur
Resum
La primera pandèmia global a l'era de la digitalització va indicar que hi podria haver nous tipus de riscos de privadesa, derivats de les activitats de processament que tenen lloc dins l'abast de les activitats de rastreig de contactes digitals. Si bé cal protegir principalment el dret a la vida de totes les persones que viuen a la comunitat, també s'ha de considerar el seu dret a la privadesa. Per això, tant els reguladors com els controladors de dades han d'assolir un equilibri entre la privadesa i la salut pública. El propòsit d'aquesta revisió és analitzar els esforços de compliment dels controladors de dades a Europa, amb les regulacions i les guies de protecció de dades existents a la UE i extreure lliçons per a l'ús d'aplicacions de rastreig de contactes, dins l'abast d'escenaris de desastres potencials que puguin sorgir en el futur, mitjançant la revisió de la literatura existent i de les polítiques de privadesa de les aplicacions.
Paraules clau
Llei Europea de Privadesa, Dret de la Unió Europea, Pandèmia, Seguiment de contactes digitals, Protecció de dadesReferències
Bengio, Y. (et al.) (2020). A. The need for privacy with public digital contact tracing during the COVID-19 pandemic. Lancet Digit Health, 2(7), p. e342-e344. https://doi.org/10.1016/S2589-7500(20)30133-3
Blasimme, A.; Ferretti, A. and Vayena E (2021). Digital Contact Tracing Against COVID-19 in Europe: Current Features and Ongoing Developments. Frontiers in Digital Health, 3:660823. https://doi.org/10.3389/fdgth.2021.660823
Calzolaio, S. (2016). Digital (and privacy) by default. Constitutional identity of e-government. Giornale di Storia Costituzionale, 31, p, 185. http://www.storiacostituzionale.it/doc_full-text/GSC_31_full-text.pdf
Hatamian, M., Wairimu, S., Momen, N. & Fritsch, L. (2021). A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empirical software engineering, 26, 36. https://doi.org/10.1007/s10664-020-09934-4
Hernández-Orallo, E.; Calfate, C.T.; Cano, J.C.; Manzoni, P. (2020). Evaluating the effectiveness of COVID-19 Bluetooth-Based smartphone contact tracing applications. Applied Sciences, 10 (20). https://doi.org/10.3390/app10207113
Hintze, M. (2019). Privacy Statements under the GDPR. Seattle University Law Review, 42(3). https://digitalcommons.law.seattleu.edu/sulr/vol42/iss3/7/
Hobson, S.; Hind, M.; Mojsilovic, A. and Varshney, K.R. (2020). Trust and transparency in contact tracing applications. arXiv:2006, 11356. https://doi.org/10.48550/arXiv.2006.11356
Legendre, F.; Humbert, M.; Mermoud, A.; Lenders, V. (2020). Contact tracing: An overview of technologies and cyber risks. arXiv:2007, 02806. https://doi.org/10.48550/arXiv.2007.02806
Mbunge, E (2020). Integrating emerging technologies into COVID-19 contact tracing: Opportunities, challenges and pitfalls. Diabetes & Metabolic Syndrome, 14(6). https://doi.org/10.1016/j.dsx.2020.08.029
O'Connell, J. (et al.) (2021). Best practice guidance for digital contact tracing apps: a cross-disciplinary review of the literature. JMIR mHealth and uHealth, 9(6). https://doi.org/10.2196/27753
Scantamburlo, T. (et al.) (2021). Covid-19 and tracing methodologies: A lesson for the future society. Health and Technology, 11,.pp. 1051–1061. https://doi.org/10.1007/s12553-021-00575-1
Ventrella, E. (2020). Privacy in emergency circumstances: data protection and the COVID-19 pandemic. ERA Forum, 21, pp. 379–393. https://doi.org/10.1007/s12027-020-00629-3
Vergallo, G. M.; Zaami, S. and Marinelli, E. (2021) The COVID-19 pandemic and contact tracing technologies, between upholding the right to health and personal data protection. European Review for Medical and Pharmacological Sciences, 25 (5), pp. 2449-2456. https://doi.org/10.26355/eurrev_202103_25286
Vuokko, R.; Saranto, K. and Palojoki, S. (2021). Features of COVID-19 applications and their impact on contact tracing: results of preliminary review. Finnish Journal of eHealth and eWelfare, 13(4). https://doi.org/10.23996/fjhw.109253
Official documentation
Application #OstaniZdrav. Privacy notice. https://www.gov.si/assets/vlada/Koronavirus-zbirno-infografike-vlada/APP-OstaniZdrav/Privacy-notice.pdf
Apturi Covid Privacy Policy. https://apturicovid.lv/privatuma-politika/#en
Article 8 of the Charter of Fundamental Rights of The European Union (2000/C 364/01), protection of personal data. https://fra.europa.eu/en/eu-charter/article/8-protection-personal-data#:~:text=1.,basis%20laid%20down%20by%20law
Article 29 Data Protection Working Party. Opinion 03/2013, Opinion on Purpose Limitation. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf
Article 29 Working Party Guidelines on Transparency under Regulation 2016/679. https://gdpr-text.com/guidelines/transparency/
Communication from the Commission Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection 2020/C 124 I/01. OJ C 124I, 17.4.2020, p. 1–9. https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1587141168991&uri=CELEX:52020XC0417(08)
Corona Melder. Privacy Policy. https://coronamelder.nl/en/privacy
Corona Warn App. Privacy Notice Version 3.2. https://www.coronawarn.app/assets/documents/cwa-privacy-notice-en.pdf
