This post is part of a series on contact tracing apps. You can read our introduction to the series and get links to the other entries here.
The German government is planning to introduce a voluntary contact tracing app that will calculate the proximity between two smartphones via Bluetooth. Data processing will be based on consent and in compliance with data protection law. No location data will be processed, and the app will have to comply to the highest possible cyber security standards. The app will exchange temporary encrypted identity data and will notify the person who has been in contact to an infected person without revealing this person’s identity.
The government has been reviewing three different technical data-privacy-preserving concepts:
- the Pan-European-Preserving Proximity Tracing (PEPP-PT) developed by a group of 130 European scientists;
- the rival European concept called Decentralised Privacy-Preserving Proximity Tracing (DP3T); and
- the app deployed by the Austrian government by the company Accenture.
The government was first envisaging the PEPP-PT concept under which personal data would be saved centrally on an external server. Numerous German academics and other data experts criticised the central solution for potential data privacy downsides, like the risk that a central data collection may lead to abusive data processing by public authorities.
After thorough discussions about the ideal data privacy compliant app, the German government has now said it will consider implementing an app with a decentralised software architecture that stores the data on the user’s smartphones.
Other posts in this series:
- Round 1: What’s happening?
- Round 2: Legal considerations for companies that want to use contact tracing
- Round 3: Are companies required to use contact tracing?