EN
Data protection

Coronavirus: Danish Data Protection Authority issues new statement on virus-tracking apps

logo
Legal news
calendar 28 April 2020
globus Denmark

As a result of the continuous risk of infection, several countries have already introduced or are in the process of developing apps with functions to track coronavirus. Since a similar app is expected in Denmark within the upcoming weeks, the Danish Data Protection Authority has just emphasized that although nothing in principle prevents the introduction of such a function, the new app will trigger difficult assessments with respect to the protection of the users’ privacy.

Several countries both in and outside the EU are currently developing apps with functions allowing for the tracking of individuals infected with coronavirus in an attempt to limit further spreading. In Norway, the voluntary “Smittestopp”-app has already been downloaded by more than one million users and in Denmark, a similar function is currently being developed. For this reason, the Danish Data Protection Authority has emphasized the fundamental requirements which data controllers must be aware of in this connection. Among other things, this is because the new app may provide detailed overview of the behavior and health of users.

Just as in other scenarios where high risks may arise for the data subject, the data controller must first conduct an impact assessment and thoroughly incorporate data protection as part of the design. In addition, it’s important for data controllers to ensure:

  • That the same measure could not have been achieved with less intrusive means
  • That it’s voluntary for the user to install the app
  • That it’s clear who has developed the app and how information is processed
  • That processing is conducted safely and responsibly
  • That the app provides for a temporary solution whereafter information is deleted

It remains unclear how the new tracking-function will work in practice, including whether the app provides for a centralized or decentralized solution.

While data controllers must be aware of the applicable rules in connection with processing of health information when developing new apps, IUNO recommends that companies are also aware of the obligations and risks which arise if testing for coronavirus is offered at the workplace. We have previously written about reopening the workplace here.

We are following the developments closely.

Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.

Several countries both in and outside the EU are currently developing apps with functions allowing for the tracking of individuals infected with coronavirus in an attempt to limit further spreading. In Norway, the voluntary “Smittestopp”-app has already been downloaded by more than one million users and in Denmark, a similar function is currently being developed. For this reason, the Danish Data Protection Authority has emphasized the fundamental requirements which data controllers must be aware of in this connection. Among other things, this is because the new app may provide detailed overview of the behavior and health of users.

Just as in other scenarios where high risks may arise for the data subject, the data controller must first conduct an impact assessment and thoroughly incorporate data protection as part of the design. In addition, it’s important for data controllers to ensure:

  • That the same measure could not have been achieved with less intrusive means
  • That it’s voluntary for the user to install the app
  • That it’s clear who has developed the app and how information is processed
  • That processing is conducted safely and responsibly
  • That the app provides for a temporary solution whereafter information is deleted

It remains unclear how the new tracking-function will work in practice, including whether the app provides for a centralized or decentralized solution.

While data controllers must be aware of the applicable rules in connection with processing of health information when developing new apps, IUNO recommends that companies are also aware of the obligations and risks which arise if testing for coronavirus is offered at the workplace. We have previously written about reopening the workplace here.

We are following the developments closely.

Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.

Receive our newsletter

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Associate

Similar news

logo
Data protection

20 May 2020

Companies can apply the Danish Standard Data Processing Agreement in Norway and Sweden

logo
Data protection

13 December 2018

New guidelines on data protection in employment relationships

logo
Data protection

15 May 2018

Get ready for the GDPR – Part 5: E-mails

logo
Data protection

18 April 2018

Get ready for the GDPR – Part 4: Whistleblower arrangements

logo
Data protection

22 February 2018

Get ready for the GDPR – Employees’ right of access

logo
HR Legal Data protection

23 January 2017

Data security challenged in the home office

Events

logo
HR Legal Data protection
18 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Stockholm)

logo
HR Legal Data protection
17 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Oslo)

logo
HR Legal Data protection
11 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Copenhagen)

logo
HR Legal Data protection
10 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Helsinki)

// COOKIE INFORMATION POPUP SCRIPT