Privacy and Corona apps in the Netherlands

Following the Covic-19 outbreak that started almost a year ago, governments decided to implement different public health restrictions to help fighting the spread of the virus. From the mandatory wearing of masks to the curfew that has been established in most European countries, these rules have not ceased to further expand. While these measures might have some beneficial outcomes, others argue that the sanitary crisis does not justify the suspension of our liberties. Now that these regulations have started to be lifted in some countries, the safety of this progressive removal has been accompanied by the emergence of new technologies under the form of contact tracing apps.[1] But what does this entail for our privacy?

First of all, it is important to explain the goal of these apps. Indeed, they were created with the aim to track and trace users that have been infected with the Coronavirus to inform via Bluetooth other users if they have been in contact with the person infected and guide them through the steps they might have to take.[2] Based on consent given by the users downloading the app, they are controlled by an anti-abuse clause that prohibits their mandatory use. Although the 7 selected apps do not require any name or personal information and claim to send random Bluetooth codes to operate anonymously, it is doubtful that their access to data entirely respects privacy laws. For instance, in 2020 already, privacy experts studied the different apps and deemed none of them compliant. The blurred information provided by each of these apps and their lack of clarity were assessed as insufficient. Accordingly, problems of accuracy were mentioned regarding the conveyance of the waves used by a Bluetooth network.[3] The DDPA (Dutch Data Protection Authority) already identified the same issues when reviewing the draft bill of the Temporary Act Notification-application Covid-19 that amended the Dutch Telecommunication Act and gave extensive powers over people’s telecommunication data to the National Institute for Health and Environment.[4] Them keeping data on a centralized server, although for no more than 14 days also raised concern since its access is not only reserved to the data controller (Minister of Health and the Welfare and Sport and the Regional Public Health Authorities) but also by the controller of the backend server, that is CIBG and KPN, a private company.[5] This is where things get a little more complicated privacy-wise. Citizens are worried about their data being used by the government, but what if the real danger was the use of their data by private organizations? Indeed, whereas the DDPA was quite satisfied by the CoronaMelder app, that is to say the main app used in the Netherlands, its biggest worry for privacy issues concerned the Google Apple Exposure Notification Framework, in other words, the software that allows for the use of applications such as CoronaMelder. It seems very unclear whether Google and Apple do access to the data shared by users in the app and therefore the DDPA advised the Minister of Health to establish an agreement with Google and Apple to ensure the safety of people’s personal data from these organizations.[6]

The conclusion that can be drawn from this analysis is that Corona apps are not completely on point regarding privacy laws. Their unclear access to data and their lack of transparency indeed challenges their compliance on the legal perspective. But what if the real danger was coming from data access and storing by private organizations? As it stands, the Dutch government should urge to find an agreement with the relevant organizations to enforce the prohibition of those companies to access and share people’s data.

[1] Contact tracing apps in the Netherlands: A new world for data privacy, December 2020, retrieved from

[2] CoronaMelder app preview, retrieved from

[3] “None of seven proposed corona apps meets privacy criteria, says legal advisor”, Dutch News, April 2020, retrieved from < https://www.dutchnews.nl/news/2020/04/none-of-seven-proposed-corona-apps-meets-privacy-criteria-says-legal-advisor/>

[4] Contact tracing apps in the Netherlands, A new world for data privacy, December 2020, p.1, retrieved from

[5] Ibid, p.3

[6] Ibid, p.2

Uitgelicht

Constitutional review of Acts of Parliament: the creation of a concentrated or a decentralized system for Netherlands

Uitgelicht

Artificial islands under the United Nations Convention on the Law of the Sea

Uitgelicht

Defining the Relevant Market: An Analysis of the European Commission's Approach in Article 102 TFEU Cases

Privacy and Corona apps in the Netherlands

Over de auteur

Lucie Converset

gerelateerde berichten

Brexit or no-brexit: tension in the UK with regard to Theresa May’s proposal

Viktor Orbán and his war on democracy in Hungary

A change. A counter-Latin America flow

MAD-ness

Laat een antwoord achter Reactie annuleren

Categorieën

Recente berichten

Our Authors

Aarushi Bansal

Aditi Anil

Afina Azzahra Krisdianatha

Alan Campos Elias Thomaz

Alex Dulieu

Amal Akdimi

Anastasiou Andromachi

Andrea Castro Fernández

Anna Hell

Anne van Drimmelen

Anouk Oomen

Bauke Bakkers

Brandon Schell

Chadine Chraiha

Charlotte Couteaux

Colleen Mahlert

Danielle van Hout

Daphne Stevens

Delyana Petkova

Denitsa Dineva

Dennis van Gaal

Diego Lago Rigueras

Dominique Hoekstra

DualBrands

Eline Janssen

Eline van Hoek

Ellis Martens

Epistimi Pozidou

Esmee de Koning

Fabienne Paanakker

Ferdous Ameri

Gerry de Groot

Henkjan van Dijk

Iris den Bieman

IT Department VMGR

Jesse van der Meulen

Joseph Lewis

Juanita Jaramillo

Julia Rattenbury

Kate Conradie

Katerina Papazi

Kurmi Peters

Laila Tarifit

Laura Kata Szegi

Laura Nagy

Leya Pandova

Lisa van Hoof

Louise van der Aa

Lucie Converset

Maud Aarts

Melissa Gomo

Mika Klaus

Mirte Nijhof

Nadya Kool

Ole Roeland

Pamela Ilieva

Phoebe Sirotin

Prerna Bairwa

Redactie SecJure

Reuben Hofman

Richard

Rick Videler