|
Panel I: Value of Contact Apps as part of the response to the pandemic
MEP Véronique Trillet-Lenoir (Renew, France) stated that this digital solution is only an additional tool, which does not replace social distancing and should not replace our values.
Lina Nerlander from the European Centre for Disease Prevention and Control underlined the benefits of manual contact tracing, which is already successfully done in Asia and Europe. In manual contact tracing, the medical staff manually contacts (phone calls) a list of people who were in contact with an infected person. Contact tracing apps can help but should not replace manual contact tracing.
Nuria Oliver, Chief Data Scientist at Data-Pop Alliance, explained that GPS location can be used for contact tracing, but this raises privacy concerns and accuracy is limited. Bluetooth is favoured because it is more accurate (especially in indoor environments) and it can work in the metro as well. Singapore has been the first nation to use Bluetooth for COVID-19 contact tracing. The adoption of the application in Singapore has been around 20% of the total population.
How does this work? The smartphone generates a Temporary Contact Number (TCN) which is exchanged with other smartphones. If one person is tested positive, he/she enters a special code (most likely given by medical staff to avoid abuse) and all persons in close contact with the infected person will be alerted.
In a centralised approach, the TCN generation is defined by a centralised trusted authority. This central authority processes the entire TCN list if a person is infected.
In a decentralised approached, the TCN generation is done locally in the phone. Only the TCN of an infected person is sent to a global server.
Clayton Hamilton, Technical Officer at the World Health Organisation, explained that a critical mass using the application is needed for such an app to be effective, this could be around 70% of the population. Privacy and ethical concerns also need to be thoroughly examined. Some States might want to include a phone number to have a personal touch, despite clear risk of identification.
Panel II: Which model? Which technical requirements?
MEP Dita Charanzová (Renew, Czech Republic) moderated this panel. She insisted on the need for an interoperable system because people travel across borders.
Michael Veale, Co-Developer for the project Decentralized Privacy-Preserving Proximity Tracing (DP3T), explained that if the application is badly designed, all the network data (who you have seen etc.) can be revealed. In the DP3T system, no personal identification leaves the phone. The user decides what is sent out to the world, unlike in a centralised system. Users can still provide data to epidemiologists if they want.
In order to minimise the risks of false positive (for instance neighbours on the other side of a thin wall), received keys will be disregarded when the signal is weaker. Users will also be able to choose which part of the day they want to take into account.
Michael Veale explained that the DP3T model and the Google/Apple model are similar, but some technical adjustments are needed to make them fully compatible.
Dave Burke, Vice President for Engineering at Google, gave details on the current Google/Apple project. This initiative aims to develop an API facilitating the development of contact tracing applications. The API is a component to make it easier to build an application, but developers are not obliged to use this API.
First, Dave Burke enumerated the challenges:
-Bluetooth interoperability across smartphone platforms and manufacturers
-Fragmentation and interoperability across borders
-Privacy concerns with centralised collection of data
-Power issues with Bluetooth running in the background
In the Google/Apple project, smartphones in close contact are constantly exchanging cryptographic keys. If a person is tested positive, the 14 last days of infected cryptographic keys will be sent to a server relay, where they can be checked against keys recorded by smartphones of people who were in contact with the infected person.
Dave Burke presented the main features of the Google/Apple API:
-No location is used
-It is anonymous, the keys which are sent to other smartphones are changed very frequently, for instance every 15 minutes (the phone is constantly changing its key).
-It will be fully interoperable Android and iOS.
-Public health authorities provide an application, a server for the application, and a server relay (for the 14 days of infected cryptographic keys).
Timeline:
-April: publication of specifications, and beta API release for developers.
-May: production rollout of APIs on Android 6 and iOS 13 forward.
Gary Davis, Global Director of Privacy & Law Enforcement Requests at Apple, highlighted that explicit user consent is required. It is key not to collect user identity or location data from the device. It must be up to the users to decide what they want to share. Gary Davis stresses that people who are tested positive should not be identified to other users, Google or Apple.
Panel III: Privacy, transparency, civil rights, cyber security
MEP Karen Melchior (Renew, Denmark) stated that contact tracing applications should only be used when there is explicit consent. One concern is that some Member States might use the technology to check compliance with lockdown, which would undermine trust.
Wojciech Wiewiórowski, European Data Protection Supervisor, questioned the need for such applications and their efficiency. Some studies show that these applications are useless if not only 20% of the population uses them, other studies show that 60% is needed. He warned that in case these applications are found not to be effective, additional functionalities will be added to make them more useful, such as immunity passports.
In some cases, consent might be required to download the application but during use other data is sent to a server, including location data of the device.
Regarding the opposition between centralised and decentralised systems, Wojciech Wiewiórowski explained that it is very difficult to make the difference. There might still be a central backend server in decentralised systems.
The European Data Protection Supervisor listed the sine qua non conditions for these applications: 1) temporary, 2) purpose-limited, 3) access only to those dealing with epidemiology, 3) oversight from data protection authorities, 4) exit strategy on how to leave the application when the crisis is over.
Estelle Massé, Senior Policy Analyst at Access Now (NGO), explained that there is little evidence these applications can help counter the spread of the virus. For instance, in Singapore the country had to go back to lockdown, despite the use of the application. The long-term impact of these technologies must be assessed.
Khalil Rouhana, Deputy Director General at DG CNECT, European Commission, stresses that we must ensure these tracing apps prove to be efficient and are trusted. There should be no opposition between efficiency and data protection.
The Commission has engaged with the Member States and hopes that a common approach can be agreed on. The Commission has issued recommendations two weeks ago. Guidance on privacy and data protection should also be issued. In addition, the Commissioner is coming up with a legal framework on the conditions under which data can be used and exchanged across borders.
The Commission stays apart from the debate on the centralised or decentralised approach. However, Khalil Rouhana underlined that there cannot be identification of people (e.g. phone numbers).
Security concerns are important; therefore, data should be anonymous.
In her closing remarks, Sophie In’t Veld called on the European Commission to put forward a legislative framework, not only to answer privacy concerns but also to ensure harmonisation and interoperability.
Next steps:
A debate on contact tracing apps will take place during the European Parliament’s plenary session in May.
For any question on this issue, do not hesitate to contact Camille Dornier: camille.dornier@eurosmart.com
|