Decision of the EEA Joint Committee No 154/2018 of 6 July 2018 amending Annex XI (Electronic communication, audiovisual services and information society) and Protocol 37 (containing the list provided for in Article 101) to the EEA Agreement [2018/1022]. OJ L 183, 19.7.2018, p. 23–26. https://eur-lex.europa.eu/eli/dec/2018/1022/oj
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). OJ L 201, 31.7.2002, p. 37–47. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (Text with EEA relevance). OJ L 337, 18.12.2009, p. 11–36. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0136
eHealth Network. Mobile applications to support contact tracing in the EU’s fight against COVID-19 Common EU Toolbox for Member States. Version 1.0. 15 April 2020. https://ec.europa.eu/health/system/files/2020-04/covid-19_apps_en_0.pdf
eRouska. Terms and Conditions and Privacy Policy. https://erouska.cz/en/podminky-pouzivani#osobni
European Centre for Disease Prevention and Control (28 Jun 2022). Considerations for contact tracing during the monkeypox outbreak in Europe. https://www.ecdc.europa.eu/en/publications-data/considerations-contact-tracing-during-monkeypox-outbreak-europe-2022
European Comission. Mobile applications to support contact tracing in the EU’s fight against COVID-19 Progress reporting June 2020. https://health.ec.europa.eu/system/files/2020-07/mobileapps_202006progressreport_en_0.pdf
European Commission. Purpose of data processing. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/purpose-data-processing_en
European Data Protection Board. Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 April 2020. https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_20200420_contact_tracing_covid_with_annex_en.pdf
European Data Protection Board. Guidelines 05/2020 on consent under Regulation 2016/679. https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en
European Data Protection Board (2022). Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19
European Data Protection Supervisor. TechDispatch #1/2020. Contact tracing with mobile applications. https://edps.europa.eu/data-protection/our-work/publications/techdispatch/techdispatch-12020-contact-tracing-mobile_en
European Data Protection Supervisor. Orientations on manual contact tracing by EU Institutions in the context of the COVID-19 crisis, 2 February 2021. https://edps.europa.eu/data-protection/our-work/publications/guidelines/orientations-manual-contact-tracing-eu_en
European Data Protection Supervisor. Glossary. https://edps.europa.eu/data-protection/data-protection/glossary_en
European Parliament resolution of 17 April 2020 on EU coordinated action to combat the COVID-19 pandemic and its consequences (2020/2616(RSP)). https://www.europarl.europa.eu/doceo/document/TA-9-2020-0054_EN.html
France. MinIstère de la Santé et de la Prévention (2022). TousAntiCovid. https://bonjour.tousanticovid.gouv.fr/privacy-en.html
Gobierno de España. Privacy policy of the Radar Covid Application. https://radarcovid.gob.es/en/privacy-policy
Gov. Poland. Stop Covid Documenty. https://www.gov.pl/web/protegosafe/dokumenty
GRC World Forums. Data masking: Anonymisation or pseudonymisation?. https://www.grcworldforums.com/data-management/data-masking-anonymisation-or-pseudonymisation/12.article
Health Service Executive. COVID Tracker App: Data Protection Information Notice (DPIN). https://www2.hse.ie/services/covid-tracker-app/data-protection-information-notice.html
HOIA Phone Application Privacy Policy. https://koodivaramu.eesti.ee/tehik/hoia/app-web/-/blob/master/content/privacy.en.md
IAPP. Layered Notice. https://iapp.org/resources/article/layered-notice/
Information Commissioner’s Office (ICO). Guide on Principle (a): Lawfulness, fairness and transparency. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/lawfulness-fairness-and-transparency/
Immuni App. Privacy. https://github.com/immuni-app/immuni-documentation#privacy
Korona Stop LT’ Privacy Policy. https://koronastop.lrv.lt/uploads/documents/files/corona-stop-app/Privatumo-politika-korona-stop-en.pdf
Privacy Statement. Contact Tracing App – Belgium. Corona Alert, 14 April 2022. https://coronalert.be/en/privacy-statement/
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
Smitte stop (Denmark). Processing of Personal Data. https://smittestop.dk/en/data-protection/
Stop Covid-19 Exposure notifications. Privacy notice. https://stopcovid19.zdravlje.hr/html/privacy-policy.html
The Association of Schools of Public Health in the European Region (ASPHER). Contact Tracing Apps for COVID-19. An Overview of the European Region. October 2020. https://www.aspher.org/download/521/contact-tracing-apps-for-covid-19-an-overview-of-the-european-region.pdf
World Health Organization (2021). Contact tracing in the context of COVID-19. Interim guidance. https://apps.who.int/iris/bitstream/handle/10665/339128/WHO-2019-nCoV-Contact_Tracing-2021.1-eng.pdf?sequence=24&isAllowed=y
World Health Organization (2022). Surveillance, case investigation and contact tracing for mpox (monkeypox): interim guidance. https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_402e2db4-d306-4ff6-a386-e990da186971
Publicades
Descàrregues
Drets d'autor (c) 2023 Raif Baran Tombul
Aquesta obra està sota una llicència internacional Creative Commons Reconeixement-NoComercial-CompartirIgual 4.0.
