Data sovereignty holds the key to widespread adoption of COVID-19 apps
Concerns are growing as ever-more governments explore the idea of tracking and tracing apps as a way of monitoring and slowing the spread of COVID-19. Obviously, society must use all possible means to fight the pandemic, including technology and data. But that shouldn’t mean casting aside the fundamental European values. Numerous institutions, associations, interest groups and experts have already expressed their reservations and are calling for a more rigorous app development process to ensure that those values are upheld. But what do they mean? What are ‘European values’? And how can we safeguard them?
Due to the COVID-19 crisis, a variety of mobile applications are being developed in different countries, many of them by governments and public authorities. The apps are aimed at using technology and data to slow the spread of coronavirus infection until a vaccine is widely available. Each app is slightly different. For example, certain apps are designed for the general public, while others are limited to closed user groups directed at monitoring contact in the workplace. However, they all tend to serve three general functions.
The key functionalities of a coronavirus app (from the European Commission Recommendation):
- Monitoring the user’s health (often combined with a self-diagnosis questionnaire), informing/advising them and facilitating the organisation of medical follow-up in the case of symptoms
- Warning the user if they have been in proximity to an infected person and advising them on appropriate action in order to break the chain of infection. This is key in both slowing the initial spread of the virus and preventing resurgence after lockdown measures are eased
- Monitoring and enforcing the quarantine of infected people, possibly combined with features assessing their health condition during the quarantine period.
Two main challenges: adoption and trust
Generally speaking, the effectiveness of such mobile apps has not been fully evaluated, mainly due to the pressure to launch a coronavirus app as quickly as possible. In our view, success depends above all on sufficient user penetration. This presents two main challenges: adoption and trust.
For widespread adoption, firstly a high percentage of the population must be able to ‘technically adopt’, i.e. they must own a mobile device and be tech-savvy enough to use it. Secondly, a high percentage of those mobile device owners must actually download the app and consent to the processing of personal data concerning them (without subsequently withdrawing that consent).
Trust is above all the most important factor in achieving adoption. Citizens must trust that their data will be protected by appropriate security measures and used exclusively for the specified goals to which users have consented. Public health authorities should not only endorse the app but must also be able to take necessary action based on the data generated by it. This requires integration and data sharing with other systems and applications, and ideally also cross-border and cross-regional interoperability with other systems, which adds an extra dimension to the issue of data security and trust regarding how the data will be used.
Dealing with data in a ‘European way’
Clearly, the development of a national coronavirus app requiring citizens to volunteer their data for surveillance purposes blurs the boundaries between public health and civil liberties. Therefore, in recent weeks, various European Member States, public and private-sector institutions, experts, associations, opinion makers and trendwatchers have expressed their concerns about cybersecurity, data security and privacy. There are growing calls for coordination at EU level to focus on ‘European values’, and especially on the protection of the fundamental right to privacy and protection of personal data.
For example, in mid-April Veilig Tegen Corona, a coalition of concerned groups in the Netherlands, called for the development process of coronavirus apps to be carefully considered and above all focused on utility and necessity. The coalition has published a list of ten key criteria for such an app.
European data strategy is built on European values
Luckily the EU already has a vision for European data sharing in place that revolves around the European values: the European Data Strategy. This was developed to ensure Europe’s global competitiveness. The European Commission considers data to be an essential resource for economic growth, competitiveness, innovation, job creation and societal progress in general. (Click here to watch an interview with Yvo Volman, Head of EU Communication and Technology).
In an extension of the European Data Strategy, an EU Recommendation sets out the recommended steps and measures for developing a common EU-wide approach for the use of mobile apps and mobile data. In the context of fighting the coronavirus pandemic, this recommendation can be applied to the development and use of tracking and tracing apps with respect to fundamental European values.
Closer examination of Veilig Tegen Corona’s ten criteria reveals that most of the concerns raised are addressed by the EU Recommendation’s principles covering privacy and data-protection aspects of use of mobile applications. In other words, these principles serve as an excellent basis for app developers to ensure sufficient safeguards against the abuse of data generated by a national/international COVID-19 app.
(Click here for a full analysis of how the EU Recommendations cover the ten criteria).
How to safeguard European values
We welcome both the Veilig Tegen Corona criteria and the EU Recommendation because they echo our long-standing call for data sovereignty. People need ways to exercise their data rights. The importance of this had already started to emerge in the data economy before the COVID-19 outbreak, but the pandemic has now propelled the issue to the forefront of people’s minds and to the top of political agendas.
Thanks to the EU Data Strategy and its Recommendation, tangible, actionable and executable guidelines are now in place to enable people and organisations alike to govern their own data, putting them in charge of deciding who has access to their data and under what conditions.
At INNOPAY, we believe that data sovereignty holds the key to the success of COVID-19 apps since it provides the foundation for widespread adoption based on user trust, in line with European values.
Interview with Yvo Volman
The European Data Strategy is built on a new approach to handling data. The EU hopes to play a leading role in the future of data security by making better decisions. Yvo Volman - Head of the 'Data Policy and Innovation' unit in the Directorate General for Communication Networks, Content and Technology of the European Commission -, believes that Europe can lead the way because it is strong in areas of public interest. The European Data Strategy provides a new framework for handling data, based on the belief that individuals and companies should be in control of their data. This is built around ‘European values’.