In recent days we are witnessing the birth of numerous apps, at the European, state, and even local level, to help the authorities manage the coronavirus crisis through self-diagnostic tests and contact tracking. Here in the Balearic Islands, we have Clinicovery, available from April 17.
With the arrival of these applications, a certain debate has arisen between health and privacy, as if both were exclusive and we should choose. The problem has its origin in fear and in the speed with which many of the solutions that are presented these days have been developed even technological ones.
The “haste” in the announcement and development of many of them has led to the recommendations contained in the European Commission Communication on applications that support the fight against COVID-19 in relation to data protection not being followed.
In this way, it has been common for these apps to present little elaborate privacy policies, not adapted to the sensitivity of the data they were going to use, even citing laws that have already been repealed. Given this circumstance, many are the voices that have been raised against these applications, as if their mere use implies that users see their privacy compromised. However, rather than in the face of abusive forms of control, we believe that hasty and accelerated developments have led to legal breaches (which have normally been resolved).
After all, we must not forget that according to the seventeenth additional provision of Organic Law 3/2018 on the Protection of Personal Data: “The health authorities and public institutions with powers in public health surveillance, may carry out scientific studies without the consent of those affected in situations of exceptional relevance and gravity for public health “.
The debate is not so much whether or not these tools can be used, it is how they are used. Therefore, and for these applications to be part of the solution to the problem we face, we must first assume two premises:
a) The public health crisis caused by the current pandemic is unprecedented and requires exceptional solutions in many areas.
b) Technologies and adequate use of data can provide great solutions at the informational level and data exchange between organizations, authorities, and citizens.
Although, as we said, these applications must adequately comply with current legislation regarding personal data. To help this compliance, we are going to give a series of recommendations:
1.- The starting point of any application must continue to be the protection of privacy and data. In other words, privacy by design.
2.- Whenever possible, the data should be anonymous and aggregated. The individualization of the data can generate stigma and social rejection.
3.- Real cybersecurity mechanisms must be implemented since when we use health data, any precaution is little.
4.- If the data is collected to help contain the pandemic, once that objective is achieved, the personal data should be deleted.
5.- The user must always be clearly informed and be able to easily exercise their rights.
Faced with this situation we are experiencing, without a doubt we must be innovative and make the best possible use of technology in the fight against the pandemic. Of course, it must always be borne in mind that although the law does not prevent its use, it does not allow disproportionate actions that limit the rights of citizens.