TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe, 24 April 2020 Related reading: Notes from the IAPP Europe, 17 April 2020



An interesting phenomenon can be witnessed in Germany these days.

Like in many countries, most of our fundamental rights are restricted or suspended altogether during these very special times. Think of the right to liberty enshrined in Article 6 of the EU Charter of Fundamental Rights, which is severely restricted by the ubiquitous stay-at-home orders and other lockdown measures. Or take Article 10, which guarantees the right to "manifest religion." Not to mention the right of education, jeopardized by the closure of schools across Europe; the freedom to conduct business, undermined by the forced closure of shops and other businesses; and the factual abrogation of the right of asylum by closing off the EU borders.

Put short, at least in Germany, we have not seen such a massive and radical restriction of fundamental rights since World War II. Surprisingly, though, there is little to no skepticism or democratic debate so far. Germans seem to be happy with the current situation in the hope that sacrificing their fundamental rights will help fight the pandemic and allow a timely return to normality.

A closer look, however, shows the following: Even in these difficult times, there seems to be one fundamental right Germans cling to, and that is privacy of communications and protection of personal data. Over the past weeks, this phenomenon has been starkly illustrated twice.

First, the German federal government failed to push through Parliament a revision of the German Infections Protection Act ("Infektionsschutzgesetz"), which inter alia would have given the federal government extensive rights to tap into mobile phone data, including personal location data, to track the location of infected individuals and their contacts. This draft law had to be withdrawn following massive criticism by privacy advocates, including the German Federal Commissioner for Data Protection.

Second, for weeks, the so-called COVID-19 tracing apps have been discussed and eagerly awaited in Germany and elsewhere in Europe. The German government has repeatedly described them as a cornerstone and a precondition for the "exit" and the lifting of current restrictions. Yet, we are still waiting for these apps and just learned that they will not be ready in Germany before mid-May. Guess why? Privacy concerns — which are also discussed in public — are currently holding up the development. A number of academics involved with the development of the German "corona app" grew more and more skeptical with the centralized approach of the PEPP-PT platform and started favoring a decentralized approach (e.g., DP-3T) as also championed by Apple and Google.

Both examples clearly show the importance placed by Germans on the protection of their personal data. Articles 7 and 8 of the EU Charter of Fundamental Rights seem to be the only fundamental rights Germans are not willing to give up for the sake of the fight against the virus.

Now, what does this mean for us privacy professionals? First of all, it shows that our job remains important in the middle of this pandemic. The "new normal" might mean that we have to give up some of our fundamental rights temporarily (although, a little more democratic debate would be nice).

However and most importantly, it is more crucial than ever to insist on the protection of personal data and the balancing of rights. All the guidance published by the EU regulators in the last days and weeks shows one thing: Privacy is not inherently at odds with effective anti-virus measures. On the contrary, any such measure is only as effective as people develop trust in the suitability and the proportionality of such a measure. An app is pointless if users don't trust it and thus refrain to install it. The protection of privacy is key to building such trust.


If you want to comment on this post, you need to login.