For months, the world has been asking: how can we avoid a resurge of the pandemic, which would be catastrophic for our economies and well-being? Part of the answer lies in establishing a screening and tracking system for people who have been exposed, in order to prevent them from infecting those around them in turn.

Many European governments have turned to a digital solution, already established in China and other Asian countries: encouraging citizens to download a Covid-tracking application on their smartphone.
The question is, however, if these applications hide a fundamental problem. When downloading a tracing app, are we introducing a digital Trojan horse into our private lives? While the apps are called “free,” we should know that nothing is truly free in the digital world. A customer will always pay for a service, one way or the other. In the digital world, this is often by giving unlimited access to all her or his personal information, possibly combined with a paid supplement via a subscription.
They say that the tracing apps will preserve our anonymity, because sensitive information is stored only on the smartphone. However, in reality, it is easy to associate the identity of the owner of a smartphone with his/her pseudonym.
We should not take this lightly. Medical data is the kind of data we want and need to protect the most, as it is the “ultimate frontier” between our body, our most intimate data on our physical individuality, and the outside world.
No independent audit system has been put in place to ensure that collected medical information is deleted in a definitive way after use
No new EU rules have been imposed ensuring that it is not sold to other platforms or data processors, nor any penalties or fines in the event of breaches have been introduced as with GDPR.
Digital platforms do all this without limitations, without being subject to any legislation protecting our privacy except GDPR (which is not sufficient anymore and needs enlargement of scope and enhanced implementation by national authorities), without any sovereign public control nor independent audit over time.
The EU Court of Justice ruling published on July 16, 2020 denouncing the US-EU data sharing deal Privacy Shield as it fails to protect EU citizen’s Privacy, is clearly a signal that we need to dramatically strengthen our EU protection policies and avoid being too accommodating as the stakes are extreme.

Author: Pierre Pozzi Belforti