In order to control the coronavirus epidemic, the government plans to create an application called “StopCovid”. Once the Bluetooth function is activated, the application will track who the user has been in contact with in the last 15 minutes and alert them if any of those poeple affirmed to be infected with Covid-19.This method has already been proven effective in some countries, such as China.
Quid juris?
The European Commission has given a favourable opinion on the creation of this application, provided that the data is destroyed once the epidemic is over.
Furthermore, the European Data Protection Supervisor has stated that even in these exceptional circumstances, the controller must guarantee the data protection of the subjects and arrange the least intrusive solutions, by collecting the minimum amount of data.
The CNIL points out that the implementation of such a system requires to be “limited in time” and effectively based on voluntary action and “free and informed consent”. It also recalls the main principles related to the collection of personal data (purpose of processing, transparency, security and confidentiality, proportionality and data minimization).
To be continued! “Stop Covid” is only in the early stages of development; it will take several weeks for the application to be perfected.