Category: Human rights standards in the use and design of technology

To help deal with the COVID-19 pandemic, governments are developing and rolling out apps related to contact-tracing, symptom-tracking, exposure notification, and quarantine-enforcement. Many governments are not taking data protection and privacy seriously when developing and deploying these apps, and there is a risk of normalising the expanded use of invasive digital surveillance technologies.

The Civil Liberties Union for Europe will used variety of litigation actions – freedom of information requests, data protection authority complaints, and litigation before domestic/regional courts – to stop the use of COVID-19 apps that do not respect people’s rights to privacy and data protection. They also wanted to use this litigation to help ensure that impact assessments are carried out in relation to such apps, and that there is more transparency around their development and use.

Liberties started the project with partners in 12 EU members states but then narrowed this down to four jurisdictions where they began litigation action: Belgium, Bulgaria, Hungary and Spain.
In both Bulgaria and Spain there were rulings in favour of Liberties’ partners. In both countries the courts ruled that data protection impact assessments about the national COVID tracing apps must be shared. These rulings set an important precedent that human rights impact assessments about COVID tracing apps must be carried out and made public.

In almost all jurisdictions they assessed, Liberties noticed major issues. For example, when launching apps, governments did not consult stakeholders and watchdogs, data protection impacts assessments were not prepared or made public, source codes were not published, and the expected efficacy was too low to justify the app’s use. In June 2021, Liberties launched a knowledge hub on their website to collate information gathered so far, and to monitor and update the ongoing cases.