e dot dot dot
a mostly about the Internet blog by

home << Policy << auto european commission wants coronavirus tracing apps to build in strong protections for privacy unlike the french government

July 2020
Sun Mon Tue Wed Thu Fri Sat

Sat, 25 Apr 2020

European Commission Wants Coronavirus Tracing Apps To Build In Strong Protections For Privacy -- Unlike The French Government

Furnished content.

Techdirt has just written about France's incredibly hypocritical attitude to privacy when it comes to contact tracing apps for COVID-19. The European Commission seems to be rather more consistent in this area. As well as pushing privacy legislation like the GDPR and ePrivacy Directive, it has released a series of documents designed to help EU Member States create tracing apps without compromising on citizens' privacy. For example, on April 8, it adopted a "Recommendation to support exit strategies through mobile data and apps", which called for "a joint toolbox towards a common coordinated approach for the use of smartphone apps that fully respect EU data protection standards". Details followed a week later, when the European Commission announced a pan-EU toolbox for "efficient contact tracing apps to support gradual lifting of confinement measures". A 44-page document spelled out in some detail (pdf) the "essential requirements" for national apps deployed in the region -- that they should be:

voluntary;approved by the national health authority;privacy-preserving -- personal data is securely encrypted; anddismantled as soon as no longer needed.
Finally, as if to underline the importance of respecting citizens' privacy yet further, the European Commission released another communication (pdf) providing "Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection". The whole section on security is worth reading in full, since it offers a good summary of the current thinking on the best ways to preserve privacy with these apps:
The Commission recommends that the data should be stored on the terminal device of the individual in an encrypted form using state-of-the art cryptographic techniques. In the case that the data is stored in a central server, the access, including the administrative access,should be logged.Proximity data should only be generated and stored on the terminal device of the individual in encrypted and pseudonymised format. In order to ensure that tracking by third parties is excluded the activation of Bluetooth should be possible without having to activate other location services.During the collection of proximity data via [Bluetooth Low Energy communications between devices] it is preferable to create and store temporary user IDs that change regularly rather than storing the actual device ID. This measure provides additional protection against eavesdropping and tracking by hackers and therefore makes it more difficult to identify individuals.The Commission recommends that the source code of the app should be made public andavailable for review.Additional measures to secure the data processed can be envisaged notably with automatic deletion or anonymisation of the data after a certain point in time. In general, the degree of the security should match the amount and sensitivity of personal data processed.All transmissions from the personal device to the national health authorities should beencrypted.
The contrast between this rigorous and comprehensive approach to safeguarding the rights of citizens and France's cavalier disregard for the same, is stark. Unfortunately the Commission's guidance is not legally binding and is likely to be ignored by the French government, which often insists on going its way, as with its terrible implementation of Article 17 of the EU Copyright Directive.Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Read more here

posted at: 12:00am on 25-Apr-2020
path: /Policy | permalink

0 writeback(s)


URL/Email: (optional)
[http://... or mailto:you@wherever]
Title: (optional)
Please enter the anti-spam code shown below: 

home << Policy << auto european commission wants coronavirus tracing apps to build in strong protections for privacy unlike the french government

July 2020
Sun Mon Tue Wed Thu Fri Sat

 - blog home

 - Announcements  (1)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (1)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (146)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (1936)
 - Programming  (0)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (5)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (1)
     - Magazines  (0)
     - Online_Articles  (4)
 - Resume_or_CV  (1)
 - Reviews  (1)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (1)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (1)
          - The_Rest  (0)
          - USA  (1)
 - Windows  (1)
 - Woodworking  (0)

 -2020  July  (14)
 -2020  June  (46)
 -2020  May  (49)
 -2020  April  (48)
 -2020  March  (47)
 -2020  February  (46)
 -2020  January  (48)
 -2019  December  (44)
 -2019  November  (52)
 -2019  October  (49)
 -2019  September  (46)
 -2019  August  (52)

My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com