In the time of the Covid-19 pandemic surveillance technologies seem to flourish.
From the StopCovid application, which is supposed to identify people who have been in contact with an infected person, through the SI-DEP and Contact Covid contact tracing systems, to drones and smart cameras, has surveillance gone too far?
According to Marie-Laure Denis, the president of CNIL (the French data protection authority), the lively debate on these questions shows the importance and the sensitivity of the question for civil society and the government. As for the question of having gone too far, she points to the guarantees for personal data requested by CNIL that were mostly integrated into the legislation on the tracking application and other coronavirus-related surveillance. She also highlights that CNIL will focus on making sure that after the temporal scope of the tracking solutions expires they will be discontinued and that the collected data will be entirely deleted.
The interview also touches upon the subject of the Health Data Hub (a platform for centralising a large amount of medical data, currently hosted by Microsoft) – Denis has expressed her wish that the hub should be hosted by a European corporation, given the sensibility of the data and the possibility that the American authorities might access it, it would be better if the platform was hosted within the jurisdiction of the EU. This also sends a message that for future projects it might be better to avoid trusting Microsoft, Google or others with our data – a concern shared by many, among them the authorities.
Finally, with regards to the 50 million euro fine levied on Google that the Council of State has recently upheld, the interviewer notes that the CNIL is the only data protection authority that used the tool provided by the GDPR. In her answer the president said that there are currently 150 cases in progress, while in the past two years more than 80 decisions have been made in cross-border cases. She added that large scale class actions against digital platforms enjoy priority as there are high expectations and it is the data protection authority’s duty to respond as quickly as possible.
Author: Martin Untersinger