EN
Technology

Coronavirus: Danish Data Protection Authority issues new statement on virus-tracking apps

logo
Legal news
calendar 28 April 2020
globus Denmark

As a result of the continuous risk of infection, several countries have already introduced or are in the process of developing apps with functions to track coronavirus. Since a similar app is expected in Denmark within the upcoming weeks, the Danish Data Protection Authority has just emphasized that although nothing in principle prevents the introduction of such a function, the new app will trigger difficult assessments with respect to the protection of the users’ privacy.

Several countries both in and outside the EU are currently developing apps with functions allowing for the tracking of individuals infected with coronavirus in an attempt to limit further spreading. In Norway, the voluntary “Smittestopp”-app has already been downloaded by more than one million users and in Denmark, a similar function is currently being developed. For this reason, the Danish Data Protection Authority has emphasized the fundamental requirements which data controllers must be aware of in this connection. Among other things, this is because the new app may provide detailed overview of the behavior and health of users.

Just as in other scenarios where high risks may arise for the data subject, the data controller must first conduct an impact assessment and thoroughly incorporate data protection as part of the design. In addition, it’s important for data controllers to ensure:

  • That the same measure could not have been achieved with less intrusive means
  • That it’s voluntary for the user to install the app
  • That it’s clear who has developed the app and how information is processed
  • That processing is conducted safely and responsibly
  • That the app provides for a temporary solution whereafter information is deleted

It remains unclear how the new tracking-function will work in practice, including whether the app provides for a centralized or decentralized solution.

While data controllers must be aware of the applicable rules in connection with processing of health information when developing new apps, IUNO recommends that companies are also aware of the obligations and risks which arise if testing for coronavirus is offered at the workplace. We have previously written about reopening the workplace here.

We are following the developments closely.

Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.

Several countries both in and outside the EU are currently developing apps with functions allowing for the tracking of individuals infected with coronavirus in an attempt to limit further spreading. In Norway, the voluntary “Smittestopp”-app has already been downloaded by more than one million users and in Denmark, a similar function is currently being developed. For this reason, the Danish Data Protection Authority has emphasized the fundamental requirements which data controllers must be aware of in this connection. Among other things, this is because the new app may provide detailed overview of the behavior and health of users.

Just as in other scenarios where high risks may arise for the data subject, the data controller must first conduct an impact assessment and thoroughly incorporate data protection as part of the design. In addition, it’s important for data controllers to ensure:

  • That the same measure could not have been achieved with less intrusive means
  • That it’s voluntary for the user to install the app
  • That it’s clear who has developed the app and how information is processed
  • That processing is conducted safely and responsibly
  • That the app provides for a temporary solution whereafter information is deleted

It remains unclear how the new tracking-function will work in practice, including whether the app provides for a centralized or decentralized solution.

While data controllers must be aware of the applicable rules in connection with processing of health information when developing new apps, IUNO recommends that companies are also aware of the obligations and risks which arise if testing for coronavirus is offered at the workplace. We have previously written about reopening the workplace here.

We are following the developments closely.

Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.

Receive our newsletter

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate

Similar

logo
Technology HR-legal Corporate

2 November 2021

Joint whistleblower schemes for multinationals

logo
HR Legal Corporate Technology

20 October 2021

New Act on the protection of whistleblowers on the way

logo
Technology

7 October 2021

Holiday did not excuse delayed communication of data breach

logo
Technology

23 September 2021

The Danish Data Protection Authority’s whistleblower scheme is on the way

logo
Technology

9 September 2021

Failure to comply with retention periods resulted in EUR 1.75 million fine

logo
Technology

1 September 2021

Can companies “snoop” in former employees’ e-mail accounts?

The team

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate