This post is part of a series on contact tracing apps. You can read our introduction to the series and get links to the other entries here.
In our previous blog (which you can view here), we explained the Dutch strategy in finding the best contact tracing app to help prevent the spread of COVID-19. It has now become clear that the Dutch Government intends on developing two different apps. One to show whether the user has been in contact with someone who has been infected, and one where the user can insert its medical data to facilitate a diagnosis and prompt medical advice (e.g. “visit your GP”).
The use of the apps is voluntary
The Government has received many questions on how the privacy of individuals will be guaranteed when using the apps. The main safeguard is that the use of the apps is completely voluntary.
Based on the advice of the Dutch Data Protection Authority (DPA), the Government is even exploring whether legislation should be implemented to help ensure true voluntary use. Such legislation would include a prohibition for third parties in requesting access to the app data (e.g. employers who are keen to know if their employee is indeed healthy). However, if the use is voluntary, will enough people install the app for it to be effective? Sceptics have also said that individuals may still feel to pressure to ‘voluntarily’ install the app and to ‘voluntarily’ show their app-data to a (prospective) employer, important client, etc. (their full considerations are available here).
Implications from a privacy law perspective
The Dutch DPA has taken one of the strictest approaches in Europe with regard to COVID-19 safety measures by stating that asking for health data or conducting ‘voluntary’ temperature checks may only be done by a physician. In this regard, the Chairmen of the DPA, Aleid Wolfsen, stated: “We do not want to wake up in a few months’ time in a society with a kind of Chinese state of affairs, in which your employer is constantly watching you and can even see your medical data and draw all kinds of consequences from this.”
While the Chairman makes a fair point, the Government announced that as of May 11th the hairdressers, massage parlours, etc., will be allowed to see customers only if the customer has (“voluntarily”) confirmed that they are healthy. How the process of collecting and processing this information will be designed, is not clear yet.
It strikes the authors that the rationale for stating that individuals cannot voluntarily provide health data to employers or clients (because they may fear adverse consequences, or a service being withheld if they do not give their permission) might not apply when individuals provide this data to their friendly neighbourhood hairdresser.
One might wonder where this leaves us. Will it be frowned upon if people have not installed the apps? Is for example an office dress code therefore just as voluntary as making use of the COVID-19 app, or is there enough invisible pressure for people to follow the crowd, and download the apps?
To be continued.
Other posts in this series:
- Round 1: What’s happening?
- Round 2: Legal considerations for companies that want to use contact tracing
- Round 3: Are companies required to use contact tracing?