Track and trace apps once promised to be the technological solution to slow the spread of coronavirus. Yet the software is complicated, and privacy issues have held up rollouts.
These apps harness Bluetooth technology or geolocation data to detect and notify users if they were exposed to another user who has tested positive for COVID-19.
Italy, France, and Germany have released such apps in recent weeks, but privacy advocates have voiced concern they’re putting nations on a slippery slope towards a new kind of surveillance state.
Yet, Europe’s approach to these tracing apps is wildly different from the one taken by Asian countries, according to J Scott Marcus, a senior fellow at Bruegel, a Brussels-based think tank.
Contact tracing in countries such as China, Singapore, Taiwan and South Korea is “almost a different animal altogether,” he told Euronews.
That’s because in these countries it’s often integrated manual contact tracing – teams of workers who quiz infected patients and trawl through CCTV footage to track their recent contacts – and leverages other information such as health data, credit card data and geolocation.
“These are approaches that we in Europe have generally rejected, not only for privacy concerns but also for concerns that they might inadvertently open the door to creating a police state,” Marcus said.
Asian tracing apps also tend to be used as part of a strict program of mandatory quarantine for people known to be infected, he explained, whereas in Europe they act more as “an early warning system” encouraging users considered at risk to get tested.
Are tracing apps safe?
A recent software analysis by mobile app security firm Guardsquare found that the “vast majority” of virus-tracing apps used by governments are not protected enough against hacking and “are likely to lead to security breaches if they have not already”.
Concerns about data protection have also plagued the rollout of such apps in several countries.
Norway had an app that nearly a fifth of its population used before the nation’s data protection authority ordered its suspension in June. It said it posed a disproportionate threat to users’ privacy, in particular by continuously tracking their location.
In June, after huge criticism from privacy campaigners, the UK ditched the tracing app it was developing and said it was switching to software from Apple and Google.
In Europe, downloading such apps is not mandatory, and opt-in has been timid – typically below the level some experts say would be needed for these apps to make a substantial difference.
This leads to a catch 22: if too few people download the app, it won’t be as effective, and if it’s perceived as a flop, even fewer people will want to download it.
Is privacy protection to blame?
European apps typically do not rely on geolocation data but instead use Bluetooth technology that notifies people if they have been in the vicinity of someone who tested positive for the new coronavirus.
That’s because the European Commission has been striving to ensure that app developers comply with the strict privacy rules required by the bloc’s General Data Protection Regulation (GDPR).
This includes ensuring that data collection does not go further than what’s strictly needed, and does not go on for longer than necessary.
“I think the principles here that the European Commission has put forward and recommended to all the member states are sensible,” said Marcus, of the Bruegel think tank.
“If it looked as if we would be unable to contain the pandemic, then there might be a case for going beyond what GDPR would permit. Clearly, in wartime, you do things that you wouldn’t do in peacetime,” he added.
“At the moment, I would say that we should be staying the course, that the approach that’s been taken is the right one.”