Freely subscribe to our NEWSLETTER

Since the start of the pandemic, governments and stakeholders involved in the fight against the virus have been relying on data analytics and digital technologies to address this threat. Mobile applications have been used in some countries and are being considered in others as a complementary response to the need to rapidly perform contact monitoring.

Aiming to contribute to the reflections currently underway in many countries, the statement has been issued in order to recall that, wherever such solutions are chosen, strict legal and technical safeguards would need to be in place to mitigate the risks to the protection of personal data and privacy.

If these applications are deployed, it should be for a limited duration only and solely on a voluntary basis. These applications should include specificities "by design" to prevent or minimise risks, e.g. to ensure that location data of individuals are not used, that no direct identification is possible or that re-identification is prevented.

This statement follows a first Joint Declaration on the right to data protection in the context of the COVID-19 pandemic issued on 30 March.

In 1981, the Council of Europe adopted the first international treaty to address the right of individuals to the protection of their personal data, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, also known as “Convention 108”. In 2018, the treaty was updated by an amending protocol, not yet in force, aimed at ensuring that its data protection principles are still adapted to new tools and new practices. So far, 55 countries have ratified “Convention 108” and many others have used it as a model for new data protection legislation.
Contact: Jaime Rodriguez, Spokesperson/Media officer, Tel. +33 6 89 99 50 42