Tracking coronavirus – IT law association publishes guidelines

FILE PHOTO: FILE PHOTO: The Private Kit mobile app, which aims to help authorities with contact tracing efforts to curb the spread of a novel coronavirus, seen on a phone in this picture illustration taken April 9, 2020. REUTERS/Paresh Dave/Illustration/File Photo/File Photo

Tista' taqra bil- Malti.

The Malta IT Law Association (MITLA) has published a set of guidelines aimed at addressing the tension which arise between legal norms, ethical principals and public health requirements when developing digital tools to tackle the coronavirus pandemic.

In a statement on Tuesday, MITLA explained that the document served as an identification of the privacy issues which are inherent when developing mobile applications and mobile data to be used in response to the coronavirus pandemic. The document could be used as a reference guide by stakeholders involved in the creation and dissemination of such tools, preferably at a design stage, MITLA remarked.

New technologies may involve methods of surveillance which can lead to impacts on societal values such as privacy and human agency.

MITLA highlighted that digital tools have an important role in the pandemic since they can be used to model infection trajectory, socio-economic impact, monitor physical distancing and aid contact tracing.

Last week, the government launched a self-assessment web app which allows one to assess their risk for coronavirus. The app is not used to track or identify users.

MITLA said that while the self-assessment tool which was originally developed by the Estonian Health Board, was a good starting point, it already presented its own issues.

The association said that while the self-assessment app was not designed for contact tracing yet, it would be useful to reflect on such eventuality. It reminded that both the European Commission and the European Data Protection Board, that when contact tracing apps are implemented, one should avoid the processing of location data. Proximity data should be used as less intrusive but effective measure in order to reduce unnecessary risks to security and also compliance with the principle of data minimisation.

“Any digital tools developed must be fully compliant with data protection and privacy rules within the EU. For compliance with the GDPR, the app’s author (or publisher) should identify who the data controller is.”

The European Commission is of the view that such digital tools should be designed in a manner that the national health authority is the data controller. This would further enhance trust among the app’s users.

MITLA explained that this would ensure that the digital tool is being used for its intended purpose of protecting public health. Furthermore, such apps should be based on anonymised data in order to alert people who have been in proximity to an infected person for a certain duration to get tested/ self-isolate without revealing the identity of the infected person

Read the full document here.

If you want to be the first to receive the latest news on the coronavirus in Malta, download the Newsbook APP here.